What if hacking a government site became possible? The interministerial digital department (Dinum) launched a special operation to test two government platforms. As indicated The ParisianWednesday November 29, 2023, it is FranceConnect And AgentConnect. The sum of 20,000 euros was proposed for anyone who managed to “spot critical security vulnerabilities” on these two sites. An initiative led by the site Yeswehack.com, with the approval of the government. The newspaper specifies that there are several rewards, distributed depending on the severity of the problem detected. If a user spots a weak security vulnerability, they earn the sum of 100 euros. For an average problem, it’s 800 euros. Finally, if a major security flaw on both platforms is highlighted, the sum of 3,000 euros will be affected. A special operation for which the government calls on “ethical hackers”that is to say people for whom IT has no secrets.
FranceConnect and AgentConnect, two important tools in the daily lives of French people
The two sites chosen by the government are not trivial. FranceConnect is a very important authentication system. Indeed, it allows French citizens to connect to numerous online services where their personal data is requested. There is in particular the tax site or the Health Insurance site. AgentConnect, which is a little less known, is an identification and authentication system for agents who work within the public service. Thus, anyone who manages to hack these two platforms would have access to all user data. The Parisian then recalls that this operation has a specific purpose: “Ensure a high level of security for these platforms and thus avoid the exfiltration of user data, misuse of user identities or redirects of users to malicious websites“, can we read.
Several conditions to participate in this operation
Participants must meet several criteria to successfully complete this mission. In order to obtain a reward, the volunteer must complete three steps: “Be the first to report the vulnerability, manage to connect to FranceConnect using a false identity or send a clear textual description of the report with details of all the steps to reproduce the problem”, it is explained. In addition, he must also pay attention to several things that can cause problems at the system level. “It must avoid tests which could lead to degradation or interruption of service, not disclose, manipulate or destroy user data as well as not being a former or current employee, contractor or auditor of Dinum, FranceConnect or AgentConnect”, we can read. A very special and important operation for user safety.
Read also :
How to recognize a real government site? 4 guidelines to avoid making a mistake
Identity theft: the tool put in place by the government to secure its documents
Computer hacking: here is what you must now do to obtain a refund