The leader of a notorious hacker collective known as the Phoenix group, along with a prominent figure named Chapaevv, spoke to Gazeta.ru to share their stance on a recent government initiative in Russia. They stated that pro-Russian hackers will not join the state program aimed at identifying vulnerabilities in Gosuslugakh because their schedules are simply too crowded, leaving little time for focused testing. The program, the government’s digital development ministry announced on February 10, is meant to map and bolster the security of public online services, including Gosuslugakh, which serves a broad array of citizen and business needs.
According to the Phoenix leader, participation by hackers in the Ministry of Digital Development’s program is highly unlikely. He described a perpetual churn of events around the world, noting that the most frequent developments involve actions against the Russian state and its people. For hackers who claim to operate quickly and decisively in response, the constant demand to react can eclipse opportunities for methodical testing. In his view, sleep is a rare luxury, and long nights spent auditing public systems are often sacrificed to keep up with evolving threats and adversaries.
The conversation also touched on the economics of cyber activity. He argued that the legitimized work of white hat researchers—hackers who seek and report security gaps for legitimate compensation from private companies or state entities—can be far less lucrative than illegal activities pursued by black hat actors. In his assessment, the black market for cybercrime generates substantially more revenue than cooperative, law-abiding testing efforts. This dynamic, he suggested, shapes decisions about where and how to allocate effort and resources in the cyber domain.
Nevertheless, the Phoenix leader expressed support for the concept of engaging white hat hackers in a constructive way to scrutinize Gosuslugakh. He acknowledged that the state information portal already enjoys robust protections, a testament to the ongoing commitment to safeguarding essential public services. The debate, in his view, is not about the existence of security layers but about finding the right balance between speed, thoroughness, and accountability when identifying and mitigating vulnerabilities.
When reflecting on how vulnerabilities in Gosuslugakh are reported and addressed, he noted a trend in the broader media landscape. Headlines about breaches and “cheats” associated with Gosuslugakh have grown less frequent over the years, a shift he interpreted as evidence of improved resilience or perhaps changing attack patterns. He also mentioned intelligence efforts that monitor foreign hacker groups and warned that external actors are increasingly cautious. According to him, these groups may refrain from probing highly fortified systems because they anticipate a strong defense and a difficult intrusion, underscoring the perception of Gosuslugakh as a well-protected platform.
In a candid assessment of risk within the most secure information systems, the speaker emphasized that the human element remains the weakest link. Even with layered defenses and advanced technologies, the choices, behaviors, and awareness of users can open or close doors to exploitation. His remarks anchor the conversation in a practical reminder: even the best security architecture can be compromised by simple human mistakes, underscoring the need for awareness, training, and responsible best practices across organizations and agencies.