In a 2021 report by the University of Queensland, an Indonesian cyber expert compared the country’s cybersecurity architecture to an ‘empty house’ — half-built, hollow and poorly designed. It contended that further progress was afflicted by a lack of vision, poor technical understanding and patronage politics.

Two years later, Indonesia has been hit by an unprecedented campaign of doxxing — the targeted, malicious publication of individuals’ personal information — and wholesale data leaks. Perpetrated by an anonymous hacker or team of hackers using the alias ‘Bjorka’, sensitive data from intelligence agencies, state-owned enterprises, businesses and millions of ordinary citizens was exposed.

While questions remain about the identity and motivations of Bjorka — which claims to be Warsaw-based and seeks to redress abuses of power by security officials — their attack has resulted in the passage of the long-delayed Personal Data Protection (PDP) Bill. The leaks have also highlighted ongoing problems with the institutional basis of cybersecurity governance. This is seen in the failure of Indonesia’s National Cyber and Encryption Agency (BSSN) to realise its vision and mandate.

Please click here to read the full “Doxxing and deficiencies in Indonesia’s cybersecurity framework” article published at East Asia Forum, written by Griffith Asia Institute Adjunct Research Fellow, Dr Greta Nabbs-Keller.