Cybersecurity Challenges in Indonesia’s 2024 Elections

TL;DR

Indonesia’s 2024 elections are set against a backdrop of escalating cybersecurity concerns and the shadow of foreign influence. From the leakage of sensitive voter data to the risks posed by AI-driven disinformation and potential geopolitical manipulations by powers like China and Russia, these elections present a multifaceted challenge. These developments underscore the urgency for robust cybersecurity measures to ensure the integrity of Indonesia’s democratic processes.

In 2024, a crucial year for global politics, a significant portion of the world’s population will cast their votes in national elections. This pivotal year sees major countries like India, the United States, Russia, Mexico, and Pakistan, alongside Indonesia, preparing for elections that carry distinct cybersecurity challenges. Indonesia, while not the largest player compared to giants like the U.S. and Russia, still holds a significant role in shaping the regional dynamics in Southeast Asia.

As these diverse nations navigate their electoral processes, the implications of their outcomes extend far beyond national borders, potentially influencing the international geopolitical landscape. The digital transformation of electoral systems, while streamlining processes and enhancing accessibility, also introduces new vulnerabilities to cyber threats. For Indonesia, these elections are not only a test of democratic will but also a reflection of its ability to secure its electoral infrastructure against emerging digital risks.

Global Election Cybersecurity Concerns in 2024

In the context of South Asia and the broader global scene, the cybersecurity concerns for elections are multifaceted and have seen a significant evolution.

Globally, the primary concerns revolve around the manipulation of public opinion through sophisticated cyber strategies. This includes the use of advanced phishing techniques and the spread of disinformation, particularly through AI-driven tools such as deepfakes. These methods can significantly distort public perception and threaten the integrity of democratic elections. Additionally, nation-states, particularly Russia, have been implicated in conducting widespread influence operations across various democracies, aiming to erode public faith in the electoral process. The United States intelligence assessment highlights that Moscow is using spies, social media, and Russian state-run media to undermine the integrity of democratic elections worldwide. This is not limited to one region but is seen as a global phenomenon.

Cybersecurity Challenges in South Asian Elections

In South Asia, countries like Bangladesh, Pakistan, and Indonesia have faced their unique challenges. Internet restrictions, AI-driven disinformation, and the use of laws as tools of censorship have been significant issues ahead of major elections. In Bangladesh, for instance, the Cyber Security Act has been criticized for being used to detain critics and journalists. In Pakistan, amendments to existing laws have given authorities broad censorship powers, affecting the freedom of expression online, especially during election periods. The situation in Indonesia is also concerning with amendments to laws that criminalize the dissemination of certain types of statements, potentially impacting the electoral process.

The use of AI by political parties, especially for disinformation, has emerged as a new challenge. In Indonesia, the deployment of “cyber-troops” by candidates to spread hate and misogyny has hindered women’s participation in elections. Similarly, political parties in Bangladesh have been actively involved in spreading disinformation online.

Moreover, Taiwan’s experience with cyberattacks ahead of its presidential election, largely attributed to China, highlights the increasing sophistication of cyber threats. The attacks against Taiwan’s critical infrastructure and the spread of disinformation through AI-powered content underline the growing challenges in safeguarding elections against external influence.

Cybersecurity in Indonesia’s 2024 Elections

As Indonesia approaches its 2024 general elections, set to take place in February, the country faces significant cybersecurity concerns. This election is particularly crucial, not just for Indonesia but also from a geopolitical standpoint, with the world’s third-largest democracy at a crossroads of Eastern and Western influences.

The Challenge of Voter Data Leaks

In a hacker forum monitored by SOCRadar, a new alleged database sale is detected for KPU / General Elections Commission of Indonesia.

A significant cybersecurity issue for Indonesia’s 2024 elections is the leakage of voter data. Investigators have found that Indonesian government domains, including systems related to the Election Voter Data Information System, have been targeted by cyber-threat actors. This breach has exposed sensitive voter data and raised concerns about the integrity of Indonesia’s electoral infrastructure. These developments come at a time when Indonesia is increasingly becoming a focal point for geopolitical interests from major global powers like the US and China. The potential exploitation of this data in information-warfare campaigns poses a long-term risk to the democratic process in Indonesia.

In the context of elections, the misuse of leaked voter data by threat actors could have significant implications. They might employ this data to create highly targeted political campaigns, aiming to sway voter opinions in favor of certain candidates or parties. Additionally, this information could be used to launch disinformation campaigns, spreading misleading or false information tailored to specific voter demographics. These tactics could lead to voter suppression, where certain groups are discouraged or misled, impacting their likelihood of voting. Moreover, the presence of such data in the wrong hands could create a general atmosphere of distrust in the electoral process, raising questions about its integrity and fairness. These actions could potentially skew election results and undermine the foundations of democratic systems.

AI and the 2024 Indonesian Elections: The Disinformation Risk

In the 2024 Indonesian elections, the impact of Artificial Intelligence (AI) on disinformation is a growing concern. The evolving use of AI in politics now allows for more sophisticated and targeted misinformation campaigns. A report by The Diplomat highlights this, using an incident as an example: an AI-generated video of the former Minister of Health, Terawan Agus Putrano, falsely claiming a breakthrough in diabetes treatment. This video, which was widely circulated on Facebook, underscores the powerful impact of AI in spreading false narratives.

The incident also raises critical questions about the ability to discern reality from AI-generated content. As AI technology becomes more advanced, distinguishing between these becomes increasingly challenging. This poses a significant risk to the integrity of the democratic process, especially in the context of elections where public perception is crucial.

The broader implications of such AI-driven disinformation campaigns are significant. They represent a new frontier in the battle against misinformation, where traditional fact-checking methods may not be sufficient. This necessitates a more robust approach to identifying and countering AI-generated content that could potentially sway voter opinions.

Foreign Manipulation Concerns in Indonesia’s 2024 Elections

As Indonesia approaches its 2024 general elections, the specter of foreign influence, notably from China and Russia, looms as a topic of concern. While direct evidence of such influence in Indonesia’s elections is not clearly established, global trends and historical patterns provide a context for these apprehensions.

China’s Economic Influence and Potential Election Impact

Indonesia’s economic relationship with China is significant, and past incidents, like accidents at Chinese-built industrial sites, have influenced public opinion in Indonesia. Drawing from China’s approach in other regions, such as Taiwan, where economic sanctions and information campaigns have been used, there is speculation about the potential application of similar strategies in Indonesia. However, the extent to which China might use its economic clout to sway electoral outcomes in Indonesia is still a matter of conjecture.

Russia’s Known Political Strategies

Russia’s history of political influence in foreign elections, including sophisticated information campaigns and economic strategies observed in the U.S. and Europe, raises questions about its possible engagement in Indonesia. While there is no concrete evidence of Russian interference in Indonesia’s upcoming elections, the pattern of Russia’s activities in other countries suggests a possibility of indirect influence, potentially through media channels or other means.

Assessing the Impact

The concern about foreign influence from major powers like China and Russia in Indonesia’s 2024 elections reflects a cautious approach to ensuring the integrity of the electoral process. While instances from other global contexts provide some perspective, the application of these foreign strategies in Indonesia’s unique political environment is not definitive. The situation calls for vigilance and comprehensive measures to safeguard the fairness and authenticity of Indonesia’s democratic process.

The Spectrum of Cyber Threats in Indonesia’s 2024 Elections

Detailed monitoring and analysis by SOCRadar uncovered that the electoral process is under siege not just on hacker forums but across various digital arenas, including Telegram channels, where discussions and activities about the elections are prevalent. This broad interest and involvement by threat actors signify a sophisticated and multi-dimensional challenge to electoral integrity.

SOCRadar’s diligent monitoring of Telegram channels has unveiled that the Indonesian electoral process is a topic of significant interest among cybercriminals. These actors are not limiting themselves to data breaches; instead, they employ a range of attack vectors, including but not limited to Distributed Denial of Service (DDoS) attacks, website defacement, and phishing schemes, to disrupt the electoral process.

The threat actor claims that the official KPU website is under maintenance due to a cyber attack.

A notable instance involves a well-known cyber threat actor targeting Indonesia, who has publicly claimed a cyber attack on the KPU (General Elections Commission) website. This attack reportedly forced the website into maintenance mode, demonstrating the tangible impact of these threats on electoral infrastructure. Moreover, this actor’s use of manipulative statements regarding the election points to a strategy aimed at disrupting and influencing public perception and trust in the electoral process.

SOCRadar Labs, Phishing Radar, potential phishing domains.

However, the breadth of cyber threats looming over Indonesia’s elections is not confined to these incidents alone. Utilizing Phishing Radar, a cutting-edge tool from SOCRadar Labs, a staggering 326 potential phishing domains targeting the KPU’s official domain (kpu[.]go[.]id) are identified. This alarming discovery underscores the sophistication and breadth of the phishing campaigns aimed at undermining the electoral integrity of Indonesia.

SOCRadar, Threat Hunting, Stealer Logs.

Furthermore, our investigation into the KPU domain through the SOCRadar Threat Hunting module revealed over 100 Stealer Log records. These logs, generated by malware, encapsulate users’ sensitive information, presenting grave risks. The theft of personal and financial details, coupled with security and privacy breaches, highlights the severe consequences of these cybercriminal endeavors.

Stealer logs not only facilitate account hijacking and corporate security compromises but also fuel the illicit cybercrime market through the sale of stolen data.

How SOCRadar Can Help: Securing Indonesia’s 2024 Elections

As Indonesia prepares for its 2024 general elections, the significance of advanced cybersecurity intelligence becomes increasingly vital. SOCRadar, with its comprehensive Extended Threat Intelligence capabilities, stands ready to aid Indonesia in addressing the multifaceted cyber challenges it faces in these crucial elections.

Proactive Cyber Threat Intelligence

• Early Detection and Alerts: SOCRadar’s sophisticated threat intelligence can proactively identify potential cyber threats. This early detection is crucial for preventing attacks such as phishing, disinformation campaigns, and DDoS attacks, which pose significant risks in the electoral context.
• Customized Threat Landscape Analysis: SOCRadar offers specialized insights tailored to the unique political and electoral landscape of Indonesia, enabling authorities to allocate their cybersecurity resources more effectively.

Digital Risk Protection and External Attack Surface Management

• Monitoring Digital Assets: SOCRadar’s Digital Risk Protection services provide extensive monitoring of digital assets across various platforms, including Brand Protection, and the Deep/Dark web. This monitoring is essential in detecting and countering disinformation campaigns or other malicious activities that could impact the elections.

View impersonating domains through SOCRadar’s Digital Risk Protection module.

• Mitigating External Vulnerabilities: Through External Attack Surface Management, SOCRadar assists in identifying and addressing vulnerabilities in Indonesia’s digital infrastructure, safeguarding it against potential cyber exploits during the election period.

SOCRadar Attack Surface Management/Company Vulnerabilities.

Strategic Decision-Making Support

• Actionable Intelligence for Decision Makers: SOCRadar equips decision-makers, including C-level executives and election authorities, with strategic insights. This intelligence is key in comprehending the broader scope of cyber threats and in formulating effective defense strategies.
• Enhancing Coordination and Response: The intelligence provided by SOCRadar could facilitate coordination among various stakeholders involved in election security, such as government agencies, cybersecurity teams, and electoral bodies. This coordination is crucial for a unified and effective response to cyber threats.

In the face of diverse and sophisticated cyber threats, SOCRadar’s role in Indonesia’s 2024 elections is indispensable for ensuring a secure, transparent, and fair electoral process. The comprehensive capabilities of SOCRadar in threat detection, analysis, and strategic support form a crucial pillar in safeguarding Indonesia’s democratic integrity in the digital age.

CISA Launched #Protect2024 Webpage to Support Election Officials

Amid ongoing efforts to enhance electoral security, the Cybersecurity and Infrastructure Security Agency (CISA) launched the #Protect2024 resources webpage for state and local election officials.

Introduced on February 7, 2024, the webpage acts as a centralized repository for critical resources, training lists, and security service offerings aimed at supporting over 8,000 election jurisdictions during the 2024 election cycle.

This initiative reflects CISA’s collaborative approach to mitigating cyber, physical, and operational risks to election infrastructure.

The agency invites stakeholders, government officials, and the public to explore the #Protect2024 website and join them in ensuring a secure and resilient 2024 election cycle.

Conclusion

As Indonesia prepares for its 2024 elections, the importance of robust cybersecurity measures is paramount. SOCRadar’s threat intelligence and monitoring capabilities are essential in ensuring that the elections are conducted securely, free from the risks of digital manipulation and foreign influence. This scenario underscores the growing significance of cybersecurity in maintaining the sanctity of democratic institutions in the digital era.