Report: Indonesia Emerges as Hacking Powerhouse

Internet hackers have found a new home from which to spread online mayhem , and it’s not where you might expect. According to a new report from cloud computing provider Akamai, Indonesia became a hotbed of hacking activity during the first quarter of 2013, rocketing to second place behind China among the most prevalent sources of Internet attacks.

In the final three months of 2012, Indonesia played host to a mere .7 percent of all Internet hacking activity, but during the following three months that figure ballooned to 21 percent. Accounting for a full 34 percent of Internet attacks, China remains the global hacking superpower, but Indonesia’s sudden rise in the tables is indicative of how diffuse networks of hackers around the globe can exploit weaknesses in the web. (It’s theoretically possible that detection has improved but that’s still a pretty incredible jump.)

According to Akamai, the sudden rise in hacking activity emanating from Indonesia probably doesn’t mean hackers are picking up their bags and laptops and decamping for the tropical climes of Jakarta. Rather, the sudden spike in activity is probably indicative of a decision by hacking collectives or large operations to utilize Indonesian servers for botnet operations, automated attacks that use a set of linked programs to carry out an attack and amplify their effect. That same system allows hackers to largely mask their true location.

With 8.3 percent of hacking activity emanating from its shores, the United States comes in third place in Akamai’s ranking. With 4.5 percent and 2.7 percent, respectively, Turkey and Russia round out the top five. Here’s the full ranking:

But this Akamai table also highlights the central problem of confronting hacking activity today: extremely hazy attribution. Consider a scenario in which a large financial institution finds its servers under siege by an attack emanating from a server in Shanghai. The company sees that data and makes an obvious conclusion: the Chinese government is trying to steal the bank’s trade secrets. But IP attribution is not on its own sufficient to ascertain the identity of an attacker — the assault on this hypothetical financial institution could easily have been bounced off servers in different corners of the world to mask the attacker’s actual location. For all the bank knows, it could have been their competitor in the office next door trying to swipe trading strategies. 

Unsurprisingly, businesses remain the biggest targets of Internet attacks, according to Akamai. In an examination of so-called distributed denial of service attacks — a type of hack that directs a massive amount of Internet traffic at a given website in order to take it off life — the company found that its enterprise clients received 35 percent of all attacks. The full breakdown is here:

The following graph breaks those attacks down further and show how financial services remain a favorite target of hackers.