The hacking of the news pages Tempo.co, Tirto.id, and a number of cyber media is a dangerous signal for democracy in Indonesia. Last week, Friday, August 21, 2020, Tempo.co experienced digital vandalism in the form of slanderous writing on a black screen, accompanied by the song Autumn Bunga. Meanwhile, several articles on Tirto.id criticizing the claims of Covid-19 drug findings by Unair, BIN and the Indonesian Army were scrambled and deleted. In this case, hackers violate Article 18 Paragraph 1 of Law Number 14 Year 1999 and the ITE Law regarding hacking.
This widespread hacking practice is unfortunate for various parties. However, there are also those who think that this incident cannot be separated from the weak digital security system of each media. Although the hacking cannot be justified, information security activists from Indonesian Cyber Army—A cyber and information security company, Girindo Pringgo Digdo recommends that the mass media quickly strengthen the digital security system. Besides being able to increase integrity and credibility, this is also believed to be able to maintain public trust in the mass media. Check out Jaring.id's interview with Girindo which was conducted on Thursday, August 26, 2020 as follows:
How do you see the attacks towards a number of mass media lately?
Such attacks can occur not only against the media, but against anyone connected to the internet. The type of attack is the same, only with different impacts depending on the scale of the business. For example, a private page attack is tantamount to an attack on the pages of a media. The difference is impact. Because whose private page is reading? not much. If the big and famous media are attacked, of course the impact will be big. If you look at what kind of attack, it's actually like that.
Is there pattern from digital attack all this time?
The pattern is very random, usually hackers will attack the weakest point of a page and also change the data and information the most. There are many ways to change it. There is such a thing as a technical attack like attack SQL injection and many other attacks and terms. In principle, the page is vulnerable to change its content. Apart from information portals, there have also been transaction attacks by changing and taking over an account. It could also be personal data or data that hackers might consider important.
Do you need special skills to infiltrate a mass media page and change its content?
Not really. Technically to change, just need access to an account that can add or change news. Well, how do I get access to the account? the way can be all kinds. Technically SQL injection attacks can take an entire database. There is provided user name and password information that can log in as a user account. Or it could be non-technical, for example one of the staff who might input the news accidentally put the username and password carelessly. Or it could be hit social engineering, so that it unknowingly gave out the password from his email.
Do you mean SQL injection?
That's an old attack pattern. Simply put, other people or hackers enter a certain script on a page, then the page responds to the script. For example, I want to read the user database, so I put that command on the page. Then the page will automatically tell the username A, the password B.
But it should be controllable right?
There have been many security controls so that they cannot be injected, but there are still many cases. For pages that have security monitoring there may be (signs). Especially if an organization has a security team that is always monitoring it, they will know that its website was attacked because it would be visible request anything. Without that monitoring, we will never know.
Monitoring what is meant?
It's an automated system, sort of firewall which records all activities such as who the newsreader was, what menus were clicked. Including if someone enters a certain script it will be recorded, so that the attack will be caught.
How far hackers can attack a page organization or media?
Apart from changing the content, he can get all the databases. Then he can get all the files on the server (server), then disconnects all data from other users. So other users or page owners will no longer be able to access it. That's the highest level.
Is assault happened because of the security system weak?
If the context is the system, everything can be hacked, the difference is how difficult it is. Some are targeted and some are not. If it's random, usually only hacking the weak. But if it is targeted, even though it is not weak, there is a possibility that it can be hacked.
Do you need special tools to hack?
Not really, manually can. But the initial identification stage requires a scanner in the form of software. Some of the software used such as Acunetix, Zed Attack Proxy (ZAP) and others.
Is there a system that can be implemented for menavoid hacking against the media?
If it is comprehensive since web creation, it must be safe first. There should be a security person checking in as the page develops before it is released to the public. Most of it is not checked. It is necessary to conduct an audit, to conduct a penetration test in order to know where the potential weaknesses are. After that it is fixed and then given some sort firewall in ever. So when there is an attack, besides noting what the attack is like, it can also prevent the injection attack.
What if the page is already attacked?
Pages tend to be easy because it's ours. So we just need to log into the server, delete the username and password used by the hacker so that access is closed. The problem is we don't know if he put back door or mallware there. We also don't know after entering whether he has taken the database if he doesn't have a monitoring system earlier. But if there is, you can find out all the activities.
If an attacker puts a backdoor or mallware at risk?
The risk is that the attacker can enter and exit the system through backdoor even though the vulnerability was fixed. The attacker can retrieve information that the company may consider important, such as files, code sources, databases, etc. At the very top, an attacker can take over his system, erasing all of his information.
How do you view digital security media in Indonesia?
As far as I have seen, there has been no media request to test whether the duration can minimize attacks. It's good to be audited.
The aim is to see the security gap, because big media and news portals that are widely read by people and are prone to attacks, of course the content integrity is bad. People can no longer trust the media. It is important to ensure the integrity of the content whether it is the media who wrote it or someone has infiltrated the page and then replaced it.
So that the risk is measurable?
That is one of the goals, to know what the potential is and what can be prevented. As was done IndonesiaLeaks.
Is auditing the only way?
As short as I know, yes. It must be audited first, attacked so that we know how effective the controls we have implemented so far. The term is, if you want to see the door to the house, you can break it down or not, just break in.
How about manticipate attacks non technical?
By making policies such as the division of tasks and responsibilities, every activity in the system is recorded. Don't let one person be an administrator. Or many administrators but one username. If the user name is one, it will be difficult to identify the attack. Username needs to be generated and there must be a log of activity. So you can find out who is at that time and what activities. That policy needs to be implemented.
Not only pages, social media accounts are also often hacked. Is anything different?
Both take accounts, only different objects. His abilities are also almost the same, the difference is in the level of difficulty. Need the ability to retrieve more information to know passwords and usernames. Outsiders looking to hack have to search a lot for information. The easiest way is to ask the person (owner).
To social media, what security protocols look like can be done?
First, don't use one password for all accounts. Second, use two-factor verification. If you want to log in, don't just use a password, but use it too one-time password (one-time passcode). Or added with incoming notifications to other devices. All social media already have it, just activate it.
How do you see the importance digital security today?
Now very significant. The effect is related to security cyber and data because all are connected to the internet. There is a realistic risk of hurting large numbers of people. (Deborah Blandina Sinambela)