Climate Crime Phishing Scam Cripples European Emissions Trading
Sneaky cyber-thieves have made millions by fraudulently obtaining European greenhouse gas emissions allowances and reselling them. The scam has hampered trading of the credits, which are seen as an important tool in curbing climate change, in several European countries.
Most Internet users are familiar with the e-mail scam known in the jargon as "phishing." A plausible-looking e-mail arrives in your in-box, supposedly from your bank or a Web site like Ebay, informing you that your account has been "compromised" and that you urgently need to log in to the company's Web site to rectify matters. The catch is that the Web site the e-mail directs you to is a spoof created by the hackers, meaning that anyone who falls for the trick is unwittingly handing over their all-important user names and passwords to the criminals.
Savvy e-mail users know to delete such e-mails straight away. But canny thieves have now used the technique to make money in a very 21st century fashion -- by fraudulently gaining access to companies' greenhouse gas emissions allowances and selling them on.
According to a report in the Wednesday edition of the Financial Times Deutschland, hackers sent e-mails last Thursday to several companies in Europe, Japan and New Zealand which appeared to originate from the Potsdam-based German Emissions Trading Authority (DEHSt), part of the EU's Emission Trading System (EU ETS). Ironically, the e-mail said that the recipient needed to re-register on the agency's Web site to counter the threat of hacker attacks.
The cyber-thieves then exploited the user data that was entered into their spoof Web site to transfer emissions allowances to other accounts, mainly in Denmark and Britain, from which they were quickly resold. The new owners of the allowances would have assumed that they had acquired them legally.
"The attack was highly professional," a DEHSt employee told the newspaper. Germany's Federal Criminal Police Office (BKA) is now investigating the incident.
Accounts Were Suspended
The crime has hampered the registering of trades in allowances across a wide swath of the European Union. Although allowances can still be traded on the European Energy Exchange (EEX) or via brokers, it is currently not possible to register the trades with the DEHSt, as is required by law. The Potsdam-based authority suspended the registering of transactions last Friday, and a spokesperson told the Financial Times Deutschland that the suspension would continue "at least for the rest of this week."
On Tuesday, the DEHSt's sister authorities in Belgium, Denmark, Spain, Hungary, Italy, Greece, Romania and Bulgaria were also closed in reaction to the scam. Authorities in Norway, Austria and the Netherlands had reacted more quickly last week, suspending access to accounts within hours of the scam becoming known. They were able to reopen their databases Tuesday.
The source of the attack was unclear, as was the extent of the damage caused by the crime. The newspaper analyzed a sample of several dozen transactions carried out in Germany and discovered nine cases of fraud. If the criminals are not found, the companies will have to cover the costs themselves. The newspaper wrote that one medium-sized German company alone had lost allowances worth 1.5 million ($2.1 million).
Under the EU's Emission Trading System, companies which are large emitters of greenhouse gases are required to have enough of the so-called allowances, which are issued by national authorities such as Germany's DEHSt, to cover the CO2 they release each year. Firms are free to trade their credits, which allows companies that have more of the rights than they actually need to sell them on to concerns that want to emit more CO2 than they are allocated. The idea is to use market mechanisms to reduce greenhouse gas emissions, as the scheme gives firms an economic incentive to cut their CO2 production.