Mobile devices and online transactions are inseparable from our lives, so we have to ask ourselves whether our accounts and passwords are safe.
About 70 percent of urbanites surveyed in Indonesia’s nine major cities were not aware of matters related to password protection, according to Pratama Persadha, founder and chairman of the Communication and Information System Security Research Center (CISSReC). Pratama said the figure was found in a 2017 survey by the think tank.
Data from the National Cyber and Encryption Agency shows that Indonesia was hit by 12.9 million cyberattacks in 2018.
Yet when these attacks do happen, few people know what to do.
“When the WannaCry malware hit Indonesia [in May 2017], only about 30 percent of individuals followed the Communications and Information Ministry’s guidance on how to deal with it,” said Pratama, who added that policymakers had to see Indonesians’ lack of familiarity with cybersecurity as an urgent issue.
Personal cyberattacks can bring about devastating impacts on victims, according to Pratama.
He said that the majority of cases he handled had involved “Wi-Fi sniffing” — where hackers break into your personal computer through unsecured public networks — and phishing — where they get data about your personal account information through fake emails or messages.
“Hackers can conduct these attacks via your email account, short message services, social media, marketplace and bank accounts — or any chat applications,” he said.
Generally, individual attacks are carried out randomly, perhaps through an email address obtained from an online forum, but there are some cases where the attacks are aimed at specific people, mostly government officials, celebrities or public figures, according to Pratama.
When hackers attack these well-known individuals, they mostly target their personal web pages, institutional web pages or social media accounts, he continued.
What do these hackers do with their victims’ data? According to Pratama, the most extreme cases involve hackers who take total control of victims’ smartphones or other gadgets. They break into these devices and steal and manipulate the victim’s data before disseminating it to the public without the victim knowing it.
For instance — this most commonly happens to celebrities — hackers can hijack private photographs, in search of compromising materials, to make them public, according to Pratama.
Pratama said this could also include document manipulation or dissemination, which might be used to blackmail victims.
“These hackers can also manipulate and exploit your private conversations or communication with other people. The most dangerous attacks are massive ones aimed directly at individuals — whether high-profile ones or so-called ordinary people — opposed to institutional or governmental ones,” he warned.
And the situation is not getting any better: “Nowadays, when all sorts of communications can be done through the internet, hacking someone’s private account through it is easier than ever,” he said.
In late 2019, an Israeli company called the NSO Group sparked controversy for buying and selling Pegasus, malware that could take over victims’ smartphones simply by making a voice call via the instant messaging app WhatsApp, managed by Facebook.
This is the reason Facebook sued the NSO Group. Several hacking victims also reported their cases to Amnesty International.
Fortunately, there are some steps we can take to guard ourselves against possible threats, according to Pratama.
“First of all, be vigilant whenever you spot [notifications of] any suspicious activities on your laptop and smartphone — or on your email and social media accounts,” he advised.
You should change your passwords regularly, while authenticating your log-in through short message service, phone call or additional tokens, he advised.
“Government officials and members of their inner circle have to be extra careful about their personal cybersecurity while evaluating their own personal cybersecurity state on a regular basis,” he explained.
Public officials are more vulnerable because their data can be intercepted or stolen for local or global political or economic purposes, according to Pratama.
“Lastly, we could include cybersecurity lessons in our school curriculum,” he said.