March 20, 2025
JAKARTA – The Central Jakarta Prosecutor’s Office has launched a corruption investigation into the procurement of temporary National Data Centers (PDNS) by the then-communications and information ministry, which it suspects is related to the ransomware attacks against the sites last year.
On Monday and Tuesday, investigators from the prosecutor’s office questioned at least seven witnesses in the case.
The witnesses’ identities were not disclosed, but the office’s chief of intelligence, Bani Immanuel Ginting, said they were “ministry officials and other parties related to the PDNS procurement and management”.
“We still have around 70 more witnesses and experts to be questioned, as well as checking documents related to the project,” Bani said on Wednesday, as quoted by Antara.
The questioning took place after investigators raided several locations last week, including the Jakarta offices of the ministry, which has changed its name to the Communications and Digital Ministry.
In a statement issued on March 13, Bani said investigators had found and seized documents, cash, cars, plots of land, buildings and digital documents that were believed to be connected to the case. He did not elaborate on the quantities or who owned the property in question.
Marroli Indarto, director of institutional partnership at the communications ministry, told The Jakarta Post on Tuesday that the ministry would cooperate with investigators and provide any necessary information to support the ongoing investigations.
Botched projects
The PDNS were installed in 2020 to serve as temporary data centers while the government constructed a permanent one in Bekasi, West Java, which was scheduled to start operating by March of this year. The temporary facilities were developed by former communications minister Johnny G. Plate, with a price tag of some Rp 958 billion (US$58 million).
In 2023, Plate was convicted in a corruption case pertaining to inflated procurement contracts for a government 4G telephony project.
Read also: Government faces calls for transparency over data center recovery
The PDNS continued during the tenure of Plate’s successor, Budi Arie Setiadi. But in June 2024, the facilities, used to store data from more than 400 government agencies, were subject to a cyberattack using Brain Cipher, an update of the LockBit 3.0 ransomware, resulting in the disruption of immigration services and other public services.
The ransomware variant was reportedly used by hacker group LockBit in a similar attack in 2023 against state-owned sharia lender Bank Syariah Indonesia (BSI).
The cyberattack prompted prosecutors and other state institutions to look further into the facilities and their procurement process.
The Central Jakarta Prosecutor’s Office later found that ministry officials allegedly rigged the tender process for the PDNS between 2020 and 2024 to benefit Lintasarta, a subsidiary of publicly listed telecom giant Indosat Ooredoo Hutchison (IOH) group, as well as state-owned telecom firm PT Telkom’s subsidiary Telkomsigma, which managed the temporary data sites.
Investigators also suspected that neither companies’ capabilities on data protection met the standard set by the National Cyber and Encryption Agency (BSSN), which was believed to be a factor leading to the 2024 ransomware attack.
Authorities estimate that the alleged corruption caused around Rp 500 billion in state losses.
Investigators have yet to name any suspects in the case, Bani of the Central Jakarta Prosecutor’s Office said.
Lintasarta corporate communications head Dahlya Maryana said the tech company would respect the ongoing legal process and was ready to provide any information investigators needed. She added that Lintasarta would guarantee the security of its customers and partners’ data.
Delayed centers
Communications and Digital Minister Meutya Hafid has not made any public comment on the investigation. But she said on Tuesday that the Bekasi data center would start operation in April, a month later than initially planned.
She said the delay pertained to Ramadan, kompas.com reported, but she did not elaborate on the exact challenges the project faced.
Read also: Fresh data breach puts pressure on government to form cyber privacy agency
The government initially planned to build four national data centers in Bekasi, Batam in Riau Islands, Labuan Bajo in East Nusa Tenggara (NTT) and Nusantara in East Kalimantan. However, only the Bekasi project has seen any progress.
The investigation into the PDNS also raised questions about why a local prosecutor’s office was handling a corruption probe into a case with such significant potential state losses. Attorney General’s Office (AGO) spokesperson Harli Siregar said on Tuesday that the investigation was part of the office’s attempt to push its local offices to handle high-level cases.