When the news surfaced at the beginning of September that a significant amount of data had been stolen, Indonesia learned about the hacker who is now known as Bjorka for the first time.
It is estimated that over 1.3 billion SIM card registration details were taken and placed up for sale on an online marketplace on the dark web. The data was collected in part as a result of a change in policy that took place in 2017, which mandated that anyone using an Indonesian SIM card had to first register it in their name using their identity card, which is known as a KTP, and their family card, which is known as a KK. This allowed the government to collect more information about the people who were using the cards.
If the leaks had stopped there, or if Bjorka – who appears to have chosen their name from the Icelandic singer Bjork – had published additional internet material obviously only for the purpose of financial benefit, then perhaps the story would not have garnered as much traction as it did.
Keep Reading
However, in the weeks that have passed since the data leak, Bjorka has gained something of a cult following online thanks to an unusual personal history and a series of skirmishes with the increasingly angry Indonesian government.
“I just wanted to bring to your attention how simple it is for me to get into a variety of doors as a result of a poor data protection strategy.” Bjorka wrote a message on Twitter on September 10 under the handle @Bjorkanism, which is no longer active. The post stated, “Primarily if it is handled by the government.”
The hacker wasn’t wrong.
Research analyst Uday Bakhshi told The Diplomat that the case demonstrates serious weaknesses in Indonesia’s overall approach to cybersecurity over the years. “Aside from the obvious concerns about what data Bjorka actually has and how the leaks occurred, the case shows serious weaknesses in Indonesia’s overall approach,” Bakhshi said.
“Attacks take place often and target not only businesses but also civilians and the government. It is unacceptable for prominent ministers to suggest that the Bjorka leaks are acceptable,” he continued.
In the days that followed the initial disclosure of the SIM card data, the Indonesian government attempted to minimize the significance of Bjorka’s hacking efforts, while at the same time, Semuel Abrijani Pangerapan, the director general of informatics application at the Ministry of Communication and Information, attempted to reason with any potential hackers.
“Don’t attack if you can help it.” According to what Pangerapan stated during a press conference held on September 5. “Every time data is released, the public lose out, because that’s unauthorized access. Find other ways to shame the government if that’s what you want to do,” the speaker said.
The response that Bjorka provided was direct and to the point: “My advice to the Indonesian government is to stop being an idiot.”
