Cyberthieves Steal Millions By Selling Bogus Carbon Credits
Phishing Scam Cripples European Emissions Trading
Spiegel Online, Feb. 3, 2010
Sneaky
cyber-thieves have made millions by fraudulently obtaining European
greenhouse gas emissions allowances and reselling them. The scam has
hampered trading of the credits, which are seen as an important tool in
curbing climate change, in several European countries.
Most
Internet users are familiar with the e-mail scam known in the jargon as
"phishing." A plausible-looking e-mail arrives in your in-box,
supposedly from your bank or a Web site like Ebay, informing you that
your account has been "compromised" and that you urgently need to log
in to the company's Web site to rectify matters. The catch is that the
Web site the e-mail directs you to is a spoof created by the hackers,
meaning that anyone who falls for the trick is unwittingly handing over
their all-important user names and passwords to the criminals.
Savvy
e-mail users know to delete such e-mails straight away. But canny
thieves have now used the technique to make money in a very 21st
century fashion -- by fraudulently gaining access to companies'
greenhouse gas emissions allowances and selling them on.
According to a report in the Wednesday edition of the Financial Times Deutschland,
hackers sent e-mails last Thursday to several companies in Europe,
Japan and New Zealand which appeared to originate from the
Potsdam-based German Emissions Trading Authority (DEHSt), part of the
EU's Emission Trading System (EU ETS). Ironically, the e-mail said that
the recipient needed to re-register on the agency's Web site to counter
the threat of hacker attacks.
The
cyber-thieves then exploited the user data that was entered into their
spoof Web site to transfer emissions allowances to other accounts,
mainly in Denmark and Britain, from which they were quickly resold. The
new owners of the allowances would have assumed that they had acquired
them legally.
"The
attack was highly professional," a DEHSt employee told the newspaper.
Germany's Federal Criminal Police Office (BKA) is now investigating the
incident.
Accounts Were Suspended
The
crime has hampered the registering of trades in allowances across a
wide swath of the European Union. Although allowances can still be
traded on the European Energy Exchange (EEX) or via brokers, it is
currently not possible to register the trades with the DEHSt, as is
required by law. The Potsdam-based authority suspended the registering
of transactions last Friday, and a spokesperson told the Financial Times Deutschland that the suspension would continue "at least for the rest of this week."
On
Tuesday, the DEHSt's sister authorities in Belgium, Denmark, Spain,
Hungary, Italy, Greece, Romania and Bulgaria were also closed in
reaction to the scam. Authorities in Norway, Austria and the
Netherlands had reacted more quickly last week, suspending access to
accounts within hours of the scam becoming known. They were able to
reopen their databases Tuesday.
The
source of the attack was unclear, as was the extent of the damage
caused by the crime. The newspaper analyzed a sample of several dozen
transactions carried out in Germany and discovered nine cases of fraud.
If the criminals are not found, the companies will have to cover the
costs themselves. The newspaper wrote that one medium-sized German
company alone had lost allowances worth €1.5 million ($2.1 million).
Under
the EU's Emission Trading System, companies which are large emitters of
greenhouse gases are required to have enough of the so-called
allowances, which are issued by national authorities such as Germany's
DEHSt, to cover the CO2 they release each year. Firms are free to trade
their credits, which allows companies that have more of the rights than
they actually need to sell them on to concerns that want to emit more
CO2 than they are allocated. The idea is to use market mechanisms to
reduce greenhouse gas emissions, as the scheme gives firms an economic
incentive to cut their CO2 production.
|
