You are on page 1of 14

The Importance of Security Protections on

The Web-Hosting Services


Case Study: Website Hacking on www.presidensby.info
Joko Widiarto
School of Electrical Engineering and Informatics
Institut Teknologi Bandung (ITB)
jwidiarto@gmail.com

HACKING CASE

In early January 2013, Indonesian


cyberspace shocked by website
hacking that owned by President
SBY located at
www.presidensby.info

The incident was reported by the Jatireja Network as an Internet


Service Provider (ISP) that houses www.presidensby.info

Although the hacking case only deflect Domain Name Server


(DNS) without destruction or theft of data, Jatireja still report the
hacker to the accusations has lowered consumer confidence.

CAUSES OF CASE

From the results of the police investigation, the hacker admitted


just for fun to hack the site is located www.presidensby.info

the hacker want to find a famous name or want to be respected


the same as most defacer other motives

TYPE OF CYBER CRIME

LAW VIOLATIONS ON THE CASE (1)

In the arrest warrant document, the hacker is declared in


violation of Article 22 letter b of Law No. 36 of 1999 on
Telecommunications:
It is forbidden to do anything without rights, unauthorized,
or manipulate:
a. access to telecommunications networks; and or
b. access to telecommunications services; and or
c. special access to telecommunications networks.
under penalty of Article 50 (imprisonment of 6 years in
prison and or a maximum fine of Rp 600 million)

LAW VIOLATIONS ON THE CASE (2)

In addition, the system enters the hacker's actions of others without


permission, put the files on the server without permission violates the
Law No. 11 Year 2008 on Information and Electronic Transactions (ITE
Law) Article 30, under penalty of imprisonment of 8 years in prison and
or a maximum fine of Rp 800 million and Article 32 , under penalty of
10 years in prison and or a maximum fine of Rp 5 billion

The Reason : When a person enters someone else's system, of


course he will be able to read the information or documents that should
not be read. Similarly, when placing the files on the server without
permission. This file can be placed various purposes, functions and
motives. If the file can eventually harm the owner of the server or
information such as php shell, script for spam, large files, illegal
software etc, also can reduce system performance

LAW NO. 11 YEAR 2008

Article 30:

1) Any person intentionally and without right or unlawful access to computers and/
or Electronic Systems belonging to another person in any way.
2) Any person intentionally and without right or unlawful access to computers and/
or Electronic Systems in any way with the purpose to obtain electronic
information and / or Electronic Document.
3) Any person intentionally and without right or unlawful access to computers and/
or Electronic Systems in any way to violate, break through, beyond, or break
through the security system.

Article 32:

(1) Any person intentionally and without right or unlawful in any way modify, add,
subtract, transmitting, damaging, removing, moving, hiding an Electronic
Information and/ or Electronic documents belonging to another person or public
property.
(2) Any person intentionally and without right or unlawful in any way to move or
transfer the Electronic Information and / or Electronic Systems Electronic
Documents to another person who is not entitled.
(3) The acts referred to in paragraph (1) which resulted in the opening of an
Electronic Information and / or confidential electronic documents become
accessible to the public with the integrity of the data that is not as it should be.

CONSIDERATIONS AND VERDICT

In the end the judges from Court of Jember, East Java, sentenced
him to 6 months imprisonment. According to the judges, the
hacker convicted of hacking and replacing the front page with
Jemberhacker Team, so that the site can not be accessed for 2
hours.

In addition, players are also required to pay case cost 250


thousand rupiahs or subsidiary 15 days Imprisonment.

In his judgment, the judges consider that the hacker still young, can
be fostered, and also wanted to continue his education. This was
corroborated by the testimony of the police who stated intention to
use his expertise by trained and recruited as a internet security
worker at the Police Headquarters.

TRACKING AND DISCLOSURING THE HACKER

Police in cooperation with the ISP (Jatireja Network),


Kemenkominfo and ID-SIRTII tracking the internet
protocol address (IP address) of the hacker.
the hacker smart enough to divert an IP address to
an address in the United States, but the team
succesed to track the location of its IP address from
the Media Access Control address (MAC address)

Once the IP address is known location is in a cafe in


Suprapto Street, Kebonsari Village, District
Sumbersari, Jember. Police then going undercover
to get the Incognito's real name MJL 007 performed
in the cafe on January 25, 2013 starting at 18:00 pm
Identity revealed on MJL 007 at 23:00 pm. The
police arrest the hacker were identified as Wildan
Yani Ashari.

HACKING TECHNIQUE

AVOIDANCE

Develop a security protections start form computers that are used to build a website,
server security on the web hosting service provider, the technology used for
database protection and security team's ability to keep the web hosting provider files.
Security protection can be done by the following ways:

1. Secure Server: generally conducted on ISPs hosting websites that fully


performed its security protection by the ISP. In this case, webhosting turned out
to be compromised by hackers using SQL injection technique, therefore, where
possible, the use of the server itself using a Virtual Private Server (VPS) will be
better because of security protection can be optimally dicustomized as the user
desires.

2. Audit Server: Web administrator must review, testing and simulation periodically
to server security management. This can involve white hackers to test the
security protection of the system from other hackers attacks.

3. Using the Best and Latest Technology: it is important to use powerful hardware
security, including that features Firewall, Intrusion Detection System (IDS) and
Intrusion Prevention System (IPS). For example using Fortigate, Cisco Series
security, and others. Moreover, it can also use the software or use IDS and IPS
security system for Linux distributions like Sootwall, Monowall, Customized
Distro, Linux and others.
In addition, it is better to use secure software and hardware that can automatically
send an email or sms warning and if system detect any attacks from hackers. That
way security efforts could be undertaken immediately.

GOVERNMENT ASSISTANCE

In addition to the security of the ISP, the government can help


increase safety in the delivery of the internet with the following
steps:
1. Prosecuting those responsible for completely and fairly under the
Act applicable to a deterrent effect on hackers.
2. Enhance enacted laws should continue to be refined in light of
the rapid advancement of technology and communication.
3. Improve the understanding and expertise of the law enforcement
regarding the prevention, investigation and prosecution of cases
of hacking of government websites.
4. Increasing national computer network security system according
to international standards.
5. Increasing awareness of citizens on issues of cybercrime and the
importance of preventing the crime occurred.
6. Increasing cooperation between countries, such as through
agreements handling cyber crime in the world.

CONSIDERATIONS TO ISP OR WEB-HOSTING SERVICES

In the ITE Law, an active role of the ISP or web-hosting for more
attention to the security services have also been set up in Article 15,
Paragraph 1, 2 and 3, which reads:
(1) Each Operator must hold Electronic Systems Electronic
Systems reliably and safely and is responsible for the operation
of the Electronic Systems as appropriate.
(2) Electronic System Operator is responsible for the
implementation of the electronic systems.

(3) The provisions referred to in paragraph (2) shall not apply in the
case of occurrence of a force can be proven, errors and / or
omissions of the Electronic System users.

Thank You

You might also like