See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/311893981

A survey of cyber crime in Indonesia

Conference Paper · July 2016

DOI: 10.1109/ICTSS.2016.7792846

CITATIONS READS
4 345

1 author:

Rizqiya Windy Saputra

Merchant Marine Polytechnic Malahayati Aceh
9 PUBLICATIONS   6 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Smart System View project

All content following this page was uploaded by Rizqiya Windy Saputra on 20 June 2018.

The user has requested enhancement of the downloaded file.

 2016 International Conference on ICT For Smart Society
Surabaya, 20-21 July 2016
ISBN : 978-1-5090-1620-4
A Survey of Cyber Crime in Indonesia

Rizqiya Windy Saputra

School of Electrical Engineering and Informatics
Bandung Institute of Technology, Indonesia
Email: rizqiya@students.itb.ac.id

Abstract—Increasing user of the Internet in the world is going
rapidly, by the same condition in Indonesia now days. This
increasing is triggering the vulnerability of securing information
technology advantage and user privacy. The vulnerability in many
security and privacy protection caused cyber crime to be happen.
Not existing of the right policy for cyber crime is becoming
the major problem. In this research, we try to collect many
information about cyber crime in Indonesia and embrace it to
be a paper.The information collected from questionnaire, articles
and papers related to the cases. This paper supposed to explain
cyber crime by Indonesia perspective, type of cyber crime, some
study cases and many prevention majors. And finally, this papers
can proposed a new policy related to cyber crime for government.
I. I NTRODUCTION
Internet is the most important things today. Every works
was doing by using Internet. Since 2010, Internet user in
Indonesia has been increased from 21.1% to 28.1% in the end
of 2013 and still continue to grow in many years forward[1].
People use Internet in many aspects of helping their life.
Automatic Transfer Machine(ATM) used for taking money,
mobile transaction (e-banking), on-line transaction/trading (e-
commerce), e-business and e-government are some of example
from advantage the Internet that involve many transaction
between users. Although, Internet had already become a com-
mon platform as the important things for Indonesian in most
activities, but the security and privacy issues still become the
problems appear and both of them need to be protected in
electronic transaction.
Many articles define the term of cyber crime. Cyber crime
is all about the crimes in which communication channel and
communication device has been used directly or indirectly as a
medium whether it is a Laptop, Desktop, PDA, Mobile phones,
Watches, Vehicles[2] or cyber crime is the use of information
technology to carry out the criminal acts[4]. Both definition
give us a brave conclusion that cyber crime is every crime
use information technology directly or indirectly for getting
profit or not. Tapping email account, Personal Identification
Number (PIN), defacing website, cheating and many violations
of privacy right are common Indonesia cyber crime.
Indonesia as one of development country has large popu-
lation and as mentioned above only 28.1% people use Inter-
net. Although, Indonesia has small percentage in Information
technology using, but criminal level in cyber is not as small
as percentage user. Based on State of Internet 2nd quarter
report 2013 Indonesia reached first rank as the country source
attack[7].
However, defenders have few tools to handle the situation
in a timely an effective way. In the cyber space, it is easy to
initiate attacks and fly under the radar, and hard to identify
attackers and trace back attack sources. The vulnerability
of the cyber space firstly roots at the Internets non-security
original architecture design as a private network back to the
1960s. Secondly, as the largest and the most complex man-
made system in human history, our understanding of this
giant system is limited or even incorrect so far. Thirdly, the
anarchism management environment of the Internet is hard for
large scale collaboration against cyber crimes. As a result, the
cyber space has become a heaven for intelligent criminals, who
are motivated by significant financial or political reward[3].
Therefore, we purpose a survey of cyber crime in Indonesia
and its connectivity with the Information and Electronic Law
(UU-ITE) 11/2008. from the leaks of Indonesia government
laws, this research try to recommend many newest policy
related to cyber crime cases now days. This Paper will start
with introduction in part one and continue with some definition
need to explain about cyber crime. In part three and four, this
paper will discuss some UU-ITE 11/2008 regulation and some
cases of cyber crime related to the laws. finally, the part five
will give the conclusion of this paper.

Fig. 1. Indonesia Internet User[1] Fig. 2. Country with most provided cyber attack[7]

1
 2016 International Conference on ICT For Smart Society
Surabaya, 20-21 July 2016
ISBN : 978-1-5090-1620-4
II. T YPE OF C YBER C RIME AND I NDONESIA C YBER L AW
A. Type Of Cyber Crime
Australian Institute of crimonology states there are 9 type
that can be categorize of cyber crime[8]:
1. Theft of Telecommunication Services
some types of service theft are including capturing
”calling card” details and on-selling calls charged to
the calling card account, and counterfeiting or illicit
reprogramming of stored value telephone cards
2. Communications in Furtherance of Criminal Conspir-
acy
There is evidence of telecommunications equipment
being used to facilitate organized drug traffick-
ing, gambling, prostitution, money laundering, child
pornography and trade in weapons (in those jurisdic-
tions where such activities are illegal). The use of
encryption technology may place criminal communi-
cations beyond the reach of law enforcement.
3. Telecommunication Piracy
Digital technology permits perfect reproduction and
easy dissemination of print, graphics, sound, and mul-
timedia combinations. The temptation to reproduce
copyrighted material for personal use, for sale at
a lower price, or indeed, for free distribution, has
proven irresistable to many
4. Dissemination of Offensive Materials
Telecommunications systems can also be used for
harassing, threatening or intrusive communications,
from the traditional obscene telephone call to its
contemporary manifestation in ”cyber-stalking”, in
which persistent messages are sent to an unwilling
recipient.
5. Electronic Money Laundering and Tax Evasion
With the emergence and proliferation of various
technologies of electronic commerce, one can eas-
ily envisage how traditional countermeasures against
money laundering and tax evasion may soon be of
limited value
6. Electronic Vandalism, Terrorism and Extortion
terrorism can access technology easily. it will increase
number of possibility the crime to be happen.
7. Sales and Investment Fraud
As electronic commerce becomes more prevalent,
the application of digital technology to fraudulent
endeavours will be that much greater. The use of
the telephone for fraudulent sales pitches, deceptive
charitable solicitations, or bogus investment overtures
is increasingly common
8. Illegal Interception of Telecommunication
Developments in telecommunications provide new
opportunities for electronic eavesdropping.
9. Electronic Funds Transfer Fraud
Electronic funds transfer systems have begun to pro-
liferate, and so has the risk that such transactions may
be intercepted and diverted.
from the classification above, Bosco(2012) states there are
five common cyber crime attack mostly[5]. Five attacks has
been using by most hacker in Indonesia. They are[9]:
1. Malware/Spam and The Underground Economy
2
2. Data Theft
3. ID Theft
4. Phising
5. Botnet definition
Fig.3 below explains the pyramid of cyber theft. The hacker
develops malicious software and sold it to the black market.
The Malware exploiters purchase the malware from computer
injected by virus/malicious and try to steal privacy user data.
The victims can lose his privacy data easily.
Fig. 3. The Cyber Theft Ring[14]
B. Indonesia Cyber Law
Indonesia start to formulate the law to defend again cyber
crime in 2003 by Infomation and Communication Minitry
(Kemenkominfo). Indonesian President Susilo Bambang Yud-
hoyono signed this UU-ITE (Information and Electronic Law)
on March 18, 2008 and named to ”Undang-Undang Nomor
11 tahun 2008”.It was followed with other cyberlaw namely
UU KPI (Public information openness law) 14/2008 and UUP
(Pornography law) 44/2008 respectively[6]. The government
hope the law can covers every potential issues that can appear
in the future and can add the safety and trustworthy to
Communities about electronic environment, online content reg-
ulations, help Indonesia’s e-commerce prosper and also as legal
assurance for any business transaction that held electronically
through the Internet.
III. E XPANSION C YBER C RIME IN I NDONESIA
according to an article[10], Indonesia has reached 545 cases
of cyber crime in 2011 and getting more in 2012 by 600
cases. These high number of cases are depend of community
report. At least, since 2003 Indonesia National Police (POLRI)
caught 71 cases of cyber crime and a year before, in 2002,
Indonesia ranks second after Ukraine in the crime cases using
information technology[11]. Since that year, cyber crime cases
are getting more and more.
the high growth of technology consumption in Indonesia
is not accompanied by the readiness of information tech-
nology infrastructure, policy/regulation, institution and human
resource especially for security sector.
IV. I NDONESIA C YBER C RIME C ASES
In this paper, we will analysis two cases of cyber crime
happens in Indonesia. In many articles report, most of Indone-
sian Cyber crime cases comes from transaction fraud.
 2016 International Conference on ICT For Smart Society
Surabaya, 20-21 July 2016
ISBN : 978-1-5090-1620-4
A. e-commerce Fraud
In 2001, a man from Bandung, Steven Haryanto, made
a fake website with internet banking services on pur-
pose to cheat the bank customer. He made many do-
main with similar name to BCA Bank. He made similar
website with www.klikbca.com such as www.klik-bca.com,
www.kilkbca.com or www.clikcbca.com. The fake website will
guide user if he clicked it to input his identity, username,
password and PIN number. approximation, there are many
identity BCA customer has been stolen and so do their money.
This case is a model of typosquatting. Typosquatting is
the act to buy and operate many similar domain names with
famous domain names and many Internet users can visit his
domain from typo of the true website/domain that user wants
to visit. The criminals modified the website page for looking as
same as the real website. Without conscious, user with wrong
typing website name gift what the criminals need such as
username, PIN Number, Credit card Number and many privacy
data.
This crime was punished with UU ITE 11/2008 with sec-
tion 35: Every people deliberately and no right and against the
law with manipulating, creating, changing, losing, defacement
electronic information and/or electronic document in order to
make electronic information/document as if authentic data.
Another cases similar with this still continue appears now
days. The criminals have used this method to cheat the users.
They spread the fake information using social media, such as
facebook, twitter or path and also using direct media interac-
tion like phone call or sending a message.Fig.4 explain how
the cyber fraud crime works. The hacker will tray to exploit
the vulnerability of computer with sending Trojan virus. The
computer injected with it will give many credential data to
hacker. At the end of the step, after getting what he wants,
the hacker can do any what he want. Most of Indonesian are
leak of information about technology. This is a vulnerability in
defending their money from some fraud crime. The difference
of knowledge appears because of many problem. the large of
Indonesia territory and improvement of regional development.
so, the cases of fraud crime usually happen in village territory.
Fig. 4. How Fraud Works[14]
3
Fig. 5. Fake SMS
The figure Fig.5 below show us the leak of Indonesia
laws on cyber crime. Since BCA Internet Banking case in
2001, the similar cases still continue growing in communities.
Indonesia government should care this situation. The criminals
should be punished with the proper punishment. In the figure
above, message sender sends an information that receiver win
a prize from a national bank and he asked to access the fake
website ”www.gebyarhadiahbankbri2014.webs.co.id”. Usually,
a user without knowledge surprised and being happy with
information. Finally, he clicks the link and guided to the victim
of cyber crime.
Fraud Labs[16], explained many ways to prevent the cos-
tumer from this crime:
1. Geolocation by IP address
Geolocation by IP address can identify the user’s
exact location or calculate the distance between
billing address of online buyers and actual location
of persons entering the orders. As a result, it allows
the merchants to apply additional authentication mea-
sures or identification for those transactions which
show a great difference of distance. As a result,
Geolocation technology delivers data that helps mer-
chants determine which transactions to review and
which to allow. This creates a beneficial balance
between the risk of fraud losses and that of block-
ing legitimate customers. Legitimate customers will
actually welcome legitimate authentication measures,
which will protect them from credit card fraud also
and keep the costs of doing business on the Internet
down, especially if the customer is properly informed
and advised by the merchant of these protection
measures. Using a service such as that provided by
FraudLabs can keep the cost of authentication down
as you can target the authentication toward the most
probably geographic locations for fraud.
2. Comparison of the IP address country with the billing
address country.
An IP address is a unique network identifier issued
by an Internet Service Provider to a users computer
every time they are logged on to the Internet. Make
sure the IP address country and the billing address
country are the same. By using fraud detection web
services like FraudLabs, you can detect the IP address
 2016 International Conference on ICT For Smart Society
Surabaya, 20-21 July 2016
ISBN : 978-1-5090-1620-4
country for the customers that are placing the orders.
If the customers billing and shipping addresses are
in the US, but the person placing the order is logged
in from an IP in Russia, this will require closer
scrutiny, and will often trigger anti-fraud precautions.
Although this situation could be legitimate, but it’s
probably worth a phone call to the customer’s US
phone number or other measures to confirm the order
and the identity of the credit card user.
3. Check whether the phone number is valid and located
within the correct ZIP code.
Often, merchant will discover orders with invalid zip
codes or a mismatch between the zip code and area
code will produce fraud rates that are significantly
higher than usual. They may wish to apply more
rigorous fraud prevention standards by verifying the
validity of zip code and the area code. In addition, if
the phone is identified as a V.O.I.P phone, offered by
many services these days, a delay in shipment until
the payment clears may be in order, especially for
non-times sensitive items.
4. Call the credit card issuing bank to verify the validity
of credit card.
If online merchants have any suspicions about an
order and need to confirm the details of the order,
they can call the issuing bank and ask to confirm the
general account details. This is to make sure that the
card is not stolen. The issuing bank phone number
is based on the first 6 digits of credit card number
known as the Bank Identification Number (BIN).
5 Request more identification if in doubt.
While consumers value their privacy and require
quick web site ordering facilities, it is important to
gather sufficient customer identity details during the
ordering process. The customers name, credit card
number and expiry date is not enough. Merchants
should call them for verification through phone or
request a photo ID to be faxed if they have any
doubts.
Every costumer should aware of e-commerce fraud crime,
although it is something that can never be completely erased,
but rather something that must be managed. One of the most
important factors in controlling fraud is understanding the
customer and implementing security measures that can adapt to
the level of risk in each transaction. Applying fraud detection
web services in the order management can greatly reduce the
problem[16].
B. Illegal Interception Telecommunication
Indonesian shocked by a news from Australian media,
based on leaked document from snowden, that Australian spy
agencies have targeted Indonesian President Susilo Bambang
Yudhoyono(SBY), the vice-president and other senior minis-
ters for telephone monitoring. the news made a terrible shock
for Indonesian government. Because, as a leader of country
president SBY has very private conversation on his phone
and maybe ministry did have their privacy about country or
government too.
illegal interception is a crucial cases. The cases is hard
to be traced and solved. Less of human resource is being
4
an obstacle for Indonesia government. The issues disturbed
national security. Every people asked about the safety of
Indonesian privacy data. At this point, Indonesia government
has no good policy. Corruption Fight Committee (KPK) as
government committee also using interception telecommunica-
tion to help their work. They are spying government member
using information technology and government should have the
perfect policy to arrange the borders of KPK work.
This case is not the only one, in February 2014, a local
newspaper[15] reports that Indonesian new president(in that
day he was an Jakarta governor), Joko Widodo, was being
spying in his office residence. Jokowi admitted tapping (in-
terception communication) it really happened. But he chose
not to think about it because they feel no one is talking about
the important things in the office residence. in 2009, on of
Indonesia police headmaster, Susno Duadji, was being tapping
by KPK (Corruption Eradiction Commision). KPK tried to
get some secret important information about the involve of
Indonesian police in corruption of Century Bank case.
Government stated this problem in the law. in UU No.
36 1999 about telecommunication, stated: Telecommunications
provider shall keep confidential the information sent and or
received, by the customers of telecommunications services via
telecommunications networks and telecommunication services
are convening. Provider the telecommunication services should
give the costumer the security and their privacy. And probably
the provider should give the government special service for
government purpose.
V. C ONCLUSION
Indonesia as being the the first rank of the most country
provided cyber crime attack is a huge problem. Indonesia as
a big country should not have this problem. Cyber crime
can disrupt stability of the country. The situation have to
be prevented and one of many ways Indonesian government
should make the regulation as purposed above.
ACKNOWLEDGMENT
The authors would like to thank BlackBerry Innovation
Center(BBIC) Labs of Bandung Institute of Technology for
supporting this research.
R EFERENCES
[1] Indonesia Internet User Data. Available at http://www.apjii.or.id/v2/
index.php/read/page/halaman-data/9/statistik.html#
[2] Gunjan. Vivit Kumar, Kumar. Amit and Avdhanam. Sharda, A Survey of
Cyber Crime in India.
[3] Yu. Shui, Zhou. Wanlei, Dou, Wanchun and Makki, S.Kami. Why it is
Hard to Fight Against Cyber Criminals?. 32nd International Conference
on Distributed Computing System Workshop. IEEE. 2012
[4] Mesko, Gozard and Bernik. Igor, Cybercrime: Awareness and Fear,
Slovenian Perspective. European Intelligence and Security Informatics
Conference. IEEE. 2011.
[5] P. Kleve, R. De Mulder, and K. van Noortwijk, The Definition of ICT
Crime. Elsavier. Computer Law and Security Review 27 (2011) 162-167.
[6] Lubis. Muharman and Maulana. Fajri Achmad, Information and Elec-
tronic Transaction Law Effectiveness (UU-ITE) in Indonesia. Proceeding
3rd International Conference on ICT4M 2010.
[7] Cyber Crime Attack Source. available at:http://sharingvision.com/2014/
06/indonesia-nomor-satu-sumber-serangan-cyber/ accessed on Friday at
10.02 AM 10 September 10, 2014.
 2016 International Conference on ICT For Smart Society
Surabaya, 20-21 July 2016
ISBN : 978-1-5090-1620-4

[8] 9 Types of Cyber Crime. Available at:http://www.crime.hku.hk/

cybercrime.htm accessed on Friday at 10.29 AM September 10, 2014.
[9] Bosco. Francesca and Vaciago. Giuseppe,Crime, Digital Investigation
and Public Partnership Presentation on 2nd INFOSEC DAY, October
2, 2012. Lisbon.
[10] Suhendar. Asep, Optimalisasi Penegakan Hukum Terhadap Cyber Crime
Dapat Meningkatkan Keamanan Nasional Esai Blok III. Lembaga Keta-
hanan Nasional RI. 2013.
[11] Sejarah id-SIRTII/CC. Available at:https://idsirtii.or.id/halaman/tentang/
sejarah-id-sirtii-cc.html access on Sunday 00.20 AM, October 13, 2014.
[12] Akdeniz. Yaman, Internet Content Regulation: Uk Government and
Internet control Regulation content. Elsavier Science. Computer Law and
Security Report Vol. 17 no.5. 2001
[13] Khonji. Mahmoud, Iraqi. Yossef, and Jones. Andrew, Phising Detection:
A Literature Survey IEEE Communications Survey and Tutorials, Vol.15,
No.4, Fourth Quarter, 2013.
[14] The Cyber Theft Ring. available at:http://www.fbi.gov/news/
stories/2010/october/cyber-banking-fraud/cyber-banking-fraud-graphic
accessed on Sunday 09.14 PM september 12, 2014.
[15] Indonesia Tapping Cases. available at:http://www.tempo.co/read/
news/2014/02/21/063556304/4-Kasus-Penyadapan-Besar-di-Indonesia
accessed on Friday 08.00 AM 19 December 2014.
[16] 10 Prevention of Fraud Crime. available at:http://www.fraudlabs.com/
fraudlabswhitepaperpg1.htm accessed on friday 08.30 AM 19 December
2014.

View publication stats

5