Australian intelligence's secret hand in bringing down the Bali bombers
HomeHome > Blog > Australian intelligence's secret hand in bringing down the Bali bombers

Australian intelligence's secret hand in bringing down the Bali bombers

May 12, 2023

For two long and intensely frustrating weeks after bombs tore through Bali's nightclub strip, investigators had no idea who was responsible for killing 202 people, including 88 Australians.

What happened next has remained a secret for two decades — but it involved the shard of an exploded Nokia phone, Australian spies and their secret supercomputer.

Three bombs had been detonated shortly after 11:08pm on Saturday, October 12, 2002. The first exploded at Paddy's Bar in Kuta, followed by a second massive blast at the Sari Club across the road.

The detonation of a smaller bomb outside the US consulate in Denpasar betrayed an anti-West motive.

"The crime scene was what you'd expect from a bomb blast," remembers Mick Keelty, who was Australian Federal Police commissioner at the time of the Bali bombings.

"There were bits and pieces of human flesh blasted into walls. Most of the buildings had lost their roofs. There was an engine of a motor vehicle on the second floor of a building that was three blocks away from the blast."

"A bomb attack of that scale, it shocked every one of us," then-head of the Indonesian National Police (POLRI) General Da'i Bachtiar said.

"Even [Indonesian] president Megawati [Sukarnoputri] came to Bali to witness the extent of the damage firsthand."

On the Monday after the attack, the president held a cabinet meeting, where almost every minister criticised the Indonesian National Police for failing to prevent the bombing.

The Indonesian general fronted ministers and prepared himself to be sacked.

"Megawati gave me my chance to speak," Bachtiar told the ABC.

"I said, 'Police have two main tasks: to prevent a crime from happening, and secondly to investigate a criminal case until we find the perpetrators. As the chief of POLRI, I failed my first task, but there is a second one waiting for me.'"

The pressure on Bachtiar was immense. He vowed to resign if he did not bring the bombers to justice.

The bombsite was still smouldering when then-commissioner Mick Keelty was woken by calls from Indonesia.

"[Bachtiar] asked me how soon I could get some people on the ground," said Keelty, who had already established a trusted relationship with the Indonesian general years before the Bali attack.

By sheer coincidence, AFP specialists were already en route to Jakarta to run a training course on the night of the Bali bombings, after Bachtiar had confided to Keelty over a round of golf in Perth, months earlier, that Indonesia lacked expertise in forensic investigation.

The specialists were quickly diverted to Denpasar, joining other AFP officers who were in Bali already.

Operation Alliance began, led on the Australian side by assistant commissioner Graham Ashton, and on the Indonesian side by Made Mangku Pastika, who Keelty also knew well, having trained with him in the 1980s.

Even with some of the world's best forensic investigators onsite, the Bali bombing was proving immensely difficult.

The Sari Club blast was so big it had left a deep crater that had filled with water. And there was also a question of culture: In keeping with the Muslim faith, Indonesian authorities wanted to remove the bodies for burial within 24 hours.

After a fortnight of frustration, the only solid leads that Pastika and Ashton had to offer were a white mini-van that was used to carry the Sari Club bomb — its chassis and engine numbers filed off — and the probable ingredients of the explosives used.

Pressure was mounting on investigators.

And after meeting with Indonesian spy chiefs in Jakarta alongside ASIS director-general Allan Taylor and ASIO boss Dennis Richardson, Keelty believed Pastika's team was being poorly advised by Indonesian intelligence.

"Their briefings did not match what we were getting from the crime scene, their briefings were way off," Keelty said.

It was clear this investigation required some special detective powers.

"Pastika knew this already — he'd looked in the skies and said, 'The answer will come from the skies,'" Keelty said.

"I knew that he was a practising Hindu ... he prayed every day. And I said, 'You mean from God?' and he said, 'No, no, no: from satellites.'"

Luck changed for investigators when forensic crime scene examiner Sarah Benson found the tiny fragment of a Nokia 5110 mobile phone outside the US consulate. This was the smallest of the three bomb blast sites — and the most forensically clean.

Luckier still, that fragment contained the Nokia's 15-digit serial number, or IMEI number.

"The IMEI number is unique to each mobile phone," Keelty said. "You can change SIM cards on phones but the IMEI number remains the same."

Nokia 5110 phones had been used by terrorists elsewhere in the world because they were known to produce sufficient electric charge when they rang or received a text message to set off explosions.

Knowing who owned the Nokia phone, or who rang it to detonate the bomb outside the US consulate, were potential leads.

But these leads required the phone data held by Indonesia's government-owned mobile provider Telkomsel.

And another important clue had emerged: The Sari Club explosion was so enormous it had been picked up by seismic sensors, pinpointing the exact moment of its detonation: 11:08:31pm Bali time.

The AFP believed the Sari Club explosion, like the one outside the US consulate, had been detonated remotely.

"The organisers made sure that these suicide bombers didn't back out at the last minute. So the bombs were being detonated by mobile phones," Keelty said.

"We knew that if we overlaid the data from the seismic blast with the data from telephone records, that we would be able to pretty much precisely identify what the number was that was dialled that detonated the other bombs."

With the full understanding of Pastika's team, AFP and Telstra technicians went to the Jakarta headquarters of Telkomsel to request access to the company's mobile phone data.

"When we went with the Indonesian National Police and our Telstra colleagues to Telkomsel, we basically were explaining to the Indonesian National Police at the same time how we were using analysis of analogue phones and cellular phones in Australia, and the success we were having in criminal investigations."

Access was granted.

"The crime scene was one thing but in terms of the telephone network and the data that Telkomsel had, that was pretty much untouched, it was pristine. This was what I would call a goldmine," Keelty said.

But it was a goldmine too rich for the Indonesian or Australian police to mine.

Australian law-enforcement agencies had never dealt with the scale of information that came from the Telkomsel data.

Police needed Defence or, more specifically, the super-secretive Defence Signals Directorate (DSD) based in Canberra.

DSD held one of the only supercomputers in Australia capable of handling the data, and the then-heads of DSD and Defence agreed that this immense computing power should be offered — discreetly — to scour the phone data.

Keelty and Australia's ambassador to Indonesia were also on board — after all, then-prime minister John Howard had ordered the Bali investigation be a diplomatic and intelligence priority.

In this oral history, we weave together the story of the Bali bombings, the single-largest loss of Australian life from an act of terror.

But the rule of law in Indonesia was paramount: There was no point in having an investigative tool if it could not result in arrests that would satisfy the local justice system.

"We didn't want to know how [DSD] were doing it — or any of their methodologies — because if we did, we would have to give it in an open court," Keelty said.

"So we had to have this, if you like, Chinese whisper going on between Defence Signals Directorate and our own people on the ground and just point our people in a direction as to where to go."

Long before the Bali bombings, DSD was sweeping up huge amounts of data through its satellite intercept station outside Geraldton as part of its role in the global surveillance network Echelon, operated by the Five Eyes intelligence partners: Australia, Canada, New Zealand, the United Kingdom and the United States.

And to make sense of mass data, you need computers with grunt.

"Before big data was even mentioned, signals intelligence agencies like ASD were very much in the big data game and they had clever people who could analyse that and find the needle in the haystacks," former ASD director-general Mike Burgess, now ASIO boss, said.

"And that's the secret of the signals intelligence organisation. It's not just understanding how things are communicating, getting to the pinpoint of the communications by breaking codes. You know, there's a lot of data you need to target the right individuals."

DSD was the first Australian organisation to obtain a Cray supercomputer in the 1980s — bought by Jim Noble, the father of current ASD director-general Rachel Noble.

"It's a hilariously daggy-looking thing, I've got to say," Rachel Noble said of the agency's first Cray computer.

"Your iPhone has thousands of times more processing capacity than that supercomputer, but when we bought it in 1986, it was the first in Australia and the first in the southern hemisphere, and it was an absolute game changer for the organisation."

Neither Noble nor Burgess were willing to detail DSD's involvement in the Bali investigation.

DSD's supercomputers at HMAS Harman, on the outskirts of Canberra, got to work analysing Telkomsel mobile phone data generated by tens of millions of people on its national network, making hundreds of millions of calls and text messages.

"This was the biggest lead in the investigation, and the most important lead in the investigation, because it was a pristine piece of evidence that could be looked at and could give immediate results, which is what it did," Keelty said.

"Network analysis was not easy. It's extremely complicated," Bachtiar noted. "There were thousands of phone numbers involved, but we were able to identify and find the pattern."

The Nokia 5110 used to trigger the US consulate blast had received one final call from a number DSD identified in the Telkomsel data.

This helped Indonesian National Police trace the owner of that number, hunting him down through a Bali retailer.

His name was Idris.

He was the logistics man who had not only called the Nokia 5110 but also bought SIM cards and arranged transport and accommodation for the Bali bombers.

"Idris was the hub, and the spokes went out from the hub to the rest of the wheel, and the rest of the wheel is what drove the bombings," Keelty explained.

DSD's analysis of Idris's calls and texts, combined with phone data extracted from the precise moment of the Sari Club explosion, established the bomber's command team: Mukhlas, who was the operations chief for terror group Jemaah Islamiyah, and his field commander Imam Samudra.

Establishing the web of terrorists required an iterative process, with information passing back and forth between Canberra and Denpasar.

DSD would scour the phone numbers for good leads, allowing Indonesian and Australian police on the ground to follow them up. In return, DSD would receive tip-offs from investigators in Bali on numbers to check, and the process was repeated time and again.

"That reverse network analysis was critical to unravelling the network of terrorists," ANU's international security and intelligence studies professor John Blaxland said.

"And that was a real breakthrough, an extraordinary breakthrough, that saw trusted collaboration between Australia and Indonesia, the likes of which we've actually never seen before."

Meanwhile, the lead Indonesian investigator Pastika had been frustrated by the absence of forensic clues coming from the white mini-van that had exploded outside the Sari Club. He ordered his officers to take another look at the wrecked engine.

His gut instinct was spot on — and it further confirmed the cyber sleuthing being conducted 4,500 kilometres away in Canberra.

"We found another clue from a small Transport Ministry registration plate," General Da'i Bachtiar told the ABC.

"We traced that plate and we found that the car had gone through six owners, one after another, and ended up with Amrozi who lived in the small village of Tenggulun in East Java."

Amrozi was the brother of operations chief Mukhlas.

DSD cross-checked the exceptional police work by POLRI and identified another one of the bomb plot lieutenants, Ali Imron, who was also a brother of Mukhlas.

With DSD's help, investigators next identified the bombmakers, who included Jemaah Islamiyah's explosives expert Azahari Husin, as well as recruiter Rauf Abdul and the suicide bombers who targeted Paddy's Bar and the Sari Club.

Triangulation of DSD's data allowed the Indonesian and Australian police to geolocate the suspects using equipment AFP took to Bali.

The first arrest was Amrozi, dubbed the "smiling bomber", who was quick to cough up his co-conspirators.

"Some of those people were arrested in towns where there are millions of people," Keelty said.

"But getting those first arrests was so crucial because some of those people cooperated. And we could test their cooperation because we actually had the data."

"This was AFP's role in the Bali bombing case," Bachtiar said.

"From one suspect, Amrozi, we could dismantle the whole network and we just found out that there was a group called Jemaah Islamiyah."

Bombing mastermind Mukhlas attempted to evade detection by regularly swapping SIM cards, not knowing that DSD was tracking him through his phone's unique IMEI number, leading to his arrest by POLRI in central Java.

Samudra was also swapping SIM cards and turning his phone off and on when he needed to text or call, which only aided Indonesian and Australian data analysts in identifying suspicious activity.

"Yes, it was interesting to learn what the terrorist considers 'hiding' their number," Bachtiar said.

"By turning off the phone and taking the SIM card out, it gave us clues to find them."

Armed with geolocation data accurate to a radius of 500 metres and a facial description given by Amrozi, Samudra was eventually arrested at the Merak ferry terminal.

"We found Imam Samudra sitting inside a bus waiting for the crossing, in the back row, after tens and tens of people had been arrested before him, within the 500-metre radius," the Indonesian general said with a wry chuckle.

"Thank God the technology could reveal him."

General Da'i Bachtiar, returning successful to the government ministers he had feared would sack him, advised President Megawati to invest in the same Australian technologies that had helped pin down the Bali bombers.

"I thank Mick so much for that support and even more," Bachtiar said.

"We want to show the world that joint Indonesian-Australian police cooperation made this all work."

Mick Keelty said without DSD's wizardry, the investigation might have foundered.

"What we got from DSD and the other Australian government agencies … it was just brilliant," Keelty said.

"It had to be handled with care because … behind DSD, sits the Five Eyes community and the capability for war."

The story of the Bali investigation is featured in BREAKING the CODE: Cyber Secrets Revealed which airs at 7:30pm on June 4 on the ABC News Channel and at 10:30pm on June 5 on ABC TV. You can also watch it on ABC iview.

Translation by Ari Wuryantama.

The story of the Bali investigation is featured in BREAKING the CODE: Cyber Secrets Revealed which airs at 7:30pm on June 4 on the ABC News Channel and at 10:30pm on June 5 on ABC TV. You can also watch it on ABC iview.