Q: How is this different from a bug bounty program?

Traditional bug bounty programs reward the discovery of software vulnerabilities and product flaws. The CyberCrime Bounty Program is fundamentally different — it targets the human perpetrators behind cybercrime operations. This includes ransomware gangs, business email compromise networks, scam centers, and cyber-enabled criminal organizations. The objective is to support law enforcement investigations, arrests, and coordinated international action against these actors.

Q: Who operates the Program?

The program is administered by Crime Stoppers International (CSI), leveraging a global network of Crime Stoppers programs operating in more than 30 countries and 50 years of anonymous tip infrastructure and experience. Fortinet provides cyber threat expertise, intelligence enrichment, and technical support through its FortiGuard Labs research network. The program is aligned with the World Economic Forum’s Partnership Against Cybercrime (PAC) framework.

Q: Who can post a Bounty?

Governments, law enforcement agencies, and private entities can post Bounties for verified cybercrime cases. Each Bounty request must include supporting evidence and legal approval, and is reviewed and approved by a multi-stakeholder Review Board before publication on the Platform.

Q: What is the process from Tip submission to Bounty payment?

The program operates in four stages:

1. Bounty posted — A government, law enforcement agency, or private entity posts a Bounty for a verified cybercrime case, reviewed and approved by the Review Board.

2. Tip submitted — Anonymous tips are submitted via the Program’s secure Platform by members of the public or industry insiders.

3. Intel verified — Submitted intelligence is verified, enriched, and correlated by the Program Administrator and subject matter experts, with Fortinet providing cyber threat analysis support.

4. Bounty issued — Validated leads that result in a Qualifying Outcome (eg arrests or material disruption of cybercriminal operations) trigger a Bounty payment.

Q: What happens to my Tip after I submit it?

Your submission is received through the Program’s secure, encrypted Platform and triaged by the Program’s intelligence team. The information is verified and enriched through multi-source correlation and threat analysis, including support from Fortinet’s FortiGuard Labs. Where intelligence meets the threshold for action, it is disseminated to relevant Law Enforcement Partners — such as INTERPOL and national agencies — through CSI’s established information-sharing protocols.

Q: What role does Fortinet play?

Fortinet provides deep threat intelligence capabilities through its FortiGuard Labs research network, including cyber threat expertise, intelligence enrichment, automated threat analysis, and technical support for bounty verification. Fortinet also brings experience from multi-sector coordination efforts, including participation in the World Economic Forum’s Cybercrime Atlas initiative.

Q: Who is eligible to submit a tip and claim a Bounty (reward)?

The Program is open to any individual aged 18 years or over who can satisfy identity verification process requirements. This includes citizens, cybersecurity professionals, ethical hackers, and industry insiders worldwide.

Q: Who is excluded from receiving a Bounty?

The following individuals are NOT eligible:

• Employees, officers, directors, or contractors of CSI, Fortinet, the Sponsoring Partner(s) or any Program Partner (including immediate family members).

• Individuals subject to current law enforcement investigations, sanctions, or government watchlists.

• Individuals who obtained the information through participation in, facilitation of, accessory to or conspiracy to commit the cybercrime being reported.

• Individuals located in jurisdictions subject to comprehensive international sanctions.

• Law enforcement officers, government officials or intelligence community members who obtained the information in their official capacity.

• Minors (individuals under the age of 18 years).

Q: Can I submit a tip anonymously?

YES. Tips can be submitted completely anonymously, and anonymous submissions are valued for intelligence purposes.

However, to be eligible for a Bounty, a Tipster must comply with the identity verification process, which will reflect jurisdictional requirements and commercial requirements appropriate to the Bounty payment methodology, and may include additional verification steps deemed necessary by the Program Administrator.

Q: What types of information does the Program accept?

The Program accepts tips relating to:

• Intelligence on criminal forums, darknet marketplaces, or threat-actor groups.

• Human-sourced information about individuals suspected of cybercriminal activity.

• Details on cyber-enabled criminal networks — ransomware operations, BEC schemes, scam centers, and trafficking-linked cyber operations.

• Technical indicators of compromise (IOCs) linked to identified threat actors.

• Financial intelligence relating to cybercrime proceeds, money laundering, or cryptocurrency-based criminal infrastructure.

Q: What types of information are NOT accepted?

The Program does NOT accept or process:

• Requests for personal cybersecurity assistance or incident response.

• Reports of product vulnerabilities or software bugs — direct these to the relevant vendor’s bug bounty program.

• Scam reports or consumer fraud complaints — direct these to national consumer protection agencies.

• Information obtained through illegal hacking, unauthorized access, or other criminal activity.

• False, misleading, fabricated, or malicious submissions.

Q: How do I submit a tip?

All tips must be submitted through the Program’s designated secure submission platform, hosted by Crime Stoppers International. The platform provides encrypted, anonymous channels for submitting information.

Tips submitted through any other channel — including email, social media, telephone or in person — will NOT be accepted for Bounty consideration.

Q: What if multiple people submit the same information?

Where multiple Tipsters provide substantially the same information, the bounty will be awarded to the first Tipster whose information is verified as qualifying by the Review Board.

Where multiple Tipsters independently contribute different elements of intelligence that collectively lead to a law enforcement case outcome, the Review Board may divide the Bounty among Tipsters in proportions it determines appropriate.

Q: How much can I earn from a Bounty (reward)?

Amounts vary depending on the specific case posted by the sponsoring entity. Each Bounty listing specifies the reward amount. The Tipster receives 80% of the approved Bounty amount. CSI retains 20% as a Program Administration Fee to cover platform operation, intelligence triage, compliance administration, and law enforcement coordination.

Q: What are the conditions for payment?

A Bounty will only be paid when ALL of the following conditions are satisfied:

• The submitted information constitutes Qualifying Information as determined by the Review Board in its sole discretion.

• The information directly leads to or materially contributes to the arrest of a suspect, the execution of a search warrant, a digital takedown, or other law enforcement, judicial, or administrative Qualifying Outcome.

• The Program Administrator affirms jurisdictional and payment processor requirements have been satisfied.

• The Review Board has approved the payment.

• The Sponsoring Partner has confirmed the availability of Bounty funds.

Q: How long does payment take?

Bounty payments are contingent on law enforcement outcomes, which may take months or years.

Tipsters should not expect immediate or rapid payment. In administering the Program, CSI has no control over the pace of law enforcement investigations or judicial proceedings. Payment cannot be processed until a qualifying law enforcement outcome has been confirmed and all due diligence is complete.

Q: How are payments made?

Payments are made by electronic bank transfer to a verified bank account in the Tipster’s name, denominated in United States Dollars (USD). All foreign exchange fees, transfer charges, and banking costs are the responsibility of the submitter. Each bounty is processed through a transparent, auditable system operated by CSI.

Q: Is payment guaranteed?

NO. Submission of a tip does not create any entitlement to payment. The decision to award a bounty rests solely with the Review Board and is final and binding. CSI and the sponsoring partner reserve the right to modify, suspend, or cancel any bounty posting at any time.

Q: Am I responsible for taxes on bounty payments?

YES. The Tipster is solely responsible for all tax obligations arising from receipt of a Bounty payment, including income tax, capital gains tax, or equivalent levies in their jurisdiction of residence. CSI will provide documentation required for tax reporting purposes, but does not provide tax advice. Tipsters are strongly advised to seek independent professional tax advice.

Q: Is the submission platform secure?

YES. The platform is built on CSI’s proven anonymous reporting infrastructure, that has operated and evolved over almost 50 years. All submissions are transmitted through secure, encrypted channels designed from the ground up to protect submitter anonymity.

Q: Will my identity be shared with law enforcement?

Identity information provided for Bounty payment purposes is treated as strictly confidential. It will not be disclosed to law enforcement, the Sponsoring Partner, or any third party except where required by law, court order, or regulatory obligation.

Q: What identity verification is required to claim a reward (bounty)?

To claim a bounty, a Tipster MUST comply with the identity verification process.

The identity verification process will reflect jurisdictional requirements and commercial requirements appropriate for the Bounty payment methodology, and may include additional verification steps deemed necessary by the Program Administrator.

Q: How is my personal data handled?

CSI collects, processes, and stores personal information in accordance with applicable privacy and data protection laws, including the EU GDPR, the Australian Privacy Act 1988, and equivalent legislation in other jurisdictions. Personal data is stored securely and retained only for as long as necessary to fulfill its purpose, or as required by law.

Full details are available in CSI’s Privacy Policy.

Q: What governance oversees the Program?

All Bounties are reviewed and approved by a multi-stakeholder Review Board before publication. Bounties are limited to credible criminal or private investigations with verifiable evidence. Coordination is maintained with relevant national and international law enforcement agencies, and Bounty distribution follows a transparent process with auditable compliance controls.

Q: What law governs these terms?

The Program Terms and Conditions are governed by the laws of the US State of New Mexico, where CSI, Inc. is registered. Any disputes are subject to good faith negotiation and, if unresolved within 30 days, binding arbitration pursuant to New Mexico, USA, arbitration processes.

Q: What compliance does the program follow?

The Program adheres to national and local laws for each jurisdiction in which the Program operates.

Q: Am I required to keep my participation confidential?

YES. Tipsters must not publicly disclose or publicize their participation in the Program, the nature of their tip, or any details relating to Bounty payment, unless expressly authorized in writing by CSI. Breach of this obligation may result in forfeiture of the Bounty.

Q: What happens to the information I submit?

By submitting information, you grant CSI and its partners a perpetual, irrevocable, worldwide, royalty-free license to use, reproduce, adapt, and distribute the submitted information for intelligence analysis, law enforcement coordination, and furtherance of the Program’s objectives. Submitted information becomes part of CSI’s intelligence holdings and may be shared with law enforcement partners through established protocols.

Q: Where can I read the full Terms and Conditions?

The full CyberCrime Bounty Program Terms and Conditions are available here. All Tipsters are required to read, understand, and agree to the Terms and Conditions before making a submission.

For enquiries, send us an email