Video summary

Penyidikan Kejahatan Siber

Main summary

Key takeaways

Educational

Main ideas & lessons from the session (Cyber Crime Investigation / PKPA)

Purpose of the session: Introduce a shared understanding of cyber crime and explain core concepts for investigating it, including:

  • definitions and classifications of cyber-related offenses
  • trends and typical targets
  • relevant Indonesian legal framework
  • types of evidence used (digital vs electronic)
  • general investigation strategy
  • key points from Q&A (digital forensics practice, locus/tempo issues, personal data protection, evidence handling, and procedural authority)

Key concepts explained

1) Definition of cyber crime

Cyber crime is framed as offenses involving computers and networks. It includes crimes committed by individuals or groups that cause loss or harm (physical/mental), directly or indirectly, using internet technology or mobile devices.

2) Why cyber crime is increasing

The session explains that internet use in Indonesia is essential/basic need because daily activities rely on multiple devices (phone/PC/tablet), such as shopping and ticket ordering.

As connectivity grows, criminals increasingly shift to exploiting weaknesses in internet/network use. Threats can come from:

  • individuals
  • groups
  • organizations (including potentially state and non-state actors)

3) Types / classification of cyber crime (two major categories)

A. Computer Crime (direct attacks on the computer/electronic system)

Examples mentioned:

  • illegal access (hacking)
  • data theft
  • interception / wiretapping
  • changing appearance / system manipulation
  • disruption attacks (e.g., DDoS)
  • data manipulation (including repeated disruptive commands/traffic, as referenced in the session)

B. Computer-Related Crime (conventional crimes using computer facilities)

Examples mentioned:

  • online fraud / scams
  • distribution of pornographic content
  • gambling (including “immoral” gambling-related content)
  • defamation / honor-related attacks
  • blackmail
  • fake news / hoax
  • “hate speech”-type content

Motives are broadly linked to economic, political, and ideological factors.

4) Trends and common targets

The session notes a trend where cases are mostly in the “computer crime” category, with strong emphasis on ransomware, especially attacks on data centers / large systems.

A ransomware incident involving Indonesia’s national data center (PDNS) is referenced as previously investigated, with the system reported to be running again.

How disruption works (session analogy):

  • Conventional disruption is compared to many overlapping “job orders.”
  • Digital disruption is described as creating high traffic/anomalies that paralyze systems.

Other commonly discussed offenses include:

  • online fraud
  • defamation
  • fake news
  • pornography distribution (including via social media live streaming)

A data point was mentioned (numbers appear noisy due to auto-subtitles), suggesting that fraud, defamation, and illegal access are frequently collected categories.

Typical victims highlighted include banks, because:

  • perceived IT security may not be fully optimal, and
  • ransomware targets are considered relatively “easier.”

Cybersecurity situation (Indonesia)

  • Attacks peak around 2022 (a figure “372 attacks” is stated).
  • The largest share of attacks targets corporations/banking.

Legal framework & legal application

1) IT law amendments mentioned

The session describes Indonesia’s IT law basis as:

  • Law No. 11 of 2008 (Electronic Information and Transactions)
  • amended by Law No. 19 of 2016
  • then amended again by Law No. 1 of 2024, effective early in the year (February stated)

The session emphasizes that the law “remains Law 11/2008,” but criminal provisions and some norms change.

2) How cyber crime acts are grouped (as described)

Legal subject: anyone who acts without rights/law, violating norms.

The session lists seven (plus blended) types of unlawful actions as presented, including actions such as:

  • distributing / transmitting
  • accessing
  • transferring
  • intercepting
  • changing / adding / reducing
  • damaging / eliminating / manipulating / creating
  • moving / hiding (subtitles blend items, but the core idea is broad manipulation/attack forms)

Object described as:

  • electronic systems
  • electronic documents
  • electronic information containing items such as:
    • gambling/immoral content
    • honor attacks
    • threats
    • fraud
    • hoax/fake news content

3) Evidence rules in cyber crime investigations

Besides KUHAP Article 184 evidence (witness/expert statements, letters, statements of the defendant), the session states there are two additional evidence types in IT law, including:

  • electronic information
  • electronic documents (including their printouts)

Practically, the session presents the main “extra” point as: electronic info/docs and their printouts are recognized as evidence.

4) Digital forensics vs electronic evidence (distinction)

The session distinguishes:

  • Digital evidence (content-focused):

    • emails
    • social media content
    • transaction records (e.g., mobile banking evidence)
    • messaging content (e.g., WhatsApp conversations, referenced later in Q&A)

  • Electronic evidence (device/tool-focused):

    • computers, laptops
    • cellphones
    • servers
    • memory cards
    • hard disks / CDs
    • modem
    • GPS
    • CCTV and DVR

Key operational concept:

  • digital evidence = content
  • electronic evidence = devices/tools

5) “Layering” with other laws

Besides the IT law, other laws can be used as supporting layers depending on the case type, including:

  • the Criminal Code (KUHP) / Law No. 1 of 1946 (mentioned)
  • Constitutional Court decisions limiting certain articles (references to Article 13/14/15/16 are mentioned but unclear from subtitles)
  • pornography-related regulation
  • money transfer laws
  • TPPU (money laundering / fund-flow predicate) concept
  • Personal Data Protection Law (discussed in Q&A; stated as effective)

Strategy for handling cyber crime (explicit bullet-style list from the talk)

  • Quick response to perpetrators
  • Improve regulations where criminal provisions are considered “elastic” (multiple interpretations)
  • Strengthen organization
  • Collaborate with related institutions/agencies (examples referenced: BSSN/InfoBSSN and others)
  • Increase public awareness
  • Conduct early detection
  • Carry out integrated investigations

Q&A highlights (core outcomes and practical points)

A) Digital forensics: what it means and why it matters

Digital forensics is described as a way to determine:

  • whether an electronic system/device was engineered/altered
  • whether there are indications of crime

Example context: PDNS ransomware impact—system downtime affecting multiple institutions, with investigations and digital forensic work ongoing.

Time/effort expectation: Uncovering ransomware perpetrators can take 5–10 years for perpetrators and investigators (FBI/Interpol/AFP referenced).

Practical stance:

  • no system can fully deny ransomware if internet exists
  • defenders must reduce exposure and detect anomalies

B) Preventive steps emphasized (user/admin hygiene)

  • Keep systems updated:
    • update operating system
    • update antivirus
    • regular maintenance
  • Use protections (general mention):
    • firewall / antivirus
  • Critical warning:
    • sharing passwords is described as the most common cause leading to attacks

C) Locus (place) and tempo (time) in cyber crimes

  • Internet crime is presented as not constrained by distance.
  • “Tempo of crime” uses incident timing under Indonesian law.
  • For cross-border suspects:
    • coordination with other governments is needed
    • legal cooperation applies (e.g., perpetrator in the Netherlands; Indonesian arrest cannot happen directly without international/legal process)

D) Personal data protection & Starlink question

  • Personal Data Protection Law was discussed as:
    • lawful processes can proceed as long as the incident/action meets the elements and requirements under that law.
  • Starlink details were discussed only at a high level (satellite-connected internet system), while permit/availability discussion was avoided as “sensitive.”

PDNS illustration: evidence submission to international partners; perpetrator reportedly provided a key and apologized (per subtitles), while investigation remains ongoing and the source is still reviewed.

E) Who can do digital forensics?

  • Digital forensics can be done by parties, but:
    • for legal processes, results must be supported by procedure and chain of custody
    • police investigators will conduct/verify examinations as needed
  • If evidence comes from external institutions, it should be:
    • examined/validated by investigators
    • checked for method/tool integrity and examiner competence/certifications

F) Can digital forensics results from Kominfo be used later in police investigations?

Main answer:

  • Yes, results can be used as evidence, but police will:
    • re-examine/validate
    • compare methods/results
    • continue deeper analysis if differences arise until the legal narrative is sufficiently supported

The session highlights a “similar/different results” logic: courts accept evidence that is most legally accountable and strengthens the incident facts.

G) Evidence handling: confiscation and devices

The session repeatedly distinguishes:

  • electronic evidence must be seized/confiscated if tied to the alleged crime
  • victims may be instructed not to delete content (especially WhatsApp/chat evidence)
  • screenshots may be used, but primary device evidence likely still needs preservation

H) Authority to confiscate devices (institutional boards vs police)

A question was raised about whether an honorary council can seize/check a cellphone like police. The answer emphasized:

  • it depends on consent, willingness, and examination mechanisms
  • devices are private; without permission/consent it creates obstacles
  • institutional procedure may differ from police criminal SOPs

I) Handling e-commerce marketplace hacking / follow the money

The “follow-the-money” approach was emphasized:

  • trace where funds go to identify perpetrators even if they are not fully caught scientifically
  • for platform/bank data access, investigators use lawful legal stages to request data (confidentiality and investigation-stage constraints were mentioned)

J) “Dead number” / reactivated SIM issues

  • Provider policy on inactive (“dead”) numbers:
    • numbers may be reused after re-registration with new identity
  • Liability depends on evidence:
    • if re-registration was done by someone else and the number was misused, victims may pursue the responsible party and investigate provider SOP compliance

K) Assets/proceeds of crime and state confiscation disputes

Discussion referenced disputes about whether proceeds should be:

  • returned to defendants, or
  • confiscated by the state

Outcomes vary by court decisions and legal considerations. Even if proceeds can’t be returned to victims, civil routes may still be available depending on court decisions.

L) Training and capacity of human resources (final question)

  • Law enforcement needs cybercrime competence:
    • understanding IT basics to investigate and prosecute
  • Challenge noted:
    • prosecutors/judges in some regions may have less familiarity with IT crimes
  • Proposed improvement:
    • continuous training and certifications, not just short courses

Speaker/source list (identified from subtitles)

  1. Faruki Nailua (session presenter)
  2. Mas Darel (organizer/co-host)
  3. Darel / Darel Lumban Raja (expert responses in Q&A)
  4. Satria (participant; asks about digital forensics independence/ISO and agency roles)
  5. Kris (participant; asks about Starlink, personal data protection, and PDNS supervision)
  6. Ahmad Safulah (participant; asks to connect later for study/evidence related to information technology)
  7. Fa Bali (participant; asks about SOP for opening devices in cases)
  8. Ari / Mas Ari (participant; discusses an ongoing marketplace/fund loss case)
  9. Lumban Raja (appears again as expert for follow-the-money and legal questions)
  10. Zara / Mr. Zara (named during asset/money status discussion)
  11. Sugi (Sugarto/Sugarto?) (participant; asks about use of Kominfo forensic results in court)
  12. Fa(r)uki / Faruki (presenter name appears multiple times)
  13. Santoso (secretary general of PERATIN; gives closing plaque/greetings)
  14. Director of Cyber Crime (institution/leader referenced; thanked/represented)

Note: Several names/roles appear with subtitle errors. The list reflects distinct named individuals as they appeared in the provided subtitles.

Original video