• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO13141 | Indonesia: New Haven for Cybercriminals?
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO13141 | Indonesia: New Haven for Cybercriminals?
    Senol Yilmaz

    29 July 2013

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    Indonesia has been identified as a major source of malicious Internet traffic. A close examination, however, reveals that such traffic may not originate in Indonesia. More likely, Indonesian networks are exploited by outside e-criminals.

    Commentary

    MALICIOUS INTERNET traffic from Indonesia has increased from 0.7 percent in the last quarter of 2012 to 21 percent in the first quarter of 2013, according to a recent report by private firm Akamai Technologies. This 30-fold increase puts Indonesia at second place after China.

    However the rise in malicious traffic does not necessarily mean that Indonesia has become a haven for hackers and e-criminals within a few months. In the report, Indonesia is merely identified as the immediate origin, not the ultimate source, of this malicious traffic.

    Indonesian networks being used?

    Therefore, it is probable that hackers and criminals from other countries routed their illicit cyber traffic through Indonesian networks to hide their identity and make it more difficult for law enforcement to prosecute them across borders.

    At the same time, some countries in the wider region have seen quite a dramatic drop in their malicious traffic. Therefore, the conclusion that Indonesian infrastructure might be misused by other countries’ hackers and cybercriminals seems more probable than a sudden increase in the number of homegrown hackers.

    The authors of the report assume that the malicious traffic came from so-called botnets, or networks of infected computers. Usually, private users contaminate their computers with malware, or malicious software, by downloading e-mails or files, or by visiting websites that were deliberately infected by criminals. Such contaminated computers, also called “zombies”, then allow the criminal, or “botmaster”, to command the computers remotely through the malware.

    Often, infected computers are exploited for criminal activities without the knowledge of the legitimate private user. For example, the computers in the botnet are misused to spread viruses to other computers or send spam e-mails. Furthermore, botnets can be used to carry out distributed denial-of-service attacks – the kind of attacks that paralysed Estonia in 2007, when websites of the government, media and banks were flooded with bogus requests for data over a period of three weeks. The networks were overwhelmed by the sheer number of requests and incapacitated to respond to genuine requests. The cyberattacks paralysing the Estonian Internet came from botnets located in several dozen countries.

    Challenge to international and national security

    The Indonesian government needs to take action for two reasons: international obligation and national security.

    Firstly, Indonesia, as any other state, has a duty to prevent both hacking and more severe forms of cyberattacks on its neighbours and states beyond the region. Attacks on other states from botnets located in Indonesia could bring the Southeast Asian country into disrepute internationally – especially when it is government computers that are infected and carry out attacks, albeit unintentionally.

    An expert group known as the Tallinn Group, convened by the NATO Cooperative Cyber Defence Centre of Excellence, applied international laws to cyber warfare. Their recently published Tallinn Manual states that under the laws of war, no state shall allow the cyberinfrastructure located in its territory, be it governmental or not, to be used to adversely affect other states.

    The experts could not agree on whether this rule applies to malicious traffic merely routed through the cyberinfrastructure of a state’s territory. Furthermore, the Tallinn Manual does not constitute international law but represents expert opinion. However, in the absence of treaties, it may be an indication of future law. Notwithstanding, states and private companies who suffered from attacks in the past, are said to have conducted counter-attacks invisible to the international public’s eye and beyond legal scrutiny.

    For Indonesia, this means that its networks could be disrupted in retaliation for cyberattacks that were neither conducted by the Indonesian government nor its citizens. Therefore, Jakarta should not depend on an ambiguous legal situation, but should take swift action to fight botnets to prevent potential international tensions.

    Secondly, and maybe more importantly for Indonesia and Indonesians themselves, botnets can not only be used to attack outside networks, but malicious traffic can also be inbound. In other words, Indonesia could find itself in a situation where its cyberinfrastructure could be attacked and paralysed from within the country. According to a report by the U.S. Congressional Research Service, criminals who command botnets rent their malicious services to anyone who is willing to pay the price of US$200 to US$300 dollars per hour. Non-state actors could rent these botnets to launch cyberattacks against Indonesia’s own networks as well as other countries.

    Need for action

    One approach that has proved useful is to work with Internet Service Providers (ISPs). ISPs play a key role in the fight against botnets since they are in a position to scan their networks and detect infections and abnormal traffic that indicates spamming or denial-of-service-attacks. Co-operation between the public and private sector has proven effective in the German Anti-Botnet project and the Australian Internet Security Initiative. In both countries, once botnet activities are detected, ISPs contact their customers and inform them that their computers are being misused for malicious cyber-activity, and help them clean their infected computers.

    Given the increase in malicious Internet traffic from Indonesia, the government should reach out to ISPs to establish a similar project. An important precondition is a sound legal framework that protects the privacy rights of customers while carrying out a programme to fight botnets.

    Furthermore, an awareness campaign should be conducted to educate the public of the dangers of computer infections and the remedies available. In the face of these cyberthreats to international and national security, the Indonesian government should take swift preventive action.

    About the Author

    Senol Yilmaz is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University.

    Categories: Commentaries / Country and Region Studies / Southeast Asia and ASEAN

    Last updated on 17/09/2014

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    Indonesia has been identified as a major source of malicious Internet traffic. A close examination, however, reveals that such traffic may not originate in Indonesia. More likely, Indonesian networks are exploited by outside e-criminals.

    Commentary

    MALICIOUS INTERNET traffic from Indonesia has increased from 0.7 percent in the last quarter of 2012 to 21 percent in the first quarter of 2013, according to a recent report by private firm Akamai Technologies. This 30-fold increase puts Indonesia at second place after China.

    However the rise in malicious traffic does not necessarily mean that Indonesia has become a haven for hackers and e-criminals within a few months. In the report, Indonesia is merely identified as the immediate origin, not the ultimate source, of this malicious traffic.

    Indonesian networks being used?

    Therefore, it is probable that hackers and criminals from other countries routed their illicit cyber traffic through Indonesian networks to hide their identity and make it more difficult for law enforcement to prosecute them across borders.

    At the same time, some countries in the wider region have seen quite a dramatic drop in their malicious traffic. Therefore, the conclusion that Indonesian infrastructure might be misused by other countries’ hackers and cybercriminals seems more probable than a sudden increase in the number of homegrown hackers.

    The authors of the report assume that the malicious traffic came from so-called botnets, or networks of infected computers. Usually, private users contaminate their computers with malware, or malicious software, by downloading e-mails or files, or by visiting websites that were deliberately infected by criminals. Such contaminated computers, also called “zombies”, then allow the criminal, or “botmaster”, to command the computers remotely through the malware.

    Often, infected computers are exploited for criminal activities without the knowledge of the legitimate private user. For example, the computers in the botnet are misused to spread viruses to other computers or send spam e-mails. Furthermore, botnets can be used to carry out distributed denial-of-service attacks – the kind of attacks that paralysed Estonia in 2007, when websites of the government, media and banks were flooded with bogus requests for data over a period of three weeks. The networks were overwhelmed by the sheer number of requests and incapacitated to respond to genuine requests. The cyberattacks paralysing the Estonian Internet came from botnets located in several dozen countries.

    Challenge to international and national security

    The Indonesian government needs to take action for two reasons: international obligation and national security.

    Firstly, Indonesia, as any other state, has a duty to prevent both hacking and more severe forms of cyberattacks on its neighbours and states beyond the region. Attacks on other states from botnets located in Indonesia could bring the Southeast Asian country into disrepute internationally – especially when it is government computers that are infected and carry out attacks, albeit unintentionally.

    An expert group known as the Tallinn Group, convened by the NATO Cooperative Cyber Defence Centre of Excellence, applied international laws to cyber warfare. Their recently published Tallinn Manual states that under the laws of war, no state shall allow the cyberinfrastructure located in its territory, be it governmental or not, to be used to adversely affect other states.

    The experts could not agree on whether this rule applies to malicious traffic merely routed through the cyberinfrastructure of a state’s territory. Furthermore, the Tallinn Manual does not constitute international law but represents expert opinion. However, in the absence of treaties, it may be an indication of future law. Notwithstanding, states and private companies who suffered from attacks in the past, are said to have conducted counter-attacks invisible to the international public’s eye and beyond legal scrutiny.

    For Indonesia, this means that its networks could be disrupted in retaliation for cyberattacks that were neither conducted by the Indonesian government nor its citizens. Therefore, Jakarta should not depend on an ambiguous legal situation, but should take swift action to fight botnets to prevent potential international tensions.

    Secondly, and maybe more importantly for Indonesia and Indonesians themselves, botnets can not only be used to attack outside networks, but malicious traffic can also be inbound. In other words, Indonesia could find itself in a situation where its cyberinfrastructure could be attacked and paralysed from within the country. According to a report by the U.S. Congressional Research Service, criminals who command botnets rent their malicious services to anyone who is willing to pay the price of US$200 to US$300 dollars per hour. Non-state actors could rent these botnets to launch cyberattacks against Indonesia’s own networks as well as other countries.

    Need for action

    One approach that has proved useful is to work with Internet Service Providers (ISPs). ISPs play a key role in the fight against botnets since they are in a position to scan their networks and detect infections and abnormal traffic that indicates spamming or denial-of-service-attacks. Co-operation between the public and private sector has proven effective in the German Anti-Botnet project and the Australian Internet Security Initiative. In both countries, once botnet activities are detected, ISPs contact their customers and inform them that their computers are being misused for malicious cyber-activity, and help them clean their infected computers.

    Given the increase in malicious Internet traffic from Indonesia, the government should reach out to ISPs to establish a similar project. An important precondition is a sound legal framework that protects the privacy rights of customers while carrying out a programme to fight botnets.

    Furthermore, an awareness campaign should be conducted to educate the public of the dangers of computer infections and the remedies available. In the face of these cyberthreats to international and national security, the Indonesian government should take swift preventive action.

    About the Author

    Senol Yilmaz is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University.

    Categories: Commentaries / Country and Region Studies

    Last updated on 17/09/2014

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    CO13141 | Indonesia: New Haven for Cybercriminals?

    Synopsis

    Indonesia has been identified as a major source of malicious Internet traffic. A close examination, however, reveals tha ...
    more info