Investigators from Resecurity’s HUNTER (HUMINT) have found that Indonesia is increasingly being targeted by cyber-threat actors who have staged attacks that pose significant long-term risks to the integrity of the country’s elections. These findings coincide with the critical and fast-approaching Indonesian presidential election set to take place in February this year (2024). This contest may have significant implications for the political destiny of the majority Muslim, Southeast Asian (SEA) nation, which is also the third-largest democracy in the world.
The country and its imminent power transition are definitely significant from geopolitical perspective that President Joe Biden and outgoing President Joko ‘Jokowi’ Widodo issued a joint statement in November last year announcing a “Comprehensive Strategic Partnership.” Publicized just before the start of the annual Asia-Pacific Economic Cooperation (APEC) leaders’ summit in San Francisco, this agreement marks an upgrade from the previous and less intimate “Strategic Partnership” the U.S. inked with Indonesia eight years ago during former President Barack Obama’s second term.
But as Washington jockeys for influence in Jakarta, so too is Beijing. In October, Chinese President Xi Jinping hosted President Widodo at the third Belt and Road Forum for International Cooperation. An official Indonesian government press brief published October 18 of last year issued a joint statement in partnership with Beijing announcing a “Deepening Comprehensive Strategic Cooperation between the People’s Republic of China and the Republic of Indonesia.”
The SEA nation is thus caught in a familiar tug of war between Eastern and Western superpowers that shaped its controversial political trajectory during the Cold War. Today, Indonesia is at a “critical crossroads for trade and a potential flashpoint for global conflict,” noted the South China Morning Post. Thus, Resecurity is specifically concerned that both foreign and domestic threat actors may exploit the sensitive personally identifying information (PII) of Indonesian voters obtained from various network intrusions to stage targeted information-warfare campaigns during the 2024 Indonesian election and beyond.
One particularly alarming breach tracked by HUNTER analysts led to the leak of 6.8 million voter records related to the 2017 Jakarta gubernatorial election on the ‘eleakstore,’ and on the Hydra Market cybercriminal forums in the TOR network. This breach not only exposed sensitive data but also served as a precursor to a significantly larger issue targeting the 2024 elections in Indonesia, which is described in further detail in this report.
2017 Jakarta Gubernatorial Election
The Jakarta gubernatorial election is particularly significant to Indonesia because the city is both the capital of the country and its largest metropolis. Threat actors obtained Jakarta voters’ records after breaching and exfiltrating data from web resources presumably related to the DKI Jakarta Provincial government. The structure of the data leaked is arranged by family card number (no_kk), single identity number (NIK), name (nama), place of birth (tmpt_lahir), birth date (tgl_lahir), gender, address (alamat), city (kota), and district (kecamatan).
The 2017 Jakarta gubernatorial election also represents a significant event in the country’s recent history. This contest marked the political ascent of Anies Baswedan, a former education minister, who made “unexpected overtures to hard-line Islamist groups” in the course of his winning campaign, according to Time Magazine.
Despite identifying as an Islamic moderate throughout his poltical career up until that point , Anies weaponized the ‘politics of religion’ to stoke xenophobic, anti-Chinese sentiment in opposition to his ethnic Chinese, Christian rival, Basuki Tjahaja Purnama (nicknamed Ahok). Ahok was then the incumbent governor of Jakarta. Immediately after the election, Ahok was even arrested for blasphemy and served a two-year prison term for comments he made while campaigning that violated Indonesia’s Islamic legal codes.
Regardless, Anies, who is pro-Western, is one of the three frontrunners in Indonesia’s fast-approaching 2024 presidential election, but also the least likely to win, according to the latest polling data. At the same time, the outbreak of war in Gaza has also become a hot-button campaign issue in Indonesia, where over 80% of the country’s 280 million people practice some form of Islam.
Not surprisingly, all three presidential contenders have taken a pro-Palestine stance on the campaign trail. Outgoing President Widodo also appealed to President Biden to call for an Israeli ceasefire in Gaza during an official visit to the White House in November. The 2024 Indonesian general election also converges with a generational paradigm shift in the country’s electorate.
Today, millennials and Generation Z represent more than half of eligible voters in the largest Muslim nation in the world. n light of Resecurity's investigation into voter-data breaches in Indonesia and various anti-Israel psychological operations (PSYOPs) campaigns aimed at voters in the wider SEA region, Resecurity's findings subtly point towards the need for the Indonesian government to consider placing a heightened focus on addressing digital threats to democracy, possibly with a sense of urgency.
2024 Indonesian Election Stakes
According to the Carnegie Endowment for Peace, a think tank, the results of the 2024 Indonesian presidential election may herald a threshold moment in the country’s history that finally unclenches the old authoritarian-era elites’ dynastic grip on power. Thus, CEP believes this election could pave the way for a “new generation of kingmakers.”
An enduring symbol of the country’s pre-democratic old guard, “Indonesia’s leading presidential hopeful” is Prabowo Subianto, “a former special forces general who currently serves as defense minister,” according to Associated Press reporting. Prabowo is also the son-in-law of the late military dictator Suharto, who rose to power during the Cold War, and who ruled Indonesia with an iron fist for 32 years with the covert blessing of the Central Intelligence Agency.
Politically, Prabowo benefits from the endorsement of the iconoclastic and “immensely popular” President Widodo, who rose to power as an outsider, and as Prabowo’s political rival, in the 2014 election. Still, the CEP said many Indonesians still view the defense minister as a relic of the elitist plutocracy that seized power during Suharto’s brutal reign.
It is also noteworthy that President Widodo reportedly “forged a close relationship with Beijing” during his time in office, according to Radio Free Asia. A policy brief authored by think tank Celios in August largely described Prabowo as pro-Beijing. Beyond being a key member of Widodo’s government, which is “closely aligned with China's interests,” noted Celios, “Prabowo has admiration for China.”
“Witnessing the fact that Prabowo's positive outlook towards China was conveyed even before he ran for the 2019 Presidential General Election, indicates that his approach to China as President if elected in the 2024 elections, will most likely be in line with Jokowi's policies in the current era, which have attracted a great deal of investment and projects from China over the last few years,” assessed the Celios policy brief.
In fact, the think tank noted that “intensive foreign involvement in Indonesia's political landscape in recent years has elevated China to the leading position as Indonesia's trade and investment partner.” Yet despite the growing ties between the two countries, “negative sentiment towards China continues to increase,” said Celios.
Many Indonesians distrust China due to a “number of issues such as China's assertiveness in the South China Sea which threatens the sovereignty of Indonesia,” in addition to local concerns about “potential debt traps and environmental damage caused by Chinese companies operating in Indonesia,” according to Celios. The Indonesia-China relationship will thus be a key issue in the 2024 election that Prabowo, who recently made provocative, campaign-minded statements about growing popular disdain for Western values in Indonesia, and the other two leading candidates, pro-Western Anies, and pro-Beijing Ganjar Pranowo, must navigate.
Precursors of the Data Breach
Just before the onset of 2024, an individual known as Jimbo disclosed details regarding a suspected breach of the General Elections Commission of Indonesia's (KPU) information system. This breach reportedly involves a substantial database containing records of numerous citizens, totaling 252,327,304 entries. Jimbo has put this database up for sale at a price of $74,000, equivalent to 2 Bitcoins. The data set in question is said to include personally identifiable information (PII), encompassing passport details.
From a screenshot shared by the actor, it appears that the compromised system is likely connected to a web application within the Indonesian government's domain. Significantly, several of the records included references to the 2024 Election Voter Data Information System (Sistem Informasi Data Pemilih Pemilu 2024) accessible at https://sidalih.kpu.go.id, and indicated a user with administrative privileges, labeled as "Admin KPU." The actor also added a personal watermark and date to the shared information, asserting responsibility for the breach and providing additional context regarding the likely date of the system's compromise.
To provide further evidence, the actor shared multiple sample records and also offered 500,000 records for free.
Another data set released by the actor included information about Indonesian voters who live abroad but are still eligible to vote in elections.
Importantly, Indonesian voters residing overseas can take part in elections through their local embassy in the country where they live. The actor disclosed various confirmation records associated with the Indonesian Embassy in Abu Dhabi (KBRI Abu Dhabi) and in Singapore (KBRI Singapura).
Soon after, the actor escalated the situation by releasing additional free data dumps, presumably linked to two more Indonesian embassies - in Buenos Aires (KBRI Buenos Aires) and New Delhi (KBRI New Delhi).
The actor mentioned that due to the lack of acknowledgment from officials regarding the incident, they felt compelled to leak more data as proof of its existence.
Given the very close proximity to the upcoming elections in Indonesia, this activity appears to be methodically planned and not a random occurrence.
Resecurity has identified that several endpoints associated with the General Elections Commission of Indonesia (KPU) were compromised with malicious software. Evidence supporting this was gathered around December 2023, when it was discovered that at least two employees had fallen victim to common password-stealing programs, which are readily available on the Dark Web.
Resecurity contacted a number of people who were unknowingly affected by a data leak. The feedback suggests they had no clue their personal information (like names, addresses, and more) had been compromised and was circulating in the shady parts of the internet.
- Nexus Stealer
- Lumma Stealer
Focusing attacks on staff members who have access to election IT systems remains a primary method that malicious actors might use to infiltrate these environments. By targeting these individuals, attackers have the potential to breach the system and extract sensitive data, posing a significant risk to the integrity of the election process.
The Growing Risks for Citizens’ Digital Identity
Significantly, in addition to directly targeting elections, cybercriminals are also selling the personal identifiable information (PII) of Indonesian citizens. A database containing over 2.3 million records has been advertised for sale on the UFO Leak Market within Telegram.
The exposed data includes sensitive personal details that could potentially be exploited by cybercriminals for identity theft and fraudulent activities.
With a population exceeding 273.8 million, the leakage of digital identities and personally identifiable information (PII) could lead to substantial repercussions.
Indonesia's Strategic Significance
According to a U.S. Department of State fact sheet, “Indonesia is a vital partner in the Indo-Pacific Region, and U.S.-Indonesia relations have taken on increasing importance.” Apart from being a pillar of democracy in the Asia-Pacific (APAC) region, Indonesia is the “seventh-largest economy by purchasing power,” according to the State Department.
The country also borders the South China Sea, which has become a global flashpoint for geopolitical tensions between China on one hand, and Taiwan, Vietnam, Malaysia, Brunei, the Philippines, Japan, Australia, and the U.S., on the other. As noted by the State Department, the South China Sea hosts “the world’s busiest sea lanes,” with over “$5 trillion in cargo and as much as 50 percent of the world’s oil tankers” traversing these disputed waters every year.
According to U.S. think tank Council on Foreign Relations, China has made “sweeping claims of sovereignty over the sea — and the sea’s estimated 11 billion barrels of untapped oil and 190 trillion cubic feet of natural gas,” antagonizing other sovereign claimants in the region. Backdropped by these rising tensions, the U.S. and Indonesia upgraded their bilateral relationship to a “Strategic Partnership” in 2015.
This partnership extended U.S.-Indonesian cooperation on key issues like maritime security, defense initiatives, economic growth and development, energy, and critical global and regional issues that notably include climate change and terrorism. A 2015 joint-statement published by the U.S. and Indonesia announcing this partnership noted that then-President Obama and President Widodo “affirmed the importance of safeguarding maritime security and upholding internationally recognized freedoms of navigation and overflight in the South China Sea.”
But the freshly inked U.S.-Indonesian Comprehensive Strategic Partnership takes the relationship to new heights. Key areas of cooperation specified in the news release include greater American access to Indonesia’s “critical mineral value chains,” developing “resilient semiconductor supply chains” in the SEA country, and various defense initiatives, according to the joint statement. Cybersecurity is a key area of U.S.-Indonesian defense cooperation that Secretary of Defense Lloyd Austin discussed following the Association of Southeast Asian Nations’ (ASEAN) Defense Ministers meetings in Novemeber last year.
Defense One reported that the cyber push is “part of a broader effort across the Indo-Pacific—particularly Southeast Asia—where a senior defense official said countries see cyber vulnerabilities as “a real point of concern, including for their critical infrastructure” and the role armed forces play in cyber defense.”
Another key agenda point in the U.S.-Indonesian comprehensive bilateral partnership is “fostering peace and stability in the Indo-Pacific and beyond.” Of course, the South China Sea is central to this initiative. To wit, the joint statement champions “freedom of navigation in and overflight above the South China Sea and respect for sovereignty and for sovereign rights and jurisdiction of coastal states over their exclusive economic zones and continental shelves in accordance with the international law of the sea.”
Rethinking Geopolitics - Growing Chinese Ties
Despite close diplomatic relations with the U.S., ties between Indonesia and China strengthened significantly during President Widodo’s two terms. The momentum underpinning this growing bilateral partnership gained significant steam following the launch of the Belt and Road Initiative, Beijing’s ambitious global infrastructure push, in 2013.
The BRI “increasingly connected the two countries,” according to Celios. Via the BRI, China is overseeing large industrial development projects like the Jakarta-Bandung Fast Train (KCJB) and various initiatives related to “nickel smelters at several points in Indonesia,” noted Celios.
Additionally, Celios noted that “China's influence is increasingly unavoidable because Indonesia is now economically dependent” on it.
In fact, the “openness of the Indonesian market for Chinese businesses has resulted in China becoming the third largest investor in the second quarter of 2023,” according to Celios. Regarding the primacy of their trading partnership, China and Indonesia also “signed a Local Currency Settlement agreement in which the two countries agree to use the Yuan and Rupiah in investment and trade transactions,” according to Celios.
Most recently, the Comprehensive Strategic Cooperation agreement Indonesia inked with China in October 2023 deepens the scope of their partnership. The Indonesian government published a 19-point joint statement that highlighted China’s “good-neighborliness,” Indonesia’s recognition of the “remarkable achievements” of the Belt & Road Initiative, bilateral trade and investment, and the aspirational quality of “multilateralism.”
The press brief also noted a series of bilateral “cooperation documents in such areas as joint foreign and defense ministerial dialogue,” along with “investment and economic cooperation, medicine and health care,” and “preventing and combating corruption,” among other agreements. Notably, one of these other cooperation documents included media initiatives.
Chinese media influence efforts in Indonesia have also expanded significantly over the last four years, according to pro-democracy think tank Freedom House. From 2019 to 2021, the think tank noted that “Beijing has successfully pushed for new agreements with the country’s national news agency and a major free-to-air television network, opened new diplomatic social media accounts, and appealed to Indonesia's Muslim community through trips to Xinjiang that presented a government- controlled perspective of the region.”
While Freedom House noted that “Indonesians’ trust in China remains low, a 2021 ASEAN survey report found that Indonesians viewed China as the most helpful ASEAN partner among the 10-nation consortium. Regardless, Freedom House ascribes Indonesians' inherent distrust of Chinese narratives to “historical tensions and Chinese government policies in Xinjiang,” where CFR reported that over a “million Muslims have been arbitrarily detained.”
Nevertheless, China’s persistent outreach to Muslim students, influencers, and leaders in Indonesia is concerning. Backdropped by a highly contentious war in Gaza that has been marked by international outcry over perceived excesses in Israeli military counterstrikes, Muslim youths in Indonesia may be particularly susceptible to radically anti-Western narratives during this presidential election cycle.
The PII data leaks exposing large swaths of Indonesian voters discovered by Resecurity have vastly expanded the psychographic attack surface for both foreign and domestic threat actors looking to undermine democracy in the rising Indo-Pacific nation. Potential attack scenarios include microtargeted PSYOP campaigns transmitted through social media platforms or larger-scale disinformation narratives disseminated across a plethora of digital channels.
Safeguarding Indonesian democracy has thus become a cyber-enabled undertaking marked by vigilant cyber-threat intelligence collection and monitoring. By harnessing the power of modern cyber-threat intelligence, Indonesia’s General Elections Commission (KPU) and its general consumer population can mitigate malicious risks associated with voter data falling into the wrong hands.
Beyond threats to the democratic process, a robust cyber-threat intelligence solution can also help people combat rising pan-Asian cyberthreats like online banking theft, fraud, and other malicious activity. In an era of rapidly escalating geopolitical strife and historic great power conflicts, the mind has become a battlefield across the SEA region.
But the immediate identification and remediation of PII leaks on the Dark Web can help limit the harmful and destabilizing impact of modern cybercriminals and state-sponsored threat actors on democracy and public safety.