Indonesia Chapter Status Report For 2013

ORGANIZATION

Current Members and their activities:
Charles Lim – Chapter Lead, Malware Research
IGN Mantra – Early Warning System, Research
Digit Oktavianto – Honeypot Deployment, Research
Mario Marcello – Honeypot Development, Developer, Research
Lukas – Honeypot Deployment, Research
Mustafa – Honeypot Deployment, Research
Stewart – Honeypot Deployment, Developer
Hadi Syahrial – Honeypot Deployment, Research
M. Ali Syarief – Android Malware Research
Amien Harisen Rosyandino – Honeypot Deployment, Research
Erwin Adi – Honeynet Deployment, Research
Tita Latifah – Malware Analyst, Research
Dwi Ade Handayani Capah – Malware Analyst, Research
Ammar Fuad – Honeypot Deployment, Developer
Registered Mailing List Members
101 (as of 25 Jan 2014) with about 15 active members.

DEPLOYMENTS

2 HoneeBoxes in Swiss German University and UNIKA ATMA JAYA
1 Dionaea Sensor deployed in Swiss German University
1 Dionaea Sensor deployed in Binus International University
1 Dionaea Sensor deployed in IDSIRTII
1 Dionaea Sensor deployed in Universitas Islam Sultan Agung (UNISSULA)
1 Dionaea Sensor deployed in STIKOM Bali
1 Dionaea Sensor deployed in UNIKA ATMA JAYA
Deployment in Progress
2 Dionaea Sensor to be deployed in Institut Teknologi Sepuluh Nopember
1 Dionaea Sensor to be deployed in Universitas Gajah Mada
5 Dionaea Sensor to be deployed at Indonesia Internet eXchange (IIX) nodes
Near future deployments include:
* Kippo
* Glastopf
* Honeytrap
* SHIVA

RESEARCH AND DEVELOPMENT

The development of central repository for malware collection using XMPP is completed in November 2013. Future deployment to include government, industry specific, and internet service providers.
AMOS (Android Malware Analysis Operating System) version 1.0 is released to help community to analyze android malware
Early warning System that integrate various honeypot logs to better understand current attacks

FINDINGS

We found at least 15 new or unknown malware during the 2013 honeypot deployments.

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS

Mario Marcello completed his bachelor thesis in 2013, entitled “Development of Automatic Malware Reporting for Honeypots at Swiss German University.”
Wahyu Nuryanto completed his bachelor thesis in 2014, entitled “Rancang Bangun Dan Analisa Kinerja Sistem Operasi Untuk Menganalisa Malware Berbasis Android (Design and Performance Analysis of Operating System to support Android Malware Analysis) at Universitas Indonesia.”

Indonesia Honeynet Project participation in various events:
1. Charles Lim and Mario Marcello presented Honeynet Deployment in Academy CSIRT in Bali, Indonesia (http://csirt.stikom-bali.ac.id/index.php?page=acara2.html) on 14 May 2013.
2. Charles Lim presented Honeynet Project Indonesia Chapter in Universitas Indonesia NEST 2013 on 2nd September 2013
3. Charles Lim presented paper entitled “Malware Attacks Intelligence in Higher Education Networks,” in ISICO 2013 http://is.its.ac.id/pubs/oajis/index.php/home/detail/1188/Malware-Attacks-Intelligence-in-Higher-Education-Networks http://is.its.ac.id/pubs/oajis/index.php/home/detail/1188/Malware-Attacks-Intelligence-in-Higher-Education-Networks).
4. Lukas, Charles Lim dan Mario shared knowledge and skills on how to deploy honeypots to academic institution (lecturers and students from UNIKOM Bandung, Poltek Negeri Jakarta, Binus University and Atma Jaya were present) in Atma Jaya Catholic University on 15 November 2013
5. Charles Lim presented “Integrated Approach of Malware Analysis” in 3rd IDSIRTII National Internet Security Day in Bandung Indonesia (http://idsirtii.or.id/nisd) on 21 November 2013.
6. M. Ali Syarief presented AMOS (Android Malware Operating System) in 3rd IDSIRTII National Internet Security Day in Bandung Indonesia (http://idsirtii.or.id/nisd) on 21 November 2013 and slide can be downloaded at http://folder.idsirtii.or.id/pdf/Persentasi_Amos.pdf .
7. Digit Oktavianto presented “Career Opportunities in Information Security Industry” in Universitas Al Azhar Indonesia on 23 December 2013, conducted seminar on Network Security in Universitas Respati Indonesia on 15 January 2014 and also presented “Cyber Security Attack and Trend” in STT Muhammadiyah on 25 January 2014.

At the Indonesia Honeynet Seminar on 18 June 2013, supported by Ministry of Communication and Informatics (http://kominfo.go.id):
1. Charles Lim presented Honeynet – Indonesia Chapter
2. Iwan Sumantri presented Cyber Threats Intelligence in our Critical Infrastructure
3. Lukas presented E-Health Security
4. Amien Harisen presented Advanced Persistence Threats

At the Indonesia Honeynet Workshop on 19 June 2013, supported by Ministry of Communication and Informatics (http://kominfo.go.id):
1. IGN Mantra presented Mobile Security Charles Lim and Mario Marcello conducted Honeypot Deployment Workshop
2. Amien Harisen conducted Kippo and Glastopf Deployment Workshop
3. Digit Oktavianto conducted Developing Malware Lab Workshop
4. Ricky Prajoyo conducted Malware Analysis Workshop
5. Charles Lim conducted Botnet Workshop
6. IGN Mantra conducted Incident Response Workshop
7. Feri Lauw conducted Android Forensics Workshop
8. Mada R Perdhana conducted Memory Forensics Workshop

At the Indonesia Honeynet Seminar on 9 October 2013, supported by Ministry of Communication and Informatics (http://kominfo.go.id):
1. Charles Lim presented Honeynet – Indonesia Chapter
2. Mada R Perdhana presented Dissecting Malware Self Protection : From Flux to Anti Reverse-Engineering
3. IGN Mantra presented Cyber Attack in the University
4. Ahmad Zaid Zam Zami presented Computer Forensic – Investigating Cyber Attack

At the Indonesia Honeynet Workshop on 10 October 2013, supported by Ministry of Communication and Informatics (http://kominfo.go.id):
1. Charles Lim and Mario Marcello conducted Honeypot Deployment Workshop
2. Ahmad Zaid Zam Zami conducted APT Attack Identification and Analysis Workshop
3. Digit Oktavianto conducted Malware Analysis using Cuckoo Sandbox Workshop
4. Ricky Prajoyo conducted Malware Analysis Workshop
5. Mada R Perdhana conducted Memory Forensics Workshop
Our Indonesia Honeynet Project portal (www.honeynet.or.id) is maintained by Lukas, Digit Oktavianto and Charles Lim,.

GOALS

Following are our chapter goals this year:
* To continue to create information security awareness for the public and community of interest
* To build a community of information security research that supports various needs of Industry, Government and Education
* To expand more research collaboration with other information security communities in Indonesia such Cloud Security Alliance – Indonesia Chapter, IDSIRTII, ID-CERT, Academy CSIRT, etc.
* To involve more members to participate/support government initiative on increasing the computer security awareness

MISC ACTIVITIES

More than 15 attendees from Industry, University and Government gather together to declare the formation of Indonesia Honeynet Project on 25 November 2011, and the Indonesia Honeynet Project (www.honeynet.or.id) was formally accepted as one of the Honeynet Chapter (http://honeynet.org/chapters/Indonesia) on 19 January 2012. Facebook fan page (https://www.facebook.com/IndonesiaHoneynetProject ) was created in 31 October 2013 to create better awareness to the public and today page had 247 likes.
Digit Oktavianto authored Cuckoo Malware Analysis book (http://www.packtpub.com/cuckoo-malware-analysis/book ) and maintained his own blog (http://digitoktavianto.web.id) on various technical information security issues, including honeypot installation.
IGN Mantra contributed 2 articles in InfoKomputer Magazine (October and November 2013 edition) on Enterprise Security column entitled “Menjebak hacker dengan Honeynet (Trapping Hacker using Honeynet)”
Charles Lim authored 3 honeypots articles in CISO magazine (http://www.ciso.co.id/) and maintained his own blog
http://keamananinternet.blogspot.com and http://indonesiacloud.blogspot.com to create information security awareness and cloud issues in Indonesia