The Importance of Security Protections on

The Web-Hosting Services

Case Study: Website Hacking on www.presidensby.info
Joko Widiarto
School of Electrical Engineering and Informatics
Institut Teknologi Bandung (ITB)
Bandung, Indonesia
jwidiarto@gmail.com

AbstractInternet has become one of the way

to execute a crime as known as cybercrime. One type
of cybercrimes is website hacking, that have
uniqueness because of not all websites hacking aimed
at the destruction, theft or other criminal activities
but in some cases, the cause of hacking is event
showcased the ability of actors. Nevertheless,
regardless of the purpose of hacking action, is become
a cybercrime since the actors tried to access the
information that is not their own. There is a regulatios
that had been used to prevent and handle cyber crime
in Indonesia, namely: the Law of the Republic
Indonesia Number 11 of 2008 Concerning Electronic
Information and Transaction. Meanwhile, the success
of attempt hacking a site, beside influenced by the
ability of actors, it is also strongly influenced by the
level of security on the site and web hosting is
concerned. This research was conducted to study the
causes of the occurrence, in the case of classification
of cyber crime, lawlessness caused by hacking,
tracking and verification actors, and efforts were
made to prevent a similar incident happen with a case
study on the website hacking www.presidensby.info.
Keywords: cybercrime, hacking, presidensby.info
I.

INTRODUCTION

Global information network or the Internet today

has become one of the mediums to conduct cybercrimes.
Cybercrime consists of two types: 1)crimes that use
information technology, and 2) crime that makes the
facility and facility systems and information technology
as a target. [1]
Various attempts have been prepared to prevent and
handle cybercrimes in Indonesia, at least there is the
Book of the Law of Criminal Law (KUHP), which
regulates the legal relations of computer-related crime
(computer crime) which later evolved into cyber crime.

To expand the scope of the Criminal Code dealing with

cyber case then drafted the Law no. 11 of 2008 on
Information and Electronic Transactions (ITE Law), with
its coverage is the problem of jurisdiction, protection of
personal rights, the principle of e-comerce trade, the
principle of unfair competition and consumer protection,
the principle of intellectual property rights (IPR) and
International law as well as the principle of Cyber Crime
[9]. The law in the case of cybercrime examine several
viewpoints comprehensively and specifically, the focus is
all the activities carried out in cyberspace, then
determined which approach is most suitable for the
regulation of Cyber Law in Indonesia.
In order to further explore and understand the
implementation of the Act, the need for in-depth case
studies on cybercrime cases that have occurred with the
use of descriptive analysis tool based on literature
studies, policy studies, observation and literature review
of some of the problems as follows: 1) how does a cyber
crime case can occur, 2) What are the crimes included in
cybercrime and how classification, 3) how does the
application of the Criminal Code and the Law ITE
cybercrime case ever happened and 4) how do to prove
cybercriminals?
As the case study, there is website hacking case on
president
of
the
Republic
of
Indonesia:
www.presidensby.info. With further study of this case,
this study is expected to be useful for the development of
the law, especially in monitoring and safeguards against
cybercrimes. In addition, the study is expected to bring
more information to the reader and be a reference for
interested parties that are expected not only to know but
also to understand the rules of law concerning crime and
its security are covered in cyber crime.

II. HACKING CASE ON PRESIDENTS SITE

In early January 2013, Indonesian cyberspace
shocked by website hacking that owned by President
Susilo Bambang Yudhoyono (SBY) located at
www.presidensby.info. The hacker switch the home page
with a plain black image reads "Jember Hacker Team"
with the green coloured text "Hacked by MJL007" , then
leave the logo and the white coloured text "Team
Jemberhacker" and write a warning message that the
website information that the president "is not locked."
The incident was reported by the Jatireja Network
as an Internet Service Provider (ISP) that houses
www.presidensby.info site. Although the Jatireja
admitted that the offending conduct deflection Domain
Name Server (DNS) without destruction or theft of data,
they still report the hacker to the accusations has lowered
consumer confidence and potential consumers of the
service side.

actions on the hacker had received a warning of some

hackers 'senior' whose content is "if you want to do halfhearted hack, make hacking quality, site of the famous
strong attack protection.

IV. CASE POSITION ON THE CYBER CRIME

CLASSIFICATION
Cyber crime is classified into two major groups,
namely: 1) computer as the target of criminal activities,
and 2) as a means to conduct criminal activities. Further
description of the classification of cyber crime can be
seen from the following figure:

To uncover such cases, the need for internet

forensics (cyber forensics) or information retrieval by
utilizing artifacts or information is still stored on the
internet. The cyber forensics revealed the fact that the
actor who used the alias MJL007 does not deface the
www.presidensby.info server machine. No change
information on a server machine www.presidensby.info
performed by actor. This is evident at the time of the
incident, referring to the site with the domain server and
the location of the same application that is
www.presidenri.go.id no change at all. If that happened
was defacing, it should address both will produce the
same page (defaced).

III. CAUSES OF CASE

From the results of the police investigation, the
hacker admitted just for fun to hack the site is located
www.presidensby.info. This is confirmed by the
recognition of his fellow members of the community
"Jember Hacker Team". Among them, the hacker is a
new player in the hacking activities of the site. Although
known for quiet, the hacker often raise a tantrum with
breaking and changing passwords facebook account
belonging to his friends. Over the action, the actors often
get a reprimand and satire of his friends through
Microsoft Internet Relay Chat channel (mIRC) which is
often used by hackers community activists.
Other possible causes in this case is the hacker want
to find a famous name or want to be respected the same
as most defacer other motives, because some of his

Figure 1. Classification of Cyber Crime

Based on Figure 1, the cases studied included in
Type I (computer as a target of criminal activity) part A
(Unauthorized Access) and sub-section Hacking.
Unauthorized Access is an activity of entering or
infiltrating into the system/networking/computer
illegally, without a permit or without the knowledge of its
owner, while Hacking is an illegal intrusion into a
computer system or network. Hacking is also known as
cracking.

V. LAW VIOLATION ON THE CASE

In the arrest warrant document, the offender is
declared in violation of Article 50 in conjunction with
Article 22 letter b of Law No. 36 of 1999 on
Telecommunications, under penalty of imprisonment of 6
years in prison and or a maximum fine of Rp 600 million
[7]. In addition, the system enters the hacker's actions of
others without permission, put the files on the server
without permission violates the Law No. 11 Year 2008
on Information and Electronic Transactions (ITE Law)
Article 30 and Article 32. When a person enters someone
else's system, of course he will be able to read the
information or documents that should not be read.
Similarly, when placing the files on the server without
permission. This file can be placed various purposes,
functions and motives. If the file can eventually harm the
owner of the server or information such as php shell,
script for spam, large files, illegal software etc, also can
reduce system performance then this course may be
subject to penalty in accordance UU ITE.
Article 30 in the Law ITE consists of three articles

the public with the integrity of the data that is not as it

should be.
The criminal provisions governing Article 30 and
32 arranged in chapters 46 and 48 ITE Law.
Article 46
(1) Any person who meets the elements referred to in
Article 30 paragraph (1) shall be punished with
imprisonment of six (6) years and / or a maximum fine of
Rp 600,000,000.00 (six hundred million rupiahs).
(2) Any person who meets the elements referred to in
Article 30 paragraph (2) shall be punished with
imprisonment of 7 (seven) years and / or a maximum fine
of Rp 700,000,000.00 (seven hundred million rupiahs).
(3) Any person who meets the elements referred to in
Article 30 paragraph (3) shall be punished with
imprisonment of eight (8) years and / or a maximum fine
of Rp 800,000,000.00 (eight hundred million rupiahs).
Article 48

are:
(1) Any person intentionally and without right or
unlawful access to computers and/ or Electronic Systems
belonging to another person in any way.

(1) Any person who meets the elements referred to in

Article 32 paragraph (1) shall be punished with
imprisonment of eight (8) years and / or a maximum fine
of Rp 2,000,000,000.00 (two billion rupiahs).

(2) Any person intentionally and without right or

unlawful access to computers and/ or Electronic Systems
in any way with the purpose to obtain electronic
information and / or Electronic Document.

(2) Any person who meets the elements referred to in

Article 32 paragraph (2) shall be punished with
imprisonment of nine (9) years and / or a maximum fine
of Rp 3,000,000,000.00 (three billion rupiahs).

(3) Any person intentionally and without right or

unlawful access to computers and/ or Electronic Systems
in any way to violate, break through, beyond, or break
through the security system.

(3) Any person who meets the elements referred to in

Article 32 paragraph (3) shall be punished with
imprisonment of ten (10) years and / or a maximum fine
of Rp 5,000,000,000.00 (five billion rupiahs).

As for article 32:

In their arguments, the hackers family hopes that

law enforcement agencies be wise and fair in making
legal decisions. What has been done the hacker must be
considered carefully. The police need to know whether it
is committed by the hacker of criminal acts or just for
fun. Moreover, if the hacker's actions have actually hurt
the government or the president, or even provide benefits
to the government because after actors penetrate the site,
the government finally know there is a weakness in the
system belongs to the president of our website.

(1) Any person intentionally and without right or

unlawful in any way modify, add, subtract, transmitting,
damaging, removing, moving, hiding an Electronic
Information and/ or Electronic documents belonging to
another person or public property.
(2) Any person intentionally and without right or
unlawful in any way to move or transfer the Electronic
Information and / or Electronic Systems Electronic
Documents to another person who is not entitled.
(3) The acts referred to in paragraph (1) which resulted
in the opening of an Electronic Information and / or
confidential electronic documents become accessible to

Meanwhile, investigators from the Cyber Crime

Police Headquarters recognizes exceptional talent in the
field of information technology (IT) owned the hacker
who are still young (19 years), Police Headquarters even
want to foster the hacker, after the free one day, so he's

using his talent properly. Nevertheless, the legal process

should be continued.
In the end the judges from Court of Jember, East
Java, sentenced him to 6 months imprisonment the
hacker. According to the judges, the hacker convicted of
hacking and replacing the front page with the Yudhoyono
Jemberhacker Team, so that the site can not be accessed
for 2 hours. In addition, players are also required to pay
case cost 250 thousand rupiahs or subsidiary 15 days
imprisonment.
In his judgment, the judges assess any hacker act as
disturbing and harming others. But the judges also
consider the mitigating the hacker. Judge judging young
players, still can be fostered, and also wanted to continue
his education. This was corroborated by the testimony of
the police who once stated intention to use their expertise
for the benefit of state actors. Hackers from Jember was
planned to be trained and recruited by Police
Headquarters.

VI. TRACKING AND DISCLOSURING THE ACTORS

Investigation of the actors who hacking the official
website of President Susilo Bambang Yudhoyono address
at www.presidensby.com suscessed after police in
cooperation with the ISP (in this case Jatireja Network),
Ministry of Communications and Information
Technology (Kemenkominfo) and the Indonesia Security
Incident Response Team on Internet Infrastructure (IDSIRTII) to track the internet protocol address (IP address)
of the hacker.
ISP record the number of IP addresses of all its
customers, and to know its location. All computers are
connected to a local network or the Internet, will have an
IP Address. Although the hacker smart enough to divert
an IP address to an address in the United States, but the
team succesed to track the location of its IP address from
the Media Access Control address (MAC address) [6].
MAC addresses are also often called ethernet address,
physical address, or hardware address, in general, any
device attached to the computer and it is difficult to
change because it has been incorporated into the ReadOnly Memory (ROM).
Once the IP address is known location is in a cafe in
Suprapto Street, Kebonsari Village, District Sumbersari,
Jember. Police then going undercover to get the
Incognito's real name MJL 007 performed in the cafe on
January 25, 2013 starting at 18:00 pm. Identity revealed
on MJL 007 at 23:00 pm. The police who had brought the

letter arrest, search and seizure immediately arrest the

perpetrators were identified as Wildan Yani Ashari.

VII. PRECAUTIONS TO AVOID RECURRENCE OF SIMILAR

CASE
To formulate preventive measures that should be
done so that similar incidents do not happen again, need
to know first where the security hole that can be
penetrated by hackers. In addition, please note also what
methods or tools that can be used to penetrate the security
holes.
In this case, Wildan was not hacked
www.presidensby.info site directly, but by going to the
page www.jatirejanetwork.com where the site
www.presidensby.info hosted. With MJL007 alias name,
he enter www.jatirejanetwork.com with SQL Injection
techniques. Finally Wildan can go to that page and find
out how to access to techscape.co.id which turns
jatirejanetwork.com a reseller of techscape.co.id. Wildan
then create a backdoor using wso.php software (web sell
orb) to bypass or break through security systems
compromised machine without being noticed by the
owner.
Wildan was fiddling www.techscape.co.id page that
has the IP address 202.155.61.121 and find security
holes. He successfully hacked server that managed by
CV. Techscape and enter the application WebHost
Manager
Complete
Solution
(WHMCS)
at
my.techscape.co.id directory. From this site Wildan
managed to get a username and password from the
database. Furthermore Wildan running program
WHMKiller on the www.jatirejanetwork.coms pages to
get the username and password of any existing domain
name. He also embed a backdoor on the server
www.techscape.co.id. In order to hidden these backdoor
from administrator, Wildan rename tools into domain.php
and placed in a subdirectory my.techscape.co.id/feeds/,
so the Wildan can freely access the server via the URL
www.techscape.com:
my.techscape.co.id/feeds/
domain.php. [4]
Then on January 8, 2013 Wildan accessed
www.enom.com, a page that is a domain registrar www.
techscape.co.id and successfully login into techscape
account at the domain registrar eNom techscape. Inc.
which is headquartered in the United States. From there
Wildan obtain information about the Domain Name
Server (DNS) www.presidensby.info page. Wildan then
change
the
DNS
data
obtained
into
id1.jatirejanetwork.com and id2.jatirejanetwork.com.

is important to use powerful hardware security,

including that features Firewall, Intrusion Detection
System (IDS) and Intrusion Prevention System
(IPS). For example using Fortigate, Cisco Series
security, and others. Moreover, it can also use the
software or use IDS and IPS security system for
Linux distributions like Sootwall, Monowall,
Customized Distro, Linux and others.

Furthermore, Wildan uses the account to create a domain

account www.presidensby.info and put an HTML file on
the server Jember Hacker Team www.jatirejahost.com so
the account owner and the user can not access the origin
od www.presidensby.info, but deflected into HTML files
that displaying Jember Hacker Team.
From the description of how hacking is done by
Wildan indicates that hacking is not always done to the
site directly, but it can also be done on its web hosting
services. Hacking the ISP of this website will be more
dangerous because in a single attack, the hacker can get
all the critical data of hosting provider.
In his testimony owner of the web hosting
www.jatirejanetwork.com said that security of ISP and
web hosting services that it manages very high. He even
claimed to have a server in Indonesia and one server in
the USA and at least in the last two years he managed
servers www.jatirejanetwork.com never conceded. But
apparently a Wildan can find security holes in the form of
a gap to conduct SQL injection. Other security hole is
that ISP and web hosting services managed
www.jatirejanetwork.com and www.techscape.com still
use WHMCompleteSolution (WHMCS) version 4 and
version 5, but is now available WHCMS 6 WHMCS
version before version 6 is still can be broken with two
tools that WHMKiller and webshell WSO. [5] This case
shows that in fact at some web hosting, the
administration has not done well, rarely updated systems
are susceptible to attacks.
To prevent a similar incident happening again, it is
important to develop a security protections start form
computers that are used to build a website, server security
on the web hosting service provider, the technology used
for database protection and security team's ability to keep
the web hosting provider files. Security protection can be
done by the following ways:
1.

2.

3.

Secure Server: generally conducted on ISPs hosting

websites that fully performed its security protection
by the ISP. In this case, webhosting turned out to be
compromised by hackers using SQL injection
technique, therefore, where possible, the use of the
server itself using a Virtual Private Server (VPS)
will be better because of security protection can be
optimally dicustomized as the user desires.
Audit Server: Web administrator must review,
testing and simulation periodically to server security
management. This can involve white hackers to test
the security protection of the system from other
hackers attacks.
Using the Best and Latest Technology: in line with
technological developments in the world of web
servers and development tools for hacking method, it

In addition, it is better to use secure software and

hardware that can automatically send an email or sms
warning and if siste detect any attacks from hackers. That
way security efforts could be undertaken immediately.
In the ITE Law, an active role of the ISP or web-hosting
for more attention to the security services have also been
set up in Article 15, Paragraph 1, 2 and 3, which reads:
Article 15
(1) Each Operator must hold Electronic Systems
Electronic Systems reliably and safely and is responsible
for the operation of the Electronic Systems as
appropriate.
(2) Electronic System Operator is responsible for the
implementation of the electronic systems.
(3) The provisions referred to in paragraph (2) shall not
apply in the case of occurrence of a force can be proven,
errors and / or omissions of the Electronic System users.
In addition to the security of the ISP, the government can
help increase safety in the delivery of the internet with
the following steps
1.

2.

3.

4.
5.

6.

Prosecuting those responsible for completely and

fairly under the Act applicable to a deterrent effect
on hackers.
Enhance enacted laws should continue to be refined
in light of the rapid advancement of technology and
communication
Improve the understanding and expertise of the law
enforcement regarding the prevention, investigation
and prosecution of cases of hacking of government
websites.
Increasing national computer network security
system according to international standards.
Increasing awareness of citizens on issues of
cybercrime and the importance of preventing the
crime occurred.
Increasing cooperation between countries, such as
through agreements handling cyber crime in the
world.

VIII.

CONCLUSION

From the previous discussion Wildan cases can be

used as a lesson for the Indonesian government about the
security system is so weak that the government should
further strengthen the security system so that cases
Wildan will not happen again. From the consumer side,
should not just choose a web hosting service, but to pay
attention to security aspects offered by service providers,
and the last of the service providers are appropriately
consider the security aspects of service that it provides.

REFERENCES

[1] Hizkia, Yoseph. Aplikasi Konvensi Cyber Crime

2001 Dalam UU no 11 Tahun 2008 mengenai
Informasi dan Transaksi Elektronik (ITE)
[2] Wainman, Neil. 2002. A CIO's Guide to Managing
Security Risk in Web Hosting Contracts: What to
ask your Managers and Web Service Provider
[3] Kompas.com
http://tekno.kompas.com/read/2013/01/30/18554355/
cara.kepolisian.melacak.peretas.situs.sby
[4] Tempo.co
http://www.tempo.co/read/news/2013/04/12/072472
937/Begini-Cara-Wildan-Meretas-Situs-PresidenSBY
[5] Tempo.co
http://www.tempo.co/read/news/2013/05/08/063478
904/Saksi-Peretas-Situs-SBY-Berbakat-dan-Iseng
[6] Inilah.com
http://nasional.inilah.com/read/detail/1952963/wowhacker-situs-sby-pernah-bobol-5000-situs
[7] Tempo.co
http://www.tempo.co/read/news/2013/04/11/063472
616/Peretas-Situs-SBY-Disidang-Tanpa-Pengacara
[8] Tribunnews.com
http://www.tribunnews.com/iptek/2013/04/25/carawildan-bobol-situs-sby-belokkan-domain-bukanmerusak
[9]

Republic of Indonesia, Undang-Undang Republik Indonesia

Nomor 11 Tahun 2008 Tentang Informasi dan Transaksi
Elektronik. 2008.