The world is big, but with the internet, even things halfway across the globe is reachable, by only lifting a finger.
Indonesia is a large archipelago country in Southeast Asia. With an area that spans within three different timezones, Indonesia is the largest in the region, and the fourth largest in the world in terms of population.
And here, a hacker that goes by the pseudonym of Bjorka and claims to be from Warsaw, Poland, has been selling data he stole, including those that he stole from mobile phone operators, which accounts to more than 1.3 billion registered mobile phone numbers.
Not just that, the hacker also sells data he stole from Indonesian state-owned enterprises, as well as from the country's general election commission, which accounts to around 105 million voters.
Making things even worse, Bjorka also has his hands on a log of the President's correspondence, including confidential documents between President Joko Widodo and the State Intelligence Agency.
The data allegedly belonging to the President consists of the title of the letter, the number of the letter, the sender, the sender’s ID, the date of the letter, and so forth.
There's more, because the hacker also has the personal information of high-ranking officials in the country, among others.
This includes data about public figures, such as Coordinating Minister for Maritime Affairs and Investment Luhut Pandjaitan and Communication and Informatics Minister Johnny G. Plate.
The details leaked included their phone numbers, identity numbers, and vaccine numbers.
And particularly regarding Johnny G. Plate, the hacker greeted him a happy birthday, knowing that the minister's birth date is September 10, 1956.
"Happy birthday johnny johny yes papa," he said.
He also taunted Puan Maharani, the speaker of the People's Representative Council, the daughter of fifth Indonesian President, and the granddaughter of Indonesia's first President, whose birth date is September 6, 1973.
"How are you madam @puanmaharani_ri?" Bjorka asked. "How does it feel to celebrate a birthday when many people are protesting about the price of fuel right in front of your office?”
In total, the hacker said that he has gigabytes-worth of sensitive information, he obtained in September 2022.
When a senior informatics applications official reached Bjorka, by speaking through a press conference, asking the hacker to stop leaking sensitive data of Indonesians, the hacker taunted the government, by telling it to "stop being an idiot."
In a tweet, Bjorka stated that it was easy for him "to get into various doors due to a terrible data protection policy", especially when it is "managed by the government".
Bjorka also taunted public figures such as State-Owned Enterprises Minister Erick Thohir, telling him to give up his hopes for becoming Indonesia's next president.
As a result of this, the government quickly assembled a specialized data protection task force to chasing this hacker.
Soon after the taunts, the manhunt begins.
One after another, Bjorka's Twitter accounts have been suspended.
According to a Twitter spokesperson, sharing links from hacks is prohibited.
"Tweets referring to a hack or discussing hacked materials would not be considered a violation of this policy unless materials associated with the hack are directly distributed in the text of a Tweet, in an image shared on Twitter, or in links to hacked content hosted on other websites," wrote Twitter on a dedicated rules and policy page.
Read: COVID-19 Vaccine Certificates For Indonesia's President Leaked To The Internet
Coordinating Minister for Political, Legal, and Security Affairs Mahfud MD, called on the public to remain calm.
He claimed that none of Indonesia's crucial networks nor systems were hacked, and no state secrets were ever stolen.
While the hack and the leak sparked numerous backlash and unrest in Indonesia, Bjorka has actually become both a public enemy, and a hero.
At least to Muhammad Agung Hidayatullah.
The man who was initially identified by the initials MAH, resides in Madiun regency in East Java, where he sells drinks to the locals.
Officers arrested him for "helping" Bjorka with his Telegram group.
But what he really did, was idolizing the hacker.
MAH created a Telegram channel called 'Bjorkanism', where he reposts what Bjorka said. MAH is known to have at least posted to the channel three times.
To do what he did, the 23-year-old man said that Bjorka paid him $100 in Bitcoin.
This incident should be considered a "top of the line" breach, said experts, who criticized the lack of adequate responses from Indonesian government in past breaches.
"The data leaked by Bjorka is actually lesser in quality and quantity than those leaked previously," digital forensic expert Ruby Alamsyah.
"But, thanks to the hacker, the personal data leaks have come into the spotlight tremendously."
He also said Bjorka has been a notable hacker, and has been selling stolen data at numerous online forums, including one on the dark web.
Ruby suggests that the Indonesia government should investigate leaks that have ever happened in the past, and "lessons learned from the past cases" in order to prevent similar incidents to ever happen in the future.
The leak follows one previous major incident, which involved the hack and the leak of social security details, including identity cards and family cards - of over 200 million citizens in the Healthcare and Social Security Agency's database in 2021.
While Bjorka is still in the wild, it's worth noting that the hacker has also become viral amongst hackers.
And with that, other fellow hackers are also trying their luck to see whether they can also hack and steal something from the Indonesian government.
Examples include a hacker who claimed to have hacked Indonesia's Ministry of Defense, another who claimed to have hacked subsidiary of the state-owned company Pertamina, and another claimed to have breached Indonesia's Ministry of Social Affairs.
Indonesia citizens are the once affected the most.
At this time, their only defense, should be the Personal Data Protection Bill, which is expected to soon be passed by the parliament.
"Logically, due to the fine and sanctions, all parties will be well-prepared, ensuring that their cybersecurity is better than the past and data leaks can be averted," said Ruby.
"If there's a leak, the public can demand accountability and compensation because of the existence of a valid legal basis."
Read: Hacker Has Leaked Indonesian 'BPJS' Social Security Data, Said The Government