Last week, Swiss Post confirmed the first finding in the intrusion test. It has a severity of “low”. The person who reported the finding is Vladyslav Zubkov, 22 years old and a cybersecurity student at the Swiss Federal Institute of Technology (ETH) in Zurich. As the fastest hacker, he has received the bonus of €3,000, in addition to the reward of €1,000 for the finding. In an interview with Swiss Post, he explains how he became an ethical hacker and how he intends to focus his professional future on improving cybersecurity – including in his home country, Ukraine.
You are the first researcher in the ongoing public intrusion test to submit a confirmed finding. Congratulations! What improvement have you found and how did you proceed?
As part of your Master’s student project at EPFL, you have already dealt with the e-voting system. What were your most important insights?
You have already submitted findings in the e-voting programme. Are you particularly interested in e-voting?
Thank you for your positive feedback. What makes the e-voting programme different from other programmes in which you have taken part?
How did you discover ethical hacking? What was your motivation for this?
You’re studying at the ETHZ. Where do you see your professional future?
Continuous review of the e-voting system
Swiss Post’s new e-voting system enjoyed a successful premiere in the June 2023 votes in the Cantons of Basel-Stadt, St Gallen and Thurgau. However, even after its initial deployment, Swiss Post is continuing to develop the system, because security is the top priority in e-voting. The inclusion of ethical hackers in security audits is a particularly effective cybersecurity measure.Swiss Post has published the main components and documentation since 2021. It updates these on an ongoing basis so that specialists can check them. Swiss Post also conducts regular public intrusion tests, in which ethical hackers can attack the voting platform and look for vulnerabilities.
Swiss Post rewards confirmed findings with up to 230,000 euros, depending on the severity of the finding. In the intrusion test, it also offered the first three hackers who report a confirmed finding a bonus of 3,000 euros.