Joint statement of the ALE TSARKA and JSC CEF

TSARKA and CEF, regarding early publications on the security of the public procurement portal, report the following:

1) CEF confirms the information previously published by TSARKA on the availability of installed Yandex.Metrica and Google analytics counters in the Public Procurement Portal. At the same time, an internal audit involving authorized bodies and involved experts showed that access to confidential information through these documents was not carried out.

2) CEF confirms that the functionality of Yandex.Metrica and Google analytics tools discovered by TSARKA is a vulnerability that allows statistical analysis of user actions. Currently, all counters in the Portal are disabled in order to exclude possible information leakage.

3) TSARKA removes its accusations of corruption of CEF employees by using the “web visor” functionality Yandex.Metrica and Google analytics.

4) A Memorandum of Cooperation to identify threats to information security will be signed between CEF and CARKA.

5) At the request of TSARKA, an official investigation was carried out and appropriate measures were taken.

13.12.2019 18:15