Skip to navigationSkip to content

Indonesia just passed China as the world’s top apparent source of cyber attacks

Reuters/Damir Sagolj
Religious police give a young man a “moral lecture” for playing online games, in Banda Aceh, Indonesia
By Lily Kuo
IndonesiaPublished Last updated This article is more than 2 years old.

Indonesia is now the top source of online attacks among 175 countries or regions observed by Akamai, a cloud-computing business that serves almost a fifth of global web traffic. According to a new report (pdf) by the firm, Indonesia’s share of online attack traffic almost doubled from the previous quarter, to 38%. The report looked at unwarranted interactions with unadvertised IP addresses run by Akamai, which the firm identified as online attacks, as well as those that disrupt or knock a website offline, or distributed-denial-of-service (DDoS) attacks. DDoS attacks had increased 54% from the quarter before.

That puts China, traditionally the world’s biggest culprit of cyber crime operations, in second place at 33%. (In third place is the US at 6.9%.) As we’ve reported before, Indonesia’s recent rise in hackerdom seems to have come out of nowhere. In the last quarter of 2012, Indonesia was not even on Akamai’s list of top countries from which cyber attacks originated.

Attack traffic by IP address.

So what’s causing the uptick? Well, it might not be that Indonesia is turning into a hacker’s paradise. Akamai’s report only traces attacks to IP addresses, which could have been hijacked by attackers in other countries. (The report doesn’t attribute the source of the IP addresses.) “For example, a criminal in Russia may be launching attacks from compromised systems in China,” Akamai says (pdf, p. 4).

Hackers look for developing but still insecure IT networks—the kind that can be found in developing countries like Indonesia. Here internet connectivity is improving—according to Akamai, average speeds increased 125% in the second quarter, from a year earlier—but the government is still criticized for not strengthening IT security enough (pdf, p. 32). Over the past three years, there have been 36.6 million incidents of hacking against the government. Still, Indonesia has only a few legal statutes (pdf, p. 109) that proscribe criminal cyber activity.

Indonesia’s population, the world’s fourth largest, and its fast-growing population of internet users may be another reason. IDGconnect, a technology media company points out, “They’ll go for wherever the largest number of exposed machines is located and use them as a platform to launch attacks. In the case of Indonesia… it’s a numbers game.”

Still, a few recent high-profile attacks have gotten the Indonesian government’s attention. In January, an online group called “Anonymous Indonesia” hacked into government websites in retaliation for the arrest of a man who had been charged with hacking into the president’s website. Online users were greeted with an image of cloaked figure and the words, “No Army Can Stop an Idea” instead. Microsoft said in June that it disrupted a cybercrime operation originating in Indonesia. Indonesia’s defense ministry has said it is creating its own “cyber army” to counter such attacks.

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.