Q: How is this different from a bug bounty program?

Traditional bug bounty programs reward the discovery of software vulnerabilities and product flaws. The CyberCrime Bounty Program is fundamentally different — it targets the human perpetrators behind cybercrime operations. This includes ransomware gangs, business email compromise networks, scam centres, and cyber-enabled criminal organisations. The objective is to support law enforcement investigations, arrests, and coordinated international action against these actors.

Q: Who operates the Program?

The program is administered by Crime Stoppers International (CSI), leveraging its global network of 800+ local Crime Stoppers programs operating in more than 30 countries and 50 years of anonymous tip infrastructure and experience. Fortinet provides cyber threat expertise, intelligence enrichment, and technical support through its FortiGuard Labs research network. The program is aligned with the World Economic Forum’s Partnership Against Cybercrime (PAC) framework.

Q: Who can post a bounty?

Governments, law enforcement agencies, and private entities can post bounties for verified cybercrime cases. Each bounty request must include supporting evidence and legal approval, and is reviewed and approved by a multi-stakeholder Review Board before publication on the platform.

Q: What is the process from tip submission to reward?

The program operates in four stages:

1. Bounty posted — A government, law enforcement agency, or private entity posts a bounty for a verified cybercrime case, reviewed and approved by the Review Board.

2. Tip submitted — Anonymous tips are submitted via CSI’s secure platform by members of the public or industry insiders.

3. Intel verified — Submitted intelligence is verified, enriched, and correlated by CSI and subject matter experts, with Fortinet providing cyber threat analysis support.

4. Reward issued — Validated leads that result in arrests or material disruption of cybercriminal operations trigger financial rewards.

Q: What happens to my Tip after I submit it?

Your submission is received through CSI’s secure, encrypted platform and triaged by CSI’s intelligence team. The information is verified and enriched through multi-source correlation and threat analysis, including support from Fortinet’s FortiGuard Labs. Where intelligence meets the threshold for action, it is disseminated to relevant law enforcement partners — such as INTERPOL and national agencies — through CSI’s established information-sharing protocols.

Q: What role does Fortinet play?

Fortinet provides deep threat intelligence capabilities through its FortiGuard Labs research network, including cyber threat expertise, intelligence enrichment, automated threat analysis, and technical support for bounty verification. Fortinet also brings experience from multi-sector coordination efforts, including participation in the World Economic Forum’s Cybercrime Atlas initiative.

Q: Who is eligible to submit a tip and claim a bounty (reward)?

The Program is open to any individual aged 18 years or over who can satisfy the identity verification and AML/CTF due diligence requirements. This includes citizens, cybersecurity professionals, ethical hackers, and industry insiders worldwide.

Q: Who is excluded from receiving a bounty?

The following individuals are NOT eligible:

• Employees, officers, directors, or contractors of CSI, Fortinet, or any Program partner (including immediate family members).

• Individuals subject to current law enforcement investigations, sanctions, or government watchlists.

• Individuals who obtained the information through participation in or facilitation of the cybercrime being reported.

• Persons in jurisdictions subject to comprehensive international sanctions.

• Law enforcement officers or government officials who obtained the information in their official capacity.

• Minors (persons under the age of 18 years).

Q: Can I submit a tip anonymously?

YES. Tips can be submitted completely anonymously, and anonymous submissions are valued for intelligence purposes. However, to be eligible for a financial reward, you must identify yourself and complete full identity verification. This is a mandatory, non-negotiable requirement — no payment will be processed to any individual whose identity has not been independently verified.

Q: What types of information does the Program accept?

The Program accepts tips relating to:

• Intelligence on criminal forums, darknet marketplaces, or threat-actor groups.

• Human-sourced information about individuals suspected of cybercriminal activity.

• Details on cyber-enabled criminal networks — ransomware operations, BEC schemes, scam centres, and trafficking-linked cyber operations.

• Technical indicators of compromise (IOCs) linked to identified threat actors.

• Financial intelligence relating to cybercrime proceeds, money laundering, or cryptocurrency-based criminal infrastructure.

Q: What types of information are NOT accepted?

The Program does NOT accept:

• Requests for personal cybersecurity assistance or incident response.

• Reports of product vulnerabilities or software bugs — direct these to the relevant vendor’s bug bounty program.

• Scam reports or consumer fraud complaints — direct these to national consumer protection agencies.

• Information obtained through illegal hacking, unauthorized access, or other criminal activity.

• False, misleading, fabricated, or malicious submissions.

Q: How do I submit a tip?

All tips must be submitted through the Program’s designated secure submission platform, hosted by Crime Stoppers International. The platform provides encrypted, anonymous channels for submitting information.

Tips submitted through any other channel — including email, social media, telephone or in person — will NOT be accepted for bounty consideration.

Q: What if multiple people submit the same information?

Where multiple submitters provide substantially the same information, the bounty will be awarded to the first submitter whose information is verified as qualifying by the Review Board.

Where multiple submitters independently contribute different elements of intelligence that collectively lead to a law enforcement outcome, the Review Board may divide the bounty among submitters in proportions it determines appropriate.

Q: How much can I earn from a bounty (reward)?

Amounts vary depending on the specific case posted by the sponsoring entity. Each bounty listing specifies the reward amount. The submitter receives 90% of the approved bounty amount. CSI retains 10% as a Program administration fee to cover platform operation, intelligence triage, compliance administration, and law enforcement coordination.

Q: What are the conditions for payment?

A bounty will only be paid when ALL of the following conditions are met:

• The submitted tip is determined by the Review Board to be qualifying information.

• The information directly leads to or materially contributes to an arrest, search warrant execution, digital take-down, or other enforceable law enforcement outcome.

• The submitter has completed full identity verification.

• All applicable AML/CTF due diligence requirements have been satisfied.

• The Review Board has approved the payment.

• The sponsoring partner has confirmed the availability of bounty funds.

Q: How long does payment take?

Bounty payments are contingent on law enforcement outcomes, which may take months or years.

Submitters should not expect immediate or rapid payment. In administering the Program, CSI has no control over the pace of law enforcement investigations or judicial proceedings. Payment cannot be processed until a qualifying law enforcement outcome has been confirmed and all due diligence is complete.

Q: How are payments made?

Payments are made by electronic bank transfer to a verified bank account in the submitter’s name, denominated in United States Dollars (USD). All foreign exchange fees, transfer charges, and banking costs are the responsibility of the submitter. Each bounty is processed through a transparent, auditable escrow system operated by CSI.

Q: Is payment guaranteed?

NO. Submission of a tip does not create any entitlement to payment. The decision to award a bounty rests solely with the Review Board and is final and binding. CSI and the sponsoring partner reserve the right to modify, suspend, or cancel any bounty posting at any time.

Q: Am I responsible for taxes on bounty payments?

YES. The submitter is solely responsible for all tax obligations arising from receipt of a bounty payment, including income tax, capital gains tax, or equivalent levies in their jurisdiction of residence. CSI will provide documentation required for tax reporting purposes, but does not provide tax advice. Submitters are strongly advised to seek independent professional tax advice.

Q: Is the submission platform secure?

YES. The platform is built on CSI’s proven anonymous reporting infrastructure, that has operated and evolved over almost 50 years. All submissions are transmitted through secure, encrypted channels designed from the ground up to protect submitter anonymity.

Q: Will my identity be shared with law enforcement?

Identity information provided for bounty payment purposes is treated as strictly confidential. It will not be disclosed to law enforcement, the sponsoring partner, or any third party except where required by law, court order, or regulatory obligation. Identity information is collected solely for AML/CTF compliance and bounty payment processing.

Q: What identity verification is required to claim a reward (bounty)?

To claim a bounty, a submitter MUST provide/complete:

• Government-issued photo identification (passport, national ID, or equivalent).

• Proof of current residential address (utility bill, bank statement, or government correspondence, dated within the last three months).

• CSI’s Know Your Customer (KYC) questionnaire.

• Screening against international sanctions lists, PEP databases, and adverse media checks.

Additional verification steps may be required to satisfy applicable AML/CTF obligations.

Q: How is my personal data handled?

CSI collects, processes, and stores personal information in accordance with applicable privacy and data protection laws, including the EU GDPR, the Australian Privacy Act 1988, and equivalent legislation in other jurisdictions. Personal data is stored securely and retained only for as long as necessary to fulfill its purpose, or as required by law.

Full details are available in CSI’s Privacy Policy.

Q: What governance oversees the Program?

All bounties are reviewed and approved by a multi-stakeholder Review Board before publication. Bounties are limited to credible criminal or private investigations with verifiable evidence. Coordination is maintained with relevant national and international law enforcement agencies, and bounty distribution follows a transparent escrow process with auditable compliance controls.

Q: What law governs these terms?

The Terms and Conditions are governed by the laws of the US State of New Mexico, where CSI, Inc. is registered. Any disputes are subject to good faith negotiation and, if unresolved within 30 days, binding arbitration administered by the International Chamber of Commerce (ICC) with the seat of arbitration in New Mexico, USA.

Q: What AML/CTF compliance does the program follow?

The Program operates in full compliance with international AML/CTF standards, including Financial Action Task Force (FATF) Recommendations. Prior to any payment, CSI conducts enhanced customer due diligence, source of information verification, sanctions screening, PEP screening, and adverse media screening. CSI is obliged to report any suspicious activity to the relevant Financial Intelligence Unit.

Q: Am I required to keep my participation confidential?

YES. Submitters must not publicly disclose or publicize their participation in the Program, the nature of their tip, or any details relating to bounty payment, unless expressly authorized in writing by CSI. Breach of this obligation may result in forfeiture of the bounty.

Q: What happens to the information I submit?

By submitting information, you grant CSI and its partners a perpetual, irrevocable, worldwide, royalty-free license to use, reproduce, adapt, and distribute the submitted information for intelligence analysis, law enforcement coordination, and furtherance of the Program’s objectives. Submitted information becomes part of CSI’s intelligence holdings and may be shared with law enforcement partners through established protocols.

Q: Where can I read the full Terms and Conditions?

The full CyberCrime Bounty Program Terms and Conditions (Version 1.0) are available here. All submitters are required to read, understand, and agree to the Terms and Conditions before making a submission.

For enquiries, send us an email