PT Telkom Tbk and Biznet, the biggest two Internet Service Provider in Indonesia were accused for installing spying software on its server that could be used to monitor the traffic and content accessed by users.
“The assumption of spy software installation on the server was done in 25 countries,” as reported by Citizen Lab, Toronto University in a paper entitled “You Only Click Twice: FinFisher’s Global Proliferation, as cited in Citizenlab.org.
Those 25 countries are Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States and Vietnam.
They found command server and control for “backdoors” FinSpy on the server of Telkom and Biznet. FinSpy is a part of distance monitoring of Gamma International Finfisher.
FinFisher is a software that could be remoted and monitor users developed Gamma International GmbH. The products of FinFisher are sold exclusively to uphold regulation related to tapping.
The report added that although the software circulation is protected by law, but practically it is much used to spy on activists who are opposed to the government.
Particularly, in Indonesia, the spy software is claimed coming from IP (internet protocol) address of server 118.97.xxx.xxx (Telkom), 118.97.xxx.xxx (Telkom), 103.28.xxx.xxx (PT Matrixnet Global), 188.8.131.52 (Biznet), 184.108.40.206, (Biznet).
Head of Corporate Communication Affair PT Telkom, Slamet Riyadi denied the issues that have been discussed in the social media.
“Telkom doesn’t have server to monitor or spy on the customers as what is written in the article,” Slamet said.
He explained that based on the IP partial address in the report, it is concluded that it is customer of Astinet/transit Telkom and to identify it we need IP address that is more complete.
“The blocking request for the IP based on procedure there must be request from CERT of related country to CERT Indonesia, which is Indonesia Security Incident Response Team of Internet Infrastructure (IDSIRTII),” Slamet said.
Meanwhile, the President Director of Biznet Networks Adi Kusma said that his company never has the policy as stated in the report. Though, he admitted that the IP address stated in the report is inside the range pool of the company.
“For sure, we have to check who own the IP address,” Adi said.