The rise of political digital attacks

The massive demonstrations against the Job Creation Law were also felt in the digital world. The protests from civil society against the omnibus law, manifested in the hashtags #TolakOmnibusLaw (reject the omnibus law) and #TolakUUCiptaKerja (reject the Job Creation Law), have become a trending topic in global cyberspace. At the same time, however, digital attacks on protesting activists and students have been on the rise.

Based on monitoring by the Southeast Asia Freedom of Expression Network (SAFEnet), at least 16 cases of digital attacks targeting activists, workers and students have occurred as of Oct. 20 in the form of hacked Instagram accounts, takeovers of WhatsApp numbers, attempts to log in to Twitter accounts, hacked or defaced websites as well as doxing and other threats through WhatsApp and Instagram.

Cyber attackers have targeted labor activist Mirah Sumirat, the president of the Indonesian Workers Union (ASPEK). She lost control of her phone number and WhatsApp the day before the big stunts on Oct. 8. She announced the incident through her Twitter account. Other attacks happened to students using the same method: Takeovers of WhatsApp numbers.


Cyberattacks on government critics have at least doubled in October compared with the previous six months. SAFEnet observed 49 attacks from April until September 2020. That means, 8 attacks occurred per month on average. The most common form of attack was hacking (76 percent), followed by impersonation (5 percent), doxing (5 percent), attempts to log in (5 percent) and others. The attackers targeted almost all popular platforms, namely WhatsApp, Instagram, Twitter and Facebook.

The upward trend of digital attacks shows that day-by-day information technology is increasingly intertwined with political matters. Information technology on the one hand is a tool to encourage social political change, mainly by civil society, but on the other hand it has become a medium to repress activism by alleged statesponsored actors.

This can be seen from several indicators. First, the timing of the attacks is always closely related to political issues. Digital attacks tend to increase when there are controversial political debates, especially at the national level. Other than the controversy over the Job Creation Law this October, cyberattacks also increased in June as well as in August and September. In June we detected 11 digital attacks, as against 9 in August and 10 in September.

What were the hot issues in those months? In June, the Black Lives Matter (BLM) movement in the Unites States was intensifying in response to police violence against Afro-American citizen George Floyd. This racial discrimination created solidarity both online and offline in various parts of the world, including Indonesia. Nationally, the death of Floyd gave rise to a campaign against racial discrimination in Papua, expressed through the hashtag #PapuanLivesMatter.

The second indicator is the cyberattacks aimed at those who challenged state actors. In August and September, digital attacks returned with the controversy regarding the reported discovery of a COVID-19 cure by Airlangga University, the Army and the State Intelligence Agency (BIN). The findings, which were considered substandard according to medical and scientific principles, were criticized by several epidemiologists, public health activists and the media. The critics, instead, have fallen prey to digital attacks.

According to observation up until October, most victims were activists and journalists critical of the government. A total of 23 activists, 14 journalists and 9 students experienced digital attacks in the April-October period allegedly because of their criticisms.

Activists in Papua experienced the most diverse attacks, from phone hacks and internet blackouts to doxing. Most of the attacks were related to their concern about discrimination of Papuans.

Meanwhile, online media that experienced such attacks include, and Kompas. com. The attacks took the form of a defaced homepages and removed articles. The three online media were targeted by digital attackers following their reports on the controversial discovery of the supposed COVID-19 cure by the Army, BIN and Airlangga University in August.

Another attack victim related to the issue of COVID-19 handling is University of Indonesia epidemiologist Pandu Riono, who has often criticized the government through his Twitter account. His Twitter account has been attacked and remains inaccessible until now, forcing Pandu to create a new account.

A similar attack happened to the Twitter account of Ainun Nadjib, the initiator of the KawalCOVID19 movement, although it was unsuccessful, as he had implemented several mitigation efforts on his social media account.

The third indicator is the silence of the state when cyberattacks are rampant. To exacerbate the state’s inaction, the deliberation of the data protection bill has been delayed. The House of Rep- resentatives reportedly will only conclude the debate of the much-awaited bill in November.

The list of cyberattack victims may grow longer because, until today, controversy remains related to the issues of Papua, the government’s COVID -19 response and the Job Creation Law.

More individuals, media and civil society groups are vulnerable to such attacks due to their defense of the rights of minority and marginalized groups like lesbian, gay, bisexual, transsexual and queer (LGBTQ) people and indigenous people.

The struggle of such high-risk groups through information technology will face tougher challenges due to the more sophisticated and massive reprisals by actors who have the ability and power to carry out cyberattacks.

Therefore, it is now time for the high-risk groups and other human rights defenders to make digital security an important part of their advocacy. Capacity building, including with regard to awareness and skills in digital security, has become an urgent matter.

They badly need information technology as an advocacy tool, but they also have to protect themselves from cyberattacks.

This article has been published by The Jakarta Post