JAKARTA – The Directorate of Cyber Crime, Bareskrim Polri will examine the Managing Director of BPJS Kesehatan Ali Ghufron Mukti, regarding the leakage of 279 million Indonesian population data on the internet.
Director of Cyber Crime at the National Police Criminal Investigation Unit, Brigadier General Slamet Uliandi, said the information to be extracted was about the operation of data held by BPJS Kesehatan.
“Confirmed (related) who operated the data,” said Slamet in a written statement, Saturday (22/5/2021).
After that, said Slamet, cyber investigators will carry out digital forensics.
This means that investigators will analyze digital evidence related to the case of population data leakage.
“(After the examination) continued digital forensics,” he said.
Previously, Kabareskrim, Komjen Agus Andrianto, instructed his staff to investigate the alleged leakage of 279 million Indonesian population data on the internet.
According to Agus, his party has instructed the National Police Criminal Investigation Directorate as the investigator handling this case.
“Since the issue rolled around, I have ordered the Dirtipidsiber to investigate this matter,” said Agus when confirmed, Friday (21/5/2021).
Agus added that his party is currently coordinating with various parties and related agencies to investigate the alleged leakage of population data.
“Mindik (investigation management) is being prepared for the legality of implementing members in the field.”
“Currently, Kominfo, Population and BPJS are investigating the leakage,” he explained.
Previously it was reported, the virtual world was shocked by a thread regarding the leakage of 279 million Indonesian population data.
The @ndagels account on Twitter informed the leak and it was enough to make the netizens excited.
“Hayoloh, why isn’t this crowded with the data of 279 million Indonesians being leaked and sold and even the data of people who have died, which agency do you think?” Write @ndagels.
Twitter users with the handle @Br_AM revealed that the dataset allegedly containing personal data of Indonesian residents was sold for 0.15 bitcoins, or around Rp.84.4 million.
The personal information that was leaked included the NIK (Identity Number), name, address, telephone number and even the salary was reported.
search for the TribuneBased on the, the data was uploaded for the first time by a person with the name online kotz on the Raid Forums.
It is not clear where he managed to get the data.
Director General of Dukcapil of the Ministry of Home Affairs, Zudan Arif Fakrulloh, when confirmed by the Tribune, confirmed this.
The name of the user who advertises the data is Kotz.
“In the advertisement on the website, the person concerned provides a sample link of individual data that can be downloaded as a sample data.”
“The data that has been downloaded is in the form of a CSV (comma separated value) file and once imported is 1,000,000 rows,” Zudan said when confirmed by the Tribune, Thursday (20/5/2021).
Based on the results of the analysis by the Dukcapil Team of the Ministry of Home Affairs in the case of individual data leaks whose information came from Twitter, it was found that the perpetrator advertised the sale of individual data on the website.
The address is https://raidforums.com/Thread-SELLING-Indonesian-full-Citizen-200M-NIK-KPT-PHONE-NAME-MAI-LADDRESS-Free-1Million.
Furthermore, Zudan revealed, the team’s search results from the results of the sample data import, obtained a data structure consisting of the following columns:
PSNOKA, PSNOKALAMA, PSNOKALAMA2, NAMA, NMCETAK, JENKEL, AGAMA, TMPLHR, TGLLHR, FLAGTANGGUNGAN, NOHP, NIK , NOKTP, TMT, TAT, NPWP, EMAIL, NOKA, KDHUBKEL.
KDSTAWIN, KDNEGARA, KDGOLDARAH, KDSTATUSPST, KDKANTOR, TSINPUT, TSUPDATE, USERINPUT, USERUPDATE, TSSTATUS, LIST.
“Based on that, from the structure and data patterns, I make sure that it is not data that comes from dukcapil.”
“Because the data structure in Dukcapil is not like that. The data structure in the dukcapil has no dependents, email, npwp, cellphone number, tmt, tat, “explained Zudan.
According to the Cybersecurity Expert from Vaksincom Alfons Tanujaya, the data are valid samples.
This is based on a live check of data downloaded from the Raid Forums.
Alfons immediately conducted a check from Vaksincom, and the result was that the leaked data was indeed the BPJS number data, and when cross-checked to the site nama.bpjs-kkes.go.id/bpjs-checking, the results matched.
“It has been checked and is indeed valid and synchronous with the BPJS.”
“The public can only pray that data managers will be given awareness that the data they manage is a mandate that must be maintained”
“And data leakage will harm the wider community,” said Alfons when contacted, Friday (21/5/2021).
The same thing was also conveyed by Cybersecurity experts from CISSReC Pratama Persadha.
He explained that the downloaded data, namely the CSV file, contained the NIK, telephone number, address, and bpjs ID.
“It is true that the data is valid,” said Pratama.
The thing that convinced him was because the file contained NOKA data or BPJS Health card numbers.
Based on the claim of the perpetrator named Kotz, he has a data file of 272,788,202 million people.
Pratama sees things as inversely proportional to the latest data on BPJS health members at the end of 2020, which is 222 million.
“From the BPJS Kesehatan number in the file, if checked online, it turns out that the data is the same as the name on the file.”
“So it is likely that the data comes from BPJS Kesehatan,” said Pratama.
When checked, this 240MB sample data contains a residence identification number (NIK), cellphone number, address, email address, Taxpayer Identification Number (NPWP), place of birth date, gender, number of dependents and other personal data.
In fact, the data spreader claims that there are 20 million data containing photos.
The provisional suspicion is that the data was leaked because the hackers carried out targeted phishing, or some type of social engineering attack. (Igman Ibrahim)