To this day, government officials still act “surprised” every time their sites get hacked. Meanwhile, cyberattacks keep repeating like a broken record: KPU, Ministry of Defense, even .go.id portals have been turned into illegal content hubs. Just look at the KPU (General Elections Commission)—204 million voter records were leaked and sold online in 2023. Netizens were quick to roast them: “As an IT graduate, I’m not even surprised… y’all had one job.”

Here are some real and recent examples of cyberattacks targeting Indonesia’s government sites:

✅ KPU (General Elections Commission) – 204M Citizen Data Breached

In late 2023, the official KPU website was reportedly hacked. A hacker going by the alias “Jimbo” stole and leaked the personal data of over 204 million Indonesians, allegedly straight from KPU’s system. The data was sold on BreachForums, sparking public outrage and memes mocking the absurdity of such a massive leak. One tweet read: “Cybersecurity budget: IDR billions. Result? An Excel file on sale.”

✅ Ministry of Defense – Claimed 1.6TB of Classified Docs Leaked

In November 2023, a cybersecurity researcher posted screenshots claiming to have hacked the Indonesian Ministry of Defense. The leak allegedly included 1.64 terabytes of sensitive military data. The website (kemhan.go.id) went down shortly after. On social media? Endless sarcasm. People joked about “national defense” not being able to defend its own website.

✅ .go.id Becomes Gambling Paradise

Turns out .go.id domains are highly prized—not by government agencies, but by online gambling operators. Between Jan 2022 and Feb 2023, Indonesia’s Ministry of Communication and Informatics (Kominfo) found 683 official sites infected with gambling content. That’s 461 government sites (.go.id) and 222 educational ones (.ac.id). Worse, 675 of them had active vulnerabilities, making them a buffet for hackers.

The problem? Hackers love .go.id domains because they’re rarely blocked and look “official.” Even PANDI, the domain regulator, reported over 600 cases of .go.id abuse in 2023 alone, most involving online gambling. A provincial IT head bluntly admitted: “These sites are rarely updated. That’s why they’re easy targets.”

✅ Kejagung (Attorney General’s Office) – Alleged Website Defacement

In February 2025, Indonesia’s CSIRT (Cyber Incident Response Team) reported a suspected defacement attack on the Attorney General’s website. Though details are still unclear, a security researcher shared evidence online. Whether it’s real or not, the fact that anyone can deface such an important agency’s site is… worrying, to say the least.

🚨 Social Media: The New National Watchdog

Most of these incidents were first revealed—not by the government—but on social media. Claims about the Ministry of Defense breach appeared on Twitter (now X) before any official statement. The KPU data leak? It went viral thanks to screenshots posted on hacker forums and amplified by cybersecurity researchers.

And netizens aren’t holding back. One joked: “Maybe the real cyber-defenders are just unpaid interns.” Another quipped, “We’ve got great slogans, but where’s the protection?” It’s clear: tweets, TikToks, and Reddit threads are doing more to highlight cybersecurity issues than official press releases.

📉 The Sad State of Cybersecurity

Yes, Kominfo releases big numbers—like 80,000 blocked attacks per day, totaling 29 million in a year. But statistics don’t mean much when dozens of .go.id websites are turned into digital casinos. And when voter data is sold for a few bucks, people have every right to demand answers.

Even officials admit it: most government websites are rarely maintained, rarely audited, and rarely treated as national assets. Until that changes, we’ll keep seeing headlines like “.go.id hacked again.” Or worse—we’ll stop being shocked entirely.

So please, update your OS, patch those plugins, and maybe—just maybe—don’t leave our national data in a WordPress backend with “admin123” as the password.

Sources: Based on reports from KPU, Kominfo, PANDI, CSIRT Indonesia, and various cybersecurity experts. Articles referenced include coverage from Liputan6, Kompas, JawaPos, and real-time social media threads.

Terjemahan Bahasa Indonesia dan Referensi

Situs Pemerintah Dibobol: Data 204 Juta Bocor & Situs Jadi Portal Judi Online!

Sampai sekarang, pejabat pemerintahan kita masih suka “kaget” tiap ada berita situs mereka diretas. Nyatanya kasus berulang terus muncul: situs KPU, Kemhan, bahkan portal .go.id disusupi konten terlarang. Misalnya KPU terserang hacker, 204 juta data pemilih terpaksa bocor dan dijual di forum gelap (liputan6.com). Warganet langsung miris ikut sindir, “Gua yang lulusan IT ga kaget si, yaelah…” (liputan6.com). Berikut contoh-contoh nyata terbaru serangan siber ke situs pemerintahan kita:

KPU (Komisi Pemilihan Umum) – Pada akhir 2023, situs resmi KPU dikabarkan diretas. Hacker anonim “Jimbo” berhasil mencuri dan menjual 204,8 juta data penduduk Indonesia (liputan6.com liputan6.com). Insiden ini memicu kemarahan publik: netizen menyindir keamanan pemerintah tak boleh se-“cahaya proyek IT yang tak dipakai” (liputan6.com).
Kemenhan (Kementerian Pertahanan) – Pada November 2023, muncul klaim di Twitter/X bahwa situs resmi Kemhan dibobol. Peretas memamerkan tangkapan layar berisi 1,64 terabita dokumen rahasia (kompas.id). Situs kemhan.go.id pun tak dapat diakses saat itu. Komentar netizen pedas, kontradiksi dengan jargon “aman bersih negara” menjadi lucu jika tak serius ditanggapi.
Situs .go.id sebagai arena judi – Banyak situs pemerintah tidak kebal virus komersil. Kominfo mencatat mereka menangani 683 situs instansi pemerintah dan pendidikan yang disusupi konten judi online (periode Jan 2022–Feb 2023) (nasional.kompas.com). Rinciannya, 461 situs berakhiran .go.id dan 222 .ac.id kedapatan iklan judi (nasional.kompas.com). Kominfo lalu menemukan 675 situs (454 di antaranya instansi pemerintah) rentan serangan pihak tak bertanggung jawab (kompas.com). Mengapa? Hacker tahu domain .go.id tak bisa gampang diblokir. PANDI juga laporkan 600+ kasus “domain abuse” .go.id sepanjang 2023, umumnya berisi promosi judi (jawapos.com). Kepala Diskominfotik Sumbar pun blak-blakan: praktik keamanan kita lemah, situs jarang di-update, makanya gampang dibajak jadi lahan judi (zaman.co.id).
“Deface” Situs Kejagung (Kejaksaan Agung) – Bahkan situs lembaga penting terancam. Pada Februari 2025, CSIRT Indonesia memberitakan “diduga” situs resmi Kejaksaan Agung jadi korban deface (csirt.or.id). Meski detail belum jelas (hanya unggahan peneliti siber), peristiwa ini cukup mengundang perhatian bahwa siapa pun bisa jadi sasaran peretas.

Peran Media Sosial

Berita serangan siber cepat tersebar lewat media sosial. Klaim peretasan Kemhan pertama muncul di platform X (dulu Twitter), diunggah oleh peneliti @stealthmole_int (kompas.id). Kasus KPU bocor juga viral setelah hacker memamerkan sebagian data di forum BreachForums dan diunggah oleh pakar siber (liputan6.com). Begitu tersebar, warganet langsung bereaksi: ada yang sindir bahwa lulusan IT di pemerintah “kurang dimanfaatkan” dan menyindir janji keamanan data (liputan6.com). Komentar sarkastik semacam itu cepat viral, sehingga berita resmi pun ramai diberitakan media. Dengan kata lain, tweet, unggahan, dan forum daring menyulut spotlight publik: berita “sistem keamanan nasional” yang bocor jadi topik hangat di Twitter, TikTok, dan YouTube.

Kominfo dan BSSN sebenarnya rajin merilis angka-angka serangan: misalnya Kaspersky laporkan Indonesia terkena ~80 ribu serangan web per hari (kominfo.lhokseumawekota.go.id) (sekitar 29 juta per tahun berhasil diblokir). Tapi di tengah statistik itu, ratusan situs pemerintah kelewatan kebijakan serius. “Sistem aman sesuai PP No. 71/2019? Ha!” sindir netizen ketika data bocor masih dijual. Jargon “aman siber” pemerintah jadi bahan ejekan – situs up-to-date itu mitos, kecuali kala muncul foto pelatihan Diskominfo di media massa (zaman.co.id).

Catatan Akhir

Intinya, serangan siber ke situs pemerintah makin marak dan lelucon. KPU baru saja kena, Kemenhan lagi-lagi, plus puluhan instansi lokal kena badil judi online. Kominfo boleh klaim “udah kita blokir”, tapi netizen tak salah protes: kenapa terus terjadi? Mereka sudah galau sendiri saat data pribadi terjual (liputan6.com). Laporan PANDI dan Diskominfotik bukti nyata masalah: “website pemerintah jarang di-maintain” (zaman.co.id) sehingga jadi sasaran empuk. Mungkin media sosial malah satu-satunya yang peduli (atau malah sekadar ngetroll). Semoga ke depan lembaga terkait benar-benar berbenah—kalau tidak, siap-siap aja beritanya bakal lagi-lagi ramai di Twitter dengan meme “update OS nya dulu, Pak!” (liputan6.com kominfo.lhokseumawekota.go.id).

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print

Government Websites Hacked: 204 Million Data Leaked & .go.id Turns Into Online Gambling Haven!