INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
CERT (Computer Emergency Response Team) is a technical coordination team regarding to internet network incident in the whole world. Recently, the team is improved by RFC 2350 <http://tools.ietf.org/html/rfc2350> and name it as CSIRT (Computer Security Incident Response Team).
CERT or CSIRT in every country is built by community. Though some of them is supported by their country such as KrCERT (South Korea), JPCERT (Japan), AusCERT (Australia), etc. In each country, CERT has various job authority and constituent. Some CERTs have a little bit different pattern one from another.
For example, CERT in South Korea has authority in the national cybernetiquette security; meanwhile CERT Australia has constituent and membership so that it got fund to support its activity. There are also CERTs/CSIRTs built by limited community or country with
limited scope for limited circle, such as MilCERT (Military), GovCERT (Government), BankingCERT (Banking), ISPCERT (ISP), etc. CERT/CSIRT does coordination not only in a country internally (among CERT/CSIRT or organizations) but also internationally.
Many times a coordination needed among CERT/CSIRT when involving internet network incident. A good relationship is important to have among CERT/CSIRT, and to facilitate it a regional forum is built by all CERTs in Asia Pacific, named APCERT (Asia Pacific CERT), including ID-CERT as one of the founder.
ID-CERT (Indonesia Computer Emergency Response Team) is an independent team which is from and for community. ID-CERT is the first CERT in Indonesia and founded by DR. Budi Rahardjo in 1998. ID-CERT together with JP-CERT (Japan), AusCERT (Australia) is one of the founders of the APCERT (Asia Pacific Computer Emergency Response Team) forum.
In 1998 there was no CERT in Indonesia. Based on that DR. Budi Rahardjo, an internet security expert, encouraged himself to establish ID-CERT. At the same time countries around Indonesia began to establish their own CERTs and this continued into Asia- Pacific forum which later became the APCERT.
First APCERT Meeting was attended by DR. Budi Rahardjo and Andika Triwidada in Tokyo, Japan in 2001. APCERT Meeting became annual agenda held taking turn between its members. Japan and Australia are two most active members in APCERT. ID-CERT has a difficulty to attend this annual meeting, that is funding, which always depends on sponsorship.
ID-CERT wishes to remain standing as a non-governmental organization, independent, but received an allocation of government funding as a contribution to the CERT. ID-CERT is just being reactive (not active) in responding and handling a case of incoming or reported incident by complainers. ID-CERT does not have the authority to investigate a case thoroughly, but just become a liaison who can be trusted, especially by those who reported incident.
- ID-CERT’s purpose is to coordinate the incidents handling involving community locally and internationally.
- ID-CERT does not have operational authority to its constituency, it only informs a variety of complaints to network incidents, and depends entirely on the cooperation with all those involved in incidents related networks.
- ID-CERT is built from community and the results will be given back to the community.
- ID-CERT helps increasing the internet security awareness in Indonesia.
- ID-CERT has research in internet security which is needed by the Indonesia internet community.
ID-CERT is being reactive, that is doing the job based on incident reports received by ID-CERT. The most incident reports received by ID-CERT is phishing. The reports were received personally by DR. Budi Rahardjo, Andika Triwidada, and Ahmad Alkazimy, then sent on to the reported site or to the related provider. Mailing list is also used to explain some cases and their progress.
Now, ID-CERT has a “helpdesk” to manage incoming reports and resolving progress. At this time, ID-CERT is run by professionals and supported by volunteers. Demand of “helpdesk” is related to improve services and handle the incident complaints, also in the need of presenting a statistic of handling cases, that always presented at APCERT Meeting.
1. Incident Monitoring Report
ID-CERT in the last three years have done a research related to incident handling based on complaints, named Incident Monitoring Report, that involve ISP, NAP, Telecommunication Operator, and non-ISP such as Government and company. It was started in 2012 with name Internet Abuse Research, ID-CERT was one of the supporters of the research. Since March 2012, the research became permanent activity for ID-CERT. It hopes to be continuous so that Indonesia will have a primary data of Incident Monitoring Report occuring in Indonesia. In 2010 the research involved 13 organizations of respondent, and in 2011, it's been 38 organizations of respondent joined the research. The amount of complaints received is about 290,297 per month:
Most cases are from abroad because they found difficulty to contact the site administrator of the problem site. They trusted ID-CERT to report the case. ID-CERT has been made good relationship with neighbourhood CERTs and some of them have visited ID-CERT in Indonesia.
2. Statistics of Indonesia Malware
ID-CERT plans to have Statistics of Malware in Indonesia. The research is to find out the direct impact and readiness of Indonesia internet society to virus/worm/malware.
Some methods to use are:
- Survey by using empty USB Flashdisk. Then bringing it back to the Laboratory and the USB Flashdisk is scanned by various antivirus.
- Survey by using USB Flashdisk which installed by portable apps (an antivirus application which no need to be installed to computer when inserting it to the computer, and can be used to scan the PC and also the network directly).
- After farming the virus, our team will make a note of time, name of the virus, and location where the virus founded. Then, name of the virus will be saved to the database and statisics will create. This method will be improved so that can be done report parsing automatically.
- Other method is by using honeypots server to collect various malware around Indonesia.
V. ID-CERT Agenda
The most ID-CERT’s attention is: what exactly will be expected by society from ID-CERT.
- ID-CERT will prepare the workflow and Standard Operation Procedures (SOP) and a detal jobdesk to develop/improve and add some staffs, at least to respond in helpdesk.
- ID-CERT will deploy a system to manage and handle incidents better.
- ID-CERT will prepare several other researches and studies, required by Indonesia internet community. ID-CERT also plans to add personnel in the field of research and collaboration with leading universities in developing any necessary research.
- ID-CERT will publish regular research reports per month, per bi-monthly, per semester, and annual report.
VI. Community Support
ID-CERT hopes that many more respondent to participate in various researches run by ID-CERT, for greater good of Indonesia internet in the future. ID-CERT also hopes that in establishing it ID-CERT gets support especially in operational matters.
- ID-CERT Constituent Membership of ID-CERT is available for all Indonesia internet communities which care for internet security , either for ISP or non-ISP, such as governmental organizations (department, Pemda, BUMN, BUMD, etc) or private sections.
- ID-CERT Respondent From the research of Internet Abuse 2011, ID-CERT has 38 organizations of respondent. However, ID-CERT always welcome to new respondents whom want to participate in researches run by ID-CERT.
- ID-CERT Supporting/Affiliation ID-CERT define its supporter or affiliation as organizations which give their support in ID-CERT researches. ID-CERT invites Indonesia internet communities to give their support in sponsorship, donation or membership fee (will define later).
- ID-CERT Volunteer From the first day, ID-CERT got many supports from volunteers in contributing their energy and care for Indonesia internet security. Most of ID-CERT volunteers are individual. ID-CERT is wide open to everyone who wants to contribute in Indonesia internet security by joining ID-CERT research team, or being ID-CERT helpdesk.
VII. Our Team
- DR. Budi Rahardjo (Coordinator of ID-CERT)
- Andika Triwidada (Vice Coordinator of ID-CERT) Finger print=5568 7C7D E898 4F33 A594 A996 DA4B C29F E22D FEE7
- Maman Sutarman
- Sakti Dwi Cahyono
- Oki Bagja
- Setia Juli Irzal
- Rizky Ariestiyansyah
- Ikhlasul Amal
- Samuel Cahyawijaya
- Andreas Wenra Alfa
- Denny Nugraha
- Ridwan Akbar
- Rizky Ariestiyansyah
- Andri Aprijal
- Nurwin Hermansyah
- Indra Suryana
- Adi Prasaja
- Ahmad Alkazimy, (Manager of ID-CERT)
Finger print= 39B2 87BA 3DD6 7832 D56F 0344 FCE4 3A7C FE38 CC96
- Rahmadian L. Arbianita, (Incident Response Team – HelpDesk Officer of ID-CERT)
Finger print= 414A 1183 199E 8BA5 E0D1 C234 08BF 8BDE 1766 2CC7