Indonesian Political, Business & Finance News

Police arrest KPU website hacker

| Source: JP

Police arrest KPU website hacker

Evi Mariani, The Jakarta Post, Jakarta

The Jakarta Police announced on Monday they had arrested a man
suspected of hacking into the General Elections Commission (KPU)
website.

Dani Firmansyah, a 25-year-old Information Technology staffer
at PT Danareksa, was arrested on Thursday afternoon at his
Central Jakarta office in the first high-profile cyber crime case
to be successfully unraveled by the police.

Dani, who is also in his final year of study at the School of
International Relations, University of Muhammadiyah Yogyakarta,
told the police that he had hacked into the KPU website on his
own initiative and had worked alone.

"His motive was not political. He simply felt challenged to
test his abilities," Jakarta Police chief Insp. Gen. Makbul
Padmanagara said.

Dani told the police that he had wanted to warn the KPU that
the Rp 152 billion (US$17.8 million) state-of-the-art site was
not secure, and said he had learned about IT on his own through
various informal sources, including the Internet.

The suspect is being detained at Jakarta Police headquarters.

"He's clever and nobody can ban him from using his brain.
However, he broke the law and will face a maximum six years in
prison for violating Article 22 of Law No. 39/1999 on
telecommunications," Makbul said.

The article stipulates that no individual may manipulate a
telecommunications network, telecommunications service or any
special telecommunications network.

Head of cyber crimes Adj. Sr. Comr. Petrus Reinhard Golose,
who led the investigation, said Dani hacked into the KPU site on
April 17 through the Structured Query Language Injection.

The operation basically overloads a server with scripts so
that it cannot handle the influx of data and will open itself.

To conceal his identity, Dani used a spoofing technique, using
an anonymous Internet Protocol (IP) proxy 208.147.1.1. located in
Thailand, which would indicate that he was ostensibly in that
country when the website was hacked.

However, he neglected to cover his hacking route, which
enabled the police to trace him.

Petrus said police tracked down Dani using websites that list
owners of IP addresses, http://www.arin.net/-whois/ and
http://www.apnic.net/apnic-bin/whois.pl.

As for tracking Dani's route, cyber crimes detectives used
programs from websites http://www/-level3.comGlass and
http://apjii.or.id/tools.lg.php, Petrus added.

The police also obtained some information from Warna Internet
Cafe in Yogyakarta, where Dani reportedly often spent time
tinkering on the Net.

View JSON | Print