ITU POLISI NANGKEP ANAK PUNK🤣‼️Saya tau BJORKA, dan...
Deddy Corbuzier
5 4 3 2 1 and close the door Did he and he talk about you can your car can a punk Dari mana lu yakin banget oh it'll become your car you to Yorka. When I was arrested in Sulawesi, the video was released. If you look at the answers given, it's like a child who doesn't have
technical skills.
Doesn't have technical skills.
But in the same year, in February 2025, I wrote about the incident of one of the private banks. Nick appeared, his name is Skywave. His name is Skywave? Nick, the private banks was in trouble. Nick was there, his name was Skywave.
His name was Skywave?
Yes, Nick was the one who was used. Skywave has a story, he likes to use other trade actors' names. One of the ones he used was Bjorka, Cinehunter, and others. When he posted that about the private bank, it was also the content that was reposted.
So it was already posted by other trade actors in one of the forums. He reposted it and then he admitted it. That was him. So, the possibility that the kid who was kidnapped was him.
Skywave.
So, wait a minute. So, Skywave is real? It's real. But in your opinion, it's not an artist? No. So, it's just a re-uploader?
Correct.
Re-uploader?
Yes.
Because the content history is like that. If it's a re-uploader, what's the purpose? It can be a scam, because it can use other people's names, and other people's names, and other people's content. For example, this is mine. If you want to buy it, it's mine. It can be a scammer.
Can they look for names if people need hackers and so on? It can also be a service seller. So if you say that Skywest or WFT They don't have the ability, so they are not hackers at all?
What do you think?
I don't think they have the ability to go there Because if they have the ability, they won't do it Why did they get caught yesterday? I think they got caught because of a report from a private bank. But I think the private bank was also working on it. The one who was arrested was that guy.
If the private bank made a report, they would say, the police was on the right track. So why was he arrested? My question is, is there a hacker in the class of Bjorka or you?
Is it as easy as the police that we know and arrest? If you look at the ability of our cyber police, it's still not there. Because we can see the history. Before the case of Bjorka, there were many other actors, but none of them were caught. So when it involves an unusual ability, our police is confused. How to investigate, how to find out.
In the end, no one caught them. So the police is not going the case of Bjorka? Yes. The last one, the comeback was really funny.
Yes, suddenly, Bjorka...
First, he tweeted, if I'm not mistaken. I don't know, there was a tweet. I saw that, suddenly, he posted it.
The police?
Yes, the police. So, on Saturday, October 4th, 2025, Bjorka released data on 341,000 police personnel. The point is, he just wanted to let people know that he wasn't the one.
But, in your opinion, is Bjorka an Indonesian?
My belief is that he is an Indonesian. Because, when he first appeared on Twitter, he was a linguistic expert. Indonesia, bukan? Keyakinan gue sampe sekarang itu orang Indonesia. Karena pas dia awal-awal nongol itu, pernah ada di Twitter itu ahli linguistik. Ahli linguistik itu, dia membedah bahasa yang digunakan sama Bjorka itu, kalau susunan kata itu, dia yang menggunakan English, tapi susunan kata itu Indonesia.
Masih Indonesia. The intonation is still Indonesian. I'm sure there are community members. What do you mean by community members? Community members like us have a community. A community of hackers, people in cyber security. I'm sure there are kids there too. And is this one person or not? It can be one person or one group.
It can be one group? But the kid from yesterday was already confirmed, it's not part of the group. Okay, but I'm talking about the kid from yesterday is not a part of the group. Okay, but I'm talking about the kid from yesterday. Other than you saying that he doesn't have the IT skills, what do you think about the kid from Tampang, Indonesia, when he was arrested? I thought it was a kid from Tampang who was arrested.
Because it's weird. Suddenly he was arrested and sat on the floor. At first, the first narration that came up was called scheming.
What's scheming?
It's like you're withdrawing money from ATM using a card, and the card is duplicated. At first, the narrative was there. It makes sense if it's a schemer. I was interrogated, and they said, why did you connect it to Telegram? There was no connection between the scamming and telegram. Then I heard it again, and it turned out that they were selling and buying.
Why did the police say it was Bjorka? I don't know. If you watched the press conference yesterday, they said it was because he had one of the accounts. The account was called Bjorka. Then the police said it was Bjorka
I want to comment, it's not good
I mean, if it's an account... Yeah, anyone can make it Yeah, anyone can make it Anyone can make it, if it's an account I can make it, who's account is it?
Yeah, right
The police should validate it first. Then they can claim it. Instead of having a lot of people, and then the one who owns it is the one who's in the limelight.
It's funny.
It's really funny. I'm still curious. What do you think if you put your position as a biorca?
Does it sell? It sells data. What do you think if you put yourself in the position of Bjorka?
Does he sell?
He does sell data. He does sell data. He's been around for a long time, but he's been rising in a weird way. Suddenly, the moment he suddenly exploded, I was still a bit confused because I had talked about this problem for a long time, and I was just flat out, I was interested in the Because I had been talking about this problem for a long time. And I was like, okay, let's just do it. I was interested in the public about this issue.
Suddenly, Biorka came out. That's the trend. Data sales.
Biorka?
Some data is sold, some are given for free. One of the data is given for free. But the motive is money. The motive is money? Okay, and how much can you get? It depends.
If he sells data from 5,000 dollars to 10,000 dollars, it means per one copy. Per one copy? Per one buyer. How many buyers can be sold? It depends.
If it's exclusive, what's the price? Other redactors may use exclusive, but they only sell one copy. And when someone buys the data, what's the profit? It depends on the needs.
What is the need of the buyer? If it's used for fraud, then it's fine. It's the victim of other people. Or for business needs, but business is a bit risky. The buyer is illegal.
But it can be used for pinjol, it can be used for many things. Judol?
I don't think pinjol. Judol? It can be used contact of emergency. There was a netizen who leaked the data of Apollo 13. This can be a contact of emergency. But Pinjol is a bit...
Now it's better. So, the registration is a verification. It's built in the application. You can't just take a photo and put it in. What is the worst case when someone gets someone else's data? Well, it's like now. The fraud is no longer...
You, the person who wants to cheat, you already know who you are. In the past, Mama Minta Pulusa didn't know who we were. She just called randomly. Now she knows, hello, this is Mr...
Oh, this data,. ... Oh, this is the data.
He even knows your full name, your full data, your economic class. So they already know. I've heard of one case, the ex-Wapres, whose family was once ...
Ex-Wapres?
Ex-Wapres.
Got caught?
Yes. His family, sorry.
Okay.
His family got it. The fraud that is now in the telegram is that you are told to work, then you are paid in the beginning. There is a job offer, you are told to do something. Usually at low levels, the first offer is given, the first transfer is 100,000, 50,000. He, because he already knows the class of the economy of this person,
the initial transfer is 50 million.
So you don't do anything The initial transfer was 50 million. Oh wow.
So you don't do anything, the transfer is 50 million. Because the public thinks, wow, it's true. Finally, he entered the trap. Finally, it reached a few hundred million.
Oh, so the basics are,
I know who my victim is, what the details are. And how to fish. And how to play, I know what, who, what the details are. And how to fish. And how to fish, how to play, I know. Okay, if I skip again, for example, what Biorka does with collecting data. In your opinion, what can Biorka do besides that? Besides collecting data and buying data?
What is the danger? I mean, what is the danger of danger is this for our society? Can it be a bank scam? Or can it be a bank scam with Biorka? No, not in an equal way. It depends on the access. What kind of access?
If it's the access, it's probably only targeting only data and then the data is then used as his money but my question is how easy it is to take data from people like that if Bjorka can take data from people like that, it means he has to hack a system if he hacks a system, Bjorka can hack Danantara, right? that's why this system is a bit... this system is a lot
if we talk about banking, there are a lot of systems. For example, we talk about banking, there are a lot of banking. If you can simplify it, for example, I'm a mainstream user. The database is here. But usually, there are a lot of banking. Not necessarily you can access one server and then you can access another server. But when he gets critical access to the server or system, it's possible.
Okay, but it doesn't mean it doesn't cover the possibilities. Yes. It doesn't cover the possibilities. It can happen.
How great is it if we have a hacker in Indonesia?
If you want to do bad things, how bad is it? Indonesia has Indonesia is known for its blackheads. People always say that the center is in Yogyakarta. It's been known in Indonesia for making it in Indonesia. The criminals are outside.
The criminals are outside.
So Indonesia is known for making a tool or software that is then used by criminals outside. Wow!
So, the one who made the Indonesian software,
the criminals outside? Yes. The last one is a kid from Kalimantan, I forgot. The one who was arrested. It's a combination of those who arrested Interpol, FBI. The one who was arrested was an Indonesian.
He's just a producer. What did he do? He made a kind of pie peacing as a services. He made a kind of a service to send a peacing using his own money, pay for the sacrifice, and the victims are all over the world.
All over the world?
All over the world.
This is a peacing email and so on, right? Correct. all over the world. All over the world? So, it's all about emails and stuff, right?
It's made by Indonesians, and it's used by criminals abroad. But there are so many victims. The child was arrested. And Ransomware, a few times, the case was also arrested by Indonesians.
And if they get arrested, what do they do? Do they get raped?
Usually, they are brought in and brought it to the one who caught it. Usually, it's like that. And then, we can also raise it. Okay. But does that mean that our hackers' ability in Indonesia is capable of doing that? Capable. I'm known for being good at it.
And if they're a bit of a pervert, it's dangerous. I'm curious. You said you know a lot of talented people. If they are perverts, it's dangerous. What is your definition of talent? Talented, right? How is it? Because I think that at my level,
now I rarely learn, and rarely follow something new. But the young people now are still very agile. If I look at them, it's like... I think I couldn't be like this in my time. Seeing them now, they can do it. Their skills are getting better than us.
That's why when I see them, it's like, if this kid falls into the wrong hands, it's dangerous. Because their ability is like, there's a competition every year.
There's a competition every year?
There's a competition. I don't know if it's now under camp or what. So, it's called Saber Jawara. Saber Jawara is a group of hackers. The name of the competition is CTF, Capture the Flag. So, it's a hacker competition. Every year there's a winner.
The bad thing is, our government... You make a competition, there's a winner.
And then, they're fired?
They're fired. The one who took it is private. If you win in Indonesia, you'll be challenged again in Southeast Asia. Southeast Asia to Asia, then Asia, and then you'll be challenged in the US. Every year, you see talented kids from there. So, if one of them suddenly gets an offer from Cambodia, or the mafia, or a terrorist, and the offer is big, they can move there, right?
Because they are not kept by the country.
Right. And many. And many. And the regeneration is successful. So, there are many competitions of that kind. Dan banyak. Dan banyak. Dan itu regenerationnya berhasil. Jadi itu lomba yang sejenis itu banyak. Bukan cuma saya berjuara. Itu banyak. Dan regenerationnya berhasil. Jadi anak-anak SMP mulai belajar, anak-anak SMA sampai kuliah itu,
tiap tahun itu ada orang-orang baru. Dan itu kelihatan mulu. Jadi terakhir itu ada juga lomba itu ya... So, in the end, there was a competition. One of the famous campuses in Jagauan was Binus. The winner of the talent to capture the flag. If you say that the police were deceived yesterday, they were deceived until they pressed the count, and said, I want to go to Biorka.
Biorka was posted again. Have you ever experienced this situation? You've been dealing with police, right? Have you ever been asked by the police to help professional hackers to catch Bjorka? I was offered to be a consultant in Mabas.
But I didn't want to.
Okay.
After that, I just did it because I had the guts. I didn't take any government projects. I didn't continue my career there. Okay, but did you have any friends? Yes, I had. Many fans, especially the police, have always been using third parties.
They always use third parties because the investigators' skills haven't arrived yet. So they use third parties, but...
But if they use third parties, it means they can also be worked with by third parties.
Yes, the third parties... The government is like that.
If they use third parties, they can be worked with by third parties.
Yes.
I forgot the case, I just posted it yesterday, in 2022 Mahfud MD came out and said that Bjorka has been identified The one who was arrested, the son of Madhijono, is the ice seller I just read it again yesterday Bjorka posted a fake I just read it again, Biorka is a posting by Ledekin. He told us that this kid was arrested based on
information from vendor A. So, he told us that you are working with this vendor.
Oh, so that happens.
So that happens, right? And there are a lot of incidents. That's why it's hard, being an investigator is hard. Like, when you do something wrong, and you give results, the impact can be... So, it's hard to be an investigator. Like, when you do something wrong, and give results, the impact can be...
Other people?
Yes, it can be other people. Is it because the investigator is less knowledgeable than the biologist? Or is it because the investigator is also a friend of the biologist, and doesn't want to tell who the biologist is?
It can be.
It can be.
It can be, right?
But, I think it depends on the method used. As simple as, every time there's data, it has to be verified. It can't be like when you use one sample data, you only have information that comes from one source, then you immediately make it as a final report. That can't be.
If we arrange the report, there's also a positive or negative spot. There must be consideration for that. So, you think the police were too confident? Well, I don't know. Maybe because there's no achievement so far, so maybe it's necessary.
Oh my, oh my, oh my.
Okay, bro, but is there any of your friends in the community who joined? I don't know if you can tell me this or not. But I mean, any of your community friends who joined and wanted to know who Bjorka was? Or was there a war? Or were you afraid of Bjorka's character that could attack you all of a sudden?
I don't know, I think the cyber security war is like the war of the ants it's not true, we don't know anything, suddenly we get attacked
suddenly we get attacked, one attack from there, one attack from here
like in the beginning of the appearance of Bjorka one of the investigators in Open Source Intelligence wrote about him I think I saw it before about who he is, the same as the previous case, where there was a sign that said, Saini Hunter. But I see the trend, the trend is that,
with the emergence of Biorka, the community members are supporting it. That's it! That's it. Because it's funny, right?
We see it as funny. Because we haven't had this kind of entertainment for a long time. There's funny. So if you're asked if any community members have decided to attack or... Attack or to open up to anyone, I think it's cool. Just leave it.
Just leave it. We're doing our own work.
Because it's fun. We think it's fun. Fun or even making the name of the hacker?
Making the name of the hacker too. Is it for fun or to make the hackers more famous? Yes, to make the hackers more famous.
Yes, there's a guy, he's my friend, he has a company in this kind of business. He said, you should do more posting, it's good for us to sell more easily. I don't have a business, so I'm like... But the industry finally felt the impact that... ...the awareness of the private sector or government like cybersecurity. In the end, it went up.
And as you said, when we did the podcast, that private sector is more resistant. It's better. It's better. Because why? Because they want to pay more? Because the rules are not fair.
The rules are not fair. The rules are not fair. You talk about the context, we talk about one regulation called PSA. PSA is when the private sector is affected, it is punished.
The private sector is affected, it is punished. Oh, if the data comes out of the private sector, or I mean the private sector, then there is a punishment.
But if it's from the public sector, there is no punishment.
I just found out.
That's why the private sector is forced to... If you don't follow, you will be punished.
Because it's dangerous for them. And even if your name is released, for example, from a company, your name is released, sold, bought, etc. We are entitled to money too, right?
Yes, that's right. But that doesn't work in the public sector. If you look at my notes, most of the data leaks are from the public sector. But there is no impact on them. We talk about PSN as simple as this,
one of the social media was removed. Because it was considered not compliant. That only happens in the private sector. Yes, that's also the private sector. Oh, in the public sector, it was forgotten? I don't know. It was a regulator and a player.
Okay. We've talked about Bjorka once or twice. We've met and talked about Bjorka, but we've only talked about Bjorka once. We see it like this. It means that if someone like Bjorka is really evil, he can be really evil. He can. But now he is just playing with data. Is there any possibility, in your opinion,
from the police or the government, to arrest Bjorka, is that possible?
Or do you think, just forget it, if you want to arrest Bjorka.
In my opinion, it's possible. Because, like outside, there are many Bjorka's detainees. Bjorka was previously active in one of the forums, called the Red Forum. The Red Forum was then arrested.
When you're arrested, you're arrested with special abilities.
Autistic children. they're autistic children with special abilities.
They're really good. Then, he was arrested, the one who ran the forum. They made a new forum, called Brave Forum. The admin's name was Pomporin. He was arrested again.
Then, the next admin was arrested again. So, it's just possible.
And, sorry, are there a lot of autistic children? A lot. So it's possible. And sorry, are there a lot of autistic children?
In some cases, there are always cases like that. So the last one was the one who was on Twitter or something. When he was arrested in London, he had special needs. And the reformed army also had special needs. So when he was arrested, they asked for compensation for the trial.
Because our client had special needs.
But if he's a Nasboy autism, he's so focused on that.
That's why. It hurts them more. Our ability to learn is lost. Because they have different ways of raising children. The type is at a higher level.
I didn't know that. There are many cases like that. The breed is different. The species is at a higher level.
Wow, I didn't know that.
There are many cases like that. The average child, based on the data, is under 20 years old. And there are several cases like that.
Under 20 years old? Under 20 years old. I'm curious. For example, you're a white hacker. Or we talk about other hackers. How does a child suddenly want to be a hacker?
It's different from me wanting to be a gamer. If I'm a gamer, I want to play. Suddenly I'm happy to be a gamer. But how does someone become a hacker? I want to be a hacker.
Usually, the curiosity starts when you figure out how a system works. For example, you're playing a game. You're playing a game and you're looking at how people make games. Usually, from there, they want to know about the process. Because in cyber security, we're there. We're actually looking for the cracks in the process.
There's a system that's working, how do we break this system? If you want to know how to make a game, it's not like the ending of becoming a programmer. Yes, the door is usually there. When you know how to make an application, how an application works, from there you can learn more about hacking.
My journey started from there. I started from playing games, then I met people using cheat. Then I met someone who uses cheat. I was curious, so I used cheat too. It turned out to be good. So I learned how to make cheat.
Okay.
I made the cheat, I could do it.
Cheat itself already breaks the wall, right?
Yes, it already breaks. After that, I automatically learned programming. From there, I learned hacking. I learned a lot from hacking. The door was always open. I was always curious about how a system works. And can everything be hacked?
Well, it depends on your belief. Because, up until now, when I wrote a report, I wrote it. As a consultant, I write it. This report doesn't mean that this system is 100% safe.
Because there is no trust. 100% safe. So, you as a consultant, you can't be sure that it's 100% safe. Because that's the trust in the whole world. Like, you Google, you're not good, let alone the teams at Google. And they still open a bug bounty program.
So, they invite the outside to come to our task force. If you find something, report it, we'll give you money later. That's the belief in security.
To test our security, basically.
That's the average world company that has run that program.
Because somehow you can miss.
Yes, because even though I have a good team, but... There's a point of view that you don't know, you can't see it. 1% is only impactful. For example, they claim only 99%. 1% that is missed, that's it. That's why it's done in foreign companies.
And can people learn to be self-taught?
Yes, you can learn to be self-taught. And now there are many free classes. I don't recommend taking paid classes. But still, you should follow it. Because in Indonesia, there are no people who take paid classes. I don't understand. Why don't you recommend taking paid classes?
It's a pity. Because many of my friends may are not able to afford it. So they can't learn. Meanwhile, there are still many places that provide free resources.
But there is a paid class?
Now it's bad there. So the more the industry is visible, people are making a paid class, but the material is bad. Oh, the material is bad. It's just promised. Yes, the material is empty, but it's sold. I'm to provide free resources. If you provide free resources for hacking, won't the ending create...
new Bjorkas? Or how about the context of your free lessons? If you provide free lessons for hacking, it's dangerous. Bjorkas will come again. There will be a lot of them after this, Garanda. So, the name is Ethical Hacker Indonesia
Ethical Hacker Indonesia is...
Ethical?
Ethical Hacker Indonesia
Oh, ethical, right?
So, it started... It was made because there were still many cases of children being caught Back then, there were still many children looking for confession So, they would write it down, put their names a bag, and then put their name on it, and then they would show it off. Back then, that was done.
Our generation also did that. But the difference is that it wasn't caught. Because back then, there was no IJT, and all that. Now, if the current generation does it, they will be caught right away. So, we had to advocate for cases like that. We gave them legal assistance. And I thought, it's tiring if we give more cases like that.
You gave them legal assistance? How did you defend people who were corrupt? Because the motive wasn't that all of them were bad. There was one case, in 2019, it was hot in Pemilu. There was a child in Sumatra. He was a good person. He found a safety net at the KPU.
Then he reported it to the BSSN.
That's good then.
He reported it. He was accepted and thanked by the BSSN. The second report was reported again. Thank you again. Suddenly, he was picked up by the police.
Idiot!
Even though he wanted to help the government. He was picked up by the police. Idiot! Even though he wanted to help the government.
He was picked up by the police based on a report from the KPU. Eventually, he was arrested.
Oh, shit.
We're afraid of many cases like that. But if it's purely criminal, I don't want to help.
Of course. But what happened to the other one?
Eventually, we gave him legal aid. He ended up with mediation. But the good name is not repaired. But that's the same as Google bug hunting. It should be like that, right? Okay, let's go back to before.
So you've given legal assistance, and then there were a lot of people who to show off their names and so on. We want to change the trend. The trend is that Indonesia has always been known for having many black hat communities. So, learning hacking is directed to those who do it. We are directing those who have the ability,
rather than being used for those who are at risk, it's better to be used for one, for example, to join a bug bounty program. Or even to work in the cybersecurity industry. And eventually, slowly, it succeeded. Now, the awareness of children is like, Oh yeah, rather than being weird, it's better to join a bug bounty program, get money.
So, we rarely hear about children getting arrested. But isn't the bug bounty program by certain times? There are certain times. No. It's been running forever. Many companies around the world are running it.
There's even a platform that's been made to connect between the company and the hacker. There's a platform.
So, this job is still there?
It's still there. So, as simple as you want to be a full-time bounty hunter, you can.
If you're good at it?
Yes.
And you don't have to be very good at it. Sometimes, the cracks that are found are weird. As simple as I've read, I often read people's writing, like they found a crack on Facebook. A simple crack. But we don't just click.
As simple as if someone gave you a timeline. You have Rails, I can change your timeline.
I think I've read that.
He got paid hundreds of millions. That's just a simple parameter change. But it can be dangerous, right? Yes, the impact is that. That's why the evaluation of the reward is based on the level. Where is the impact?
If the impact is bad, then the payment will be higher. Oh, is that an Indonesian? No, it's an Indian.
Indian.
Cool, the Indians are good. India is currently all the lines we can see that there are a lot of OCOs and in cyber security there are also a lot of Indians I think there are a lot of Indian gamers too technology is being cut off by them
Bro, if for example, these are the kids now, if they want to look for... My question is this, can a hacker, a white hacker, be able to make a living if he doesn't make negative?
Yes, he can.
He can?
Yes. As what? A consultant like you?
Payment, it's been known for a long time, Can you? Can you? Can you?
Payment is already known. The technology industry pays more than others. I see. And if you are not doing side projects, you can work in a company, and then take a side project.
Because he can not only hack, he can also help not just hacking, he can help with the program, he can help make security program, he can find bugs. There are people who are full-time, working as an analyst or consultant, but in their free time, they are looking for bugs.
There are also people like that. Do you know the number of young people in Indonesia? A lot. Like the campus, we talk about data. The average graduation rate in the technology department is only 20%. Graduates and then working.
So 80% of them are hackers? No, 80% are unemployed. Or they don't have a career in that field.
So they learn to be hackers?
I don't know. That's why it's important to direct people to the right path. If not, there will be more people like Bjorka. We are actually fighting against that trend. But because of the we were taught. So, it's funny.
If we were taught differently, it's different. If you look at Bjorka's way of working, you follow him from the beginning. Do you have any idea, in your opinion, how old is this kid? How old is he?
I think they're still in their teens. Just like the data, they could be under 20 years old. If they're really adults. Because I read that they're very reactive.
They're still narcissistic?
They're very reactive, like exploding. Unlike the older guys who are already...
Yeah, yeah. Direct reaction, right?
Like being choked.
Even though he's funny.
Yeah.
I'm still pretty sure that he's a community kid. I think I know him. I think he's not that far. He's probably just this and that. Because in this industry, if we have a job or anything, we meet people who are just that.
For example, Bjorkan, he's hacking one data. Is it really unknown, like the IP address or something? Or is it all hacked first? It should be known. Because the lock access is still there. Right?
Then?
I don't know if the infrastructure is correct or not. Sometimes people make a system, but the infrastructure is not properly arranged. As simple as lock. Lock access is there if you don't configure it. Usually, lock access only lasts for a few weeks or months. And then it's gone.
Okay.
That can happen. Or there are even cases that are not configured at all. Sometimes, there are cases like this. I usually handle cases. For example, there is a mail case. The first time we audit it, it's locked. We audit the lock, find out where the door comes in.
Then what does he do? All of that is knowledge. We audit the logs, find out where the door is, and what they're doing. We know everything. That's when the infrastructure is well-organized. Sometimes, people are like, where are these things? We don't know. Especially when we talk about the government context, it's even more messy.
I've been to one of the institutions. They showed me that they have cyber security. I don't know if it's good or not, but I was shown. And in cyber security, they have... I think it's not good, because it should be more luxurious. There are only two big TVs,
and there are four people sitting with their own computers. more luxurious than that. There were only two big TVs,
and four people sitting at their computers. The installation explained what happened at that time. They looked at the direction of the arrow. I didn't know if what they were talking about was true or not. But at that time, I was surprised because what they said was, like this, this is an attack from Jogja. This is an attack from Jogja, how many troops are in at this time?
This is an attack from Solo, how many people are attacking us here? This is an attack from Jakarta, this is an attack from where? Is that true? Or was I lied to? Yes, like that, it seems all of the institutions have that. The comment centers are definitely long. For cool people. Actually, there's nothing.
Because of the attack.
So there's nothing?
Yes, because of the attack. You have a website on the internet. There must be someone who has tagged it. Because there are a lot of people doing auto-scanning all over the world. So even if your website is empty, it's still scanned. So, there's nothing. If you display visualization,
everyone will experience it. Except for what you display, there's an attack, but what's the impact of the attack? That's better. But for that, it's cool, there's an attack. Visual, for the sake, it's visual.
For the sake of visual, it's the end. Wait, wait, wait. I still don't understand. So, it means that wherever the attack is, it's always there? The attack is targeted everywhere. Because of bots? Because of bots and automation.
So, for example, they create a bot, they just spread it everywhere. What's weak, it goes in. Even until now, the platform that connects the hacker and the company, until now, the first rank is Canadian. This Canadian, every day he does the bug bounty activity, the capital is automation.
So, he has already run the automation, later he just needs to see the results. Then, he reports it. Then, he gets rewarded.
Huh?
So, a lot of automation has been used everywhere. It's as simple as this. Suddenly, your company wants to make a web. Ask the DevOps or the admin. Try to open a log. After a few minutes of launching, there will be a traffic that will be sent.
Because it's automatic? Automatic. Especially now there's AI. AI has its own crawler. So, it will definitely be sent for scanning. Especially the auto-scanning related to cyber vulnerability. It will be scanned.
So, wait a minute.
This is crazy.
So, assume I have a machine. Then this machine will spread. To almost all websites.
Almost all websites.
As long as it can be accessed on the internet, it will be included. Okay, so if my machine runs, for example, 1000 shots per hour. This doesn't need to be in Indonesia, it doesn't need to be anywhere. It can go anywhere. Okay, as soon as I get it, oh, there's a cell phone. Then I play.
And the one who has the machine is not just one person. So finally when I saw the board, I thought, there must be a lot of people. As simple as that, there is a search engine that you can find the weakness from there. It's called Sodan. You just need to enter your target country, Indonesia, and then the weakness is listed by it. You just need to work from there. Just dig from there. If your target is Indonesia, and you list the weaknesses,
you just have to work from there. You just have to work from there. That's it. That's the real case. If you look for ID countries, there are a lot of them. That's why there are a lot of arts in exploitation now. It doesn't have to be long or long.
Now there are a lot of additional tools that you can use And it accelerates
Okay, isn't the context of the tools negative?
No, because it's a search engine You have a bad system Then it's just indexed by it These are systems that are clear
Is it legal?
Well, in Indonesia, I don't know. Maybe it's because of the credit card. But not in other countries. If it's legal in other countries, because it's as simple as Google. Google crawls everything, right?
It's the same. The difference is that it's like Google but for crawling, it's considered a security breach. Because it can be used for positive too. Yes, because the purpose is to prevent, mitigate. So, if from our context as a service provider or the one who makes it, you can use it for prevention. For example, if our asset is exposed here,
then the access is closed. The purpose is to prevent, but it is used by more criminals. Yes, of course. In the past, people said that the thief was smarter than the police. If the police had the tools, the thief would have more tools. Is that also working in the hacking community? community. I think until now, they are still smarter than the law enforcement. But we haven't reached the point of disturbing the voters, right?
Not yet.
Like outside, right?
Outside, in the US, Russia.
I don't think we've reached that point. Because maybe, but in the KP, there are always some disturbances. But there is a narration every 5 years. Not only in Russia, but... It's always there. It's called a country.
It's there. But the narration, the real catch is not there yet. Because you attack. If one of the candidates loses, the narration is not yet. Because you attack. If one of the contestants is defeated, the one who is always promoted is the narrator. This is attacked, the data is changed.
Only the narration. But if the real event is not yet. The real case has not yet been proven. Never. Okay. And you ask me, I'm stupid.
Because the KPU is really strong or because I'm lazy? I've read it before, but I don't know if it's true. But the system... But there are so many names. I know the system of calculation. It's not like you change it here, it automatically changes everything.
So, it's like you change here, it automatically changes in everything. So, it's like you're talking about this, it's not like that, it's not like decentralization. So, you change this, then the others are replaced. No, so it's just there.
I don't understand what you're talking about.
So, like, what was it called before? Accounting, right? AP, LV, LV. I don't understand what you're talking about. You're talking nonsense. The regional data is collected. It's collected and then it goes into the system, right?
Correct. If I change the value of the system, it's only in one place. Oh, it's not integrated into everything.
It's not centralized.
So if you want to do a bobol, the effect is to do a bobol like that. But the system is already designed. Because they already know the prevention. If they think we're being bobol, and then people change,
it can be over. Okay, but why can it happen outside? What do you mean? They say in America, the accusation is being hacked. In America, it's not like that. In Russia, the way they play, which I follow,
they play in the previous election. Not in the election. For example, when Clinton vs. Trump.
Doxing, you mean?
No. Hillary Clinton's email was shared on the internet. Oh, so she was playing the narrative.
Doxing, right? Oh.
That's how Russian interference in the US is. They use their great powers to discredit.
Not the result of the election.
Because until now, no one uses e-voting.
Using what?
Using e-voting.
Oh, yes, yes.
And it's interesting, don't do it either.
Because the danger is that it can be like that. Oh, I understand. So, it's hacked into the personal data of the person. It's searched for the bad things, and it's distributed as a doxing. And it works, right? Hillary Clinton lost. Yes.
It's mixed with the hacker's hands. It can be there. It's more effective. In Indonesia, there's no war yet. Like two candidates fighting, and one of them attacks the other. One candidate hasn still not there. I want to expose the political gangsters.
If there are hackers, they are still not there. That's not from hackers? No. Yesterday, someone named that. It came out from the old Kaskus. They said they were chasing this crazy guy.
You know.
That's not from hackers too?
No, it's from Twitter. with this crazy guy, you know. That's not from a hacker, is it?
No, it's from Twitter. The first time I posted, oh, this is A, this is my account.
Yeah, yeah, yeah. It doesn't need a hacker, does it?
No, because he's just stupid.
Wow, okay. Now, I want to ask you this.
What do we need in Indonesia to make this happen?
Or we can just give up?
I'm confused. I'm confused too. We've done this podcast a few times. Is there any progress in the podcast? No. There's no improvement. The last two cases were really bad. We've been here a few times, we watched millions of times.
There's no improvement at all. Oh yeah, that's right.
Why, Gu?
Why, Gu? Is it okay?
Or is the cost too high? Or what? Maybe because it's a bit of a waste of time.
Maybe it's because it's a waste of time. Why, Gu? Is it because... Whatever, or is it because the cost is high? Or...
What?
What? Maybe because... There's no awareness that...
How come there's no awareness?
You've been told so many times, but there's no awareness? Awareness is at the higher level. Like before, maybe the rules... When in the private sector, it's fine, but in public sector...
Oh, so you think it's fine, but in public sector, it's not. So, it's not a problem.
Actually, the government has a regulation, I forgot the number of regulation. The point is, when you save something, save data in database, it must be encrypted. Based on the case of data leakage that happens repeatedly, the data is never encrypted.
So, the regulation is there, but they are not implemented. So, the data in the government is not encrypted? Yes, even though the rules of comdigi are there. It used to be cominfo. It states that when the data is stored, it must be encrypted. Encryption is when it leaks, so it's okay.
But there are times when the data leaks. Even yesterday, the COVID application claimed that it was encrypted. But when it leaked, it wasn't encrypted.
They said it was because the code was 1234.
That's how it is. And when they have rules, they don't follow them. And there's no punishment. We need to fix it, not only from the technology side, but also from the legal side. How difficult and expensive is it to make a system that can be encrypted? It's very easy if it's just an encryption.
It's very easy? So, according to you, there are data that were leaked in the news yesterday,
and it was not encrypted at all?
It was not encrypted. Because we can see the data, but it was not encrypted. The data sample that was released was not encrypted. You can read the full nickname. You can read the full name. You can read all the addresses. While we only have WhatsApp, the data is already encrypted.
Yes, end-to-end encryption. So when it's accessed by the third party, it can't access it. It can't read it in the form of a chain. But what if there's a corruptor and so on. Then he can get WhatsApp conversation data. If it's already in Encapsia.
Well, it's different, it's different to other tools. It can also be a case if he can access physical devices, he can just pull the data.
Can it be like that?
Enter the physical device.
Yes.
How to enter the physical device? Is there a tool to enter the physical device? Indonesia already has tools. Masuk ke perang kondisi. Bagaimana masuk ke perang kondisi? Ada alat untuk bisa masuk ke perang kondisi?
Indonesia sudah punya alat-alatnya. Alat-alat buatan Israel. Yang orang terkaya di dunia saja kena.
Itu benar nggak sih? Kalau gue dengar ceritanya nih, misalnya gue bawa alatnya nih.
Gue nggak usah ngapa-ngapain. Gue deket aja sama yang lain pun. If I bring the tool, I don't have to do anything. I just get close to the phone. I'm attracted to the data. I don't know about other types of tools. There are even tools that are affected without interaction. You don't need to interact with the victim. Sorry, you need interaction, but you don't need the victim to do anything. It's already affected.
So I just come close to you.
I just pinch you a little. I just need to pinch you a little bit. Simple, right? I just pull your data. Yes, technology is scary. So if you want to be safer, don't use technology.
Just use Nokia.
It's safer.
Because the phone is the phone that the operator has. SMS. SMS is even more dangerous. It's true, using the mafia method. Meet, talk. But if for example, there are applications,
for example, is Telegram safer than WhatsApp? Is there anything else? For example, what other applications? Signal, for example, is it safer? Is it true that there is something safer if we use it? Yes, the context is that if your cellphone has moved to another person's hand, it's definitely not valid. But based on the data that has leaked,
the FBI data or NSA data, that the applications mentioned earlier have been leased. That they can also get it from there. So it's just for free. If so, it's also free to encrypt. That's why it's like, yes, that's it.
In fact, technology is not something that can be trusted. For example, I'm messaging you, and you can delete the message.
How is that?
I experienced that. It can be recovered.
It can be recovered?
You experienced it, it's not good. It can be recovered and done in Indonesia. a Isn't that the responsibility of WhatsApp or the apps to prevent that from happening? If not, then the last... ...when there was a discovery... ...there was a discovery in VoIP. So the call was in VoIP. So the call was, there was a call, you just simply call me, you don't answer, you're already hit.
How? How? How?
So I want to... You want to call me? I want to target you. I just need your VR number. I'll call you. You don't even have to answer the phone. You've been hit. I don't have to answer your WhatsApp call? Yes, you've been hit.
You got my data? Yes, you've got control. There was a gap in the past. That was used by a tool called Pegasus. NSO group. That's what was done by Meta
They can only report Google to the US Meta and Apple, Google, NSO Group Yes, related to that activity Why didn't Meta and Google make a reinforcement so that it can't? Apple has done that I don't know about Meta
Apple after the case, now has a feature called Lockdown Mode so when you turn on Lockdown Mode it will be a little annoying because it turns off some functions but it helps to prevent Pegasus malware from entering but what does it that turns it off?
It's like the feature, Jim. Like when you browse, there are some features that are turned off. Because it's for prevention, so automatically the access doors are closed. So there are some features that don't work. It's just like that. In some cases,
Apple in some countries even gives even notified the users. When they detected that the user is a victim of malware, they immediately notified the users. So, that's what Apple has done. For Meta, I think they just patched it. Or there was a security breach, and then they just closed it.
What about Android?
Android? I don't know. Because Android has a lot of vendors. So the operating system is one, but there are a lot of vendors.
It depends.
It depends on the brand of the phone you're using. I use Android, one of them, now WhatsApp has a defect detection. So, the different vendors are made... WhatsApp has a user named WhatsApp Mode. If you meet someone using WhatsApp Mode,
you delete the chat, so he won't be deleted.
What?
Yes, like that.
How?
I use WhatsApp Mode, we chat. Where is WhatsApp Mode? It's in the application that's not in Play Store There's a feature, so WhatsApp The APK? Yes, WhatsApp is remade with additional features
It's released to the public and there are many users So if I chat with you, I use WhatsApp Mode You delete your chat, I won't delete it
Damn!
There's an application, that is unique like that Yes, it's the same as Telegram Telegram has a lot of applications everywhere Basically, there is someone who creates an apk This apk
adds features But how can he make a WhatsApp apk He must hack WhatsApp first He doesn't hack, he just changes the application Just like social media has a lot of modes Twitter has a mode, it's as simple as
Twitter, if you don't want to get ads, you have to pay There is a whatsapp, sorry, twitter mode is released You don't need to pay, use this, later all the ads will be deleted
Oh, because it's open source?
yes, it only needs to change a few the point is that the application is just torn apart
crazy
but what makes it can be bad too
what makes it can get our data yes, that's why the fear is there when we use the modified version. There is no guarantee.
There is no guarantee because WhatsApp doesn't want to take responsibility.
And when there is anything, don't go to WhatsApp. This is my question. If you want to chat with your community about about sensitive topics, what do you use? No, I don't use chat. I meet...
We just want to know, we want to know.
We can learn, like, oh, this is safe. There are some applications that can be used. For me, the trend is to avoid the mainstream. If the chatting application is less used, it's better. As simple as when we talk about the content, you're in Indonesia,
applications that are already known by law enforcement agencies, for example, WhatsApp, Signal, etc. You just have to avoid it. So when targeted, they don't know if you're using the A application. So look for applications that are not rarely used. Rarely used?
No one uses it, my friends. Yes, it depends on the agreement of two people. If you want to communicate, we just use this. Or you can use the Google Docs application. You can also chat on Google Docs. Or in the game. There are many alternatives.
Is there a chat application in Indonesia? I don't know, I don't think there is. There was before, but there is't think there is any application.
There isn't?
Yes.
Chatting using Shopee.
You learn from people who cheat, it's funny. Chatting on Tokped, chatting on Shopee. On Google Docs. Yes, that's right. They are smarter, right? Yes, it means that the corruptorsors are smarter than people who cheat.
It's true that people who cheat use that.
They have more brains.
Yeah, that's right. Corruptors are smarter. What do you think, Gu? This is the last question. I'm sorry if I'm talking too long. What do you think see what happened yesterday?
That's it. I want you to have a good time, you have a good feeling, whatever it is. I think we've discussed this a few times, and then yesterday, you got caught.
Right? I think, I think the police should be more careful Because when they arrest someone Based on a report, they should verify all the information first Don't suddenly arrest A, confess who he is
Because he has this account Then suddenly you confess to saying that Even though in fact they playing it safe by not guaranteeing anything. But still, indirectly, they claimed that the one who was arrested was that person. And then...
But is it true that they said that was Gyorka?
No, they were still playing it safe. Playing words. They were not playing safe, but Humas mentioned that the actor had an account, etc. The media was already talking about it. The police arrested Bjorka. But when the police arrested him, shouldn't they psychologically see him as a punk? Wow, you know, but I think I'm gonna policy could eat and I'm complete to harvest a secure a psychologist
Melia bow yeah
Yeah, I'm sorry. I call America, I'm a man around the be done in the yeah, I'm gonna roll a jam or a data. Oh, I'm gonna roll a moron Okay, I'm gonna let video and I go down. Yeah, I'm gonna come up one technique Now to policy can happen I put me a to get a little more more on the Why doesn't the police have that? You talk to people like...
Because you don't want to be asked to help the police.
If they're right, then I'll talk to them.
Oh my!
Because if it was the other day, it means it's not right. If there are still cases like that. So what was it? Continue. How was your impression? So, what happened? So, they were all caught, and then the one who was involved reacted, and it was funny. Even though the reaction was old data that was leaked, but it was still funny.
So, the public started to ask questions. It means that the cases are repeated. People are caught, and then it turns out that the one who was arrested is not the one. But the conversion is not appropriate. And again, it's back to... And it can become a long-term illness.
Who was arrested, who was wrong.
But that person is also wrong.
Yes, because based on the report from the private bank, it's harassment. He's harassing.
Even though he's not the one hacking.
He's harassing by using other people's names.
Oh my God.
The poor thing is the bank. So what are you doing? He reported it, but the intention was to clean it up. But then he was caught, the mess was just like that. It didn't have any impact. Because this kid didn't have technical skills.
Maybe they were just bothered by the narrative. Maybe that's what happened.
But the police were the ones who were affected.
Yes. And the bank was also affected. Yeah. And Bang Satu was also affected. They were being beaten up. But when the police is not sure, they don't have to compel them. Yeah, it should be like that. You were in a hurry, right? You were taken to Slavosi, then sent to Jakarta.
The inspection was only a short time. You were trusted with the narration or the narrator's explanation. It means that the validation is not done.
But do you think the narrator also said, yes, I'm a doctor. Can it be? It can be, right?
Yes, it can.
It's embarrassing, I mean, I'm already caught.
Yes, that's me. I mean, I'm do it. I'm embarrassed. I've been caught. Yes, that's me.
I've been caught. If I were him, I wouldn't be like, I'm not just anyone. I've been caught too. I'm the one who copied Bjorka's pasta. I'm embarrassed. If I were him, I'd be Bjorka.
I'd admit that I'm Bjorka. Who knows, I might get a job after that. Oh, man. So, the point is, we have to be more careful.
If not, we'll be like that forever. It's funny, because you can't joke around with people like that. It's scary. The way they play is like you're joking with a squirrel. When they do something, the opponent will come. Because in other cases, the police might play in bad ways.
In cases like this, you're fighting data. So when the data is not right, the public already knows. When it's caught, the public immediately reacts. I don't think it's Bjorka. But before Bjorka tweeted or revealedweeted, no one believed it. But there were comments that were funny.
I don't think it's Bjorka. That's why no one believed it. Because... One person who was caught like that, and the trust in the organization is not good. Yes.
And the person is not representative for Bjorka. We don't know who Bjorka is, we don't know what he looks like, but I think it's not him. And it's proven that it's not him. Or it could be true.
He's inside. He's inside, he's hacking, and then he leaks it.
That's crazy. He's using a police's phone, and he's tweeting again. I I think the police should take action. We're talking to Bim. Bim wants to talk to me.
This is Teguh Aprianto, cyber-ethical hacker. This is Teguh Aprianto, cyber-ethical hacker. Where do you work?
Get ultra fast and accurate AI transcription with Cockatoo
Get started free →
