Russia’s Ministry of Digital Development and Rostelecom announced the introduction of a white hat hacker bounty program within the framework of the State Services service and the Unified Identity and Authentication System (ESIA). The announcement, reported by TASS, quotes Minister Maksut Shadayev explaining the initiative and its purpose in strengthening government digital services.
White hat hackers are independent information security experts who specialize in locating vulnerabilities in software, mobile apps, websites, and other client systems. In this program, the client is Gosuslugi, the United States? No, Rostelecom acts as the provider for Gosuslugi. According to Shadayev, payments for each discovered vulnerability can reach up to one million rubles, underscoring the government’s commitment to robust digital protection for public services.
Registration to search for vulnerabilities in Gosuslugi and ESIA is available through bug bounty platforms such as Standoff 365 Bug Bounty, operated by Positive Technologies, and BI.Zone Bug Bounty from BI.Zone. The first platform allows participants aged 14 and older with parental consent to register, while the BI.Zone platform requires a minimum age of 18. This age split reflects different regulatory and safety considerations around responsible disclosure and participation in security research.
Previously, it was reported that from June 1, 2023, two-factor authentication would become mandatory for all Gosuslugi users. This measure aimed to add an extra layer of security for citizens interacting with state services and to reduce the risk of credential compromise. The move aligns with broader digital security practices seen around the world, where stronger authentication helps protect sensitive personal data and critical online transactions.