[Darkpedia] Indonesia, on the way to cyber-safe world

Published in
3 min readSep 30, 2022

Author: Jaehak Oh, Sunhyung Shim | S2W DIA

Photo by Varoza Fikri on Unsplash


Delivers information of major events happening on worldwide.
Primarily focus on ‘how’ the event have impacted Darkweb users and trends.


  • Serious hacking incident happened in Indonesia, large amount of sensitive data leaked by a user named ‘Bjorka’.
  • Since the incident, data breach incidents related to Indonesia have increased significantly, many agencies and companies have been affected.
  • After that, the Indonesian government enacted related laws and started to manage the situation, but it seems that continuous investment and the establishment of a professional environment are required to establish strong cyber security.

[Case] Indonesian data breached in hacking forum

→ Recently, a user named ‘Bjorka’ mentioned he succeeded in hacking Indonesian government agencies and leaked various confidential data in a famous hacking forum including more than 100M Indonesian personal information and presidential documents.

→ Indonesian hackers and Indonesian investigative agencies began to search Bjorka’s information to track him, and during the process, a few Indonesian hackers showed disrespectful behavior to other users.

→ In response, hacking forum users supported ‘Bjorka’ by actively leaking Indonesian data and documents, and as a result, more than hundreds of Indonesian data leaks occurred in the forum alone in one month.

(Left) Notorious user “Bjorka” action within the hacking forum (Right) In contrast, a few hackers are in an attempt to track down “Bjorka”
Some users calling Indonesia as ‘Open Source Country’

[Data Analysis] Statistics of Indonesia data Leakage

→ More than 200 data related to Indonesia have been leaked in the hacking forum in the past month, and this figure is overwhelmingly high compared to other countries.

→ This figure has risen nearly six times compared to the normal month, and it shows the impact of this incident.

→ Targeted organizations were in essential industries of the country such as government agencies, financial companies, and medical institutions which have highly sensitive data.

Source: S2W Dark Web Big Data
The government covers a most proportion of targeted industries

[Appendix] Current situation after the incident

→ This incident has become a hot topic throughout Indonesia, and investigative agencies have been active to arrest the hacker but seems to be challenging. The media is reporting this issue every other day, and Bjorka is still maintaining his online activities by creating his own Twitter account and Telegram channel.

→ The Indonesian parliament has proposed a law to strengthen privacy and finally passed the enactment on September 20th. However, in order to establish strong cyber security, many experts suggest it is necessary to
establish an infrastructure and secure good manpower in addition to the law.

(Left) Media reporting about Bjorka, (Right) Bjorka’s Twitter/Telegram channel is still being maintained.
Indonesia’s attempt for improved cybersecurity; however, there is room for improvement.
According to ‘NCSI’, Indonesia’s cybersecurity level is ranked 83rd, while GDP is on Top 20.

S2W Suggestion

  1. Set up an IoC (Indicators of Compromise) and derive TTP (Tactics Techniques and Procedure) through incident response
  2. Establish an active monitoring system for anonymous channels (dark web, forums, telegram, etc.) for early detection of incidents and data leaks
  3. Implement cyber threat removal activities through profiling system for threat actors and monitoring system for Initial Access Broker (IAB) Market
  4. Trace criminal money flows and attribute threat actors through international cooperation, and unveil the association among threat actors, money and incidents
  5. Execution of active cyber-crime deterrence action against threat actors through national-level Defend Forward activities

