Find Article by Date
Tue, 27 Apr 2004

JP/Police arrest KPU website hacker

Police arrest KPU website hacker

Evi Mariani, The Jakarta Post, Jakarta

The Jakarta Police announced on Monday they had arrested a man suspected of hacking into the General Elections Commission (KPU) website.

Dani Firmansyah, a 25-year-old Information Technology staffer at PT Danareksa, was arrested on Thursday afternoon at his Central Jakarta office in the first high-profile cyber crime case to be successfully unraveled by the police.

Dani, who is also in his final year of study at the School of International Relations, University of Muhammadiyah Yogyakarta, told the police that he had hacked into the KPU website on his own initiative and had worked alone.

"His motive was not political. He simply felt challenged to test his abilities," Jakarta Police chief Insp. Gen. Makbul Padmanagara said.

Dani told the police that he had wanted to warn the KPU that the Rp 152 billion (US$17.8 million) state-of-the-art site was not secure, and said he had learned about IT on his own through various informal sources, including the Internet.

The suspect is being detained at Jakarta Police headquarters.

"He's clever and nobody can ban him from using his brain. However, he broke the law and will face a maximum six years in prison for violating Article 22 of Law No. 39/1999 on telecommunications," Makbul said.

The article stipulates that no individual may manipulate a telecommunications network, telecommunications service or any special telecommunications network.

Head of cyber crimes Adj. Sr. Comr. Petrus Reinhard Golose, who led the investigation, said Dani hacked into the KPU site on April 17 through the Structured Query Language Injection.

The operation basically overloads a server with scripts so that it cannot handle the influx of data and will open itself.

To conceal his identity, Dani used a spoofing technique, using an anonymous Internet Protocol (IP) proxy 208.147.1.1. located in Thailand, which would indicate that he was ostensibly in that country when the website was hacked.

However, he neglected to cover his hacking route, which enabled the police to trace him.

Petrus said police tracked down Dani using websites that list owners of IP addresses, http://www.arin.net/-whois/ and http://www.apnic.net/apnic-bin/whois.pl.

As for tracking Dani's route, cyber crimes detectives used programs from websites http://www/-level3.comGlass and http://apjii.or.id/tools.lg.php, Petrus added.

The police also obtained some information from Warna Internet Cafe in Yogyakarta, where Dani reportedly often spent time tinkering on the Net.