Cyber-Thieves Make Millions from Emissions Cap-and-Trade Scam

Phishing for carbon credits apparently pays

Whatever the views on cap-and-trade systems for greenhouse gas emissions, everyone can agree that it doesn’t work when cyber-thieves fraudulently obtain and resell the carbon credits. The mysterious culprits behind a “phishing” scam managed to make millions off of European allowances that permit companies to emit a certain amount of greenhouse gases per year, according to Der Spiegel.

Phishing is that age-old Internet ruse where a fake but convincing email asks users to log onto a website and reenter their user name and password. That website is a decoy site set up for the purpose of snagging the unwary Internet user’s log-in info.

In this case, hackers sent emails to companies in Europe, Japan and New Zealand last week that appeared to come from the German Emissions Trading Authority (DEHSt), a part of the European Union’s Emission Trading System. The email said that the end users had to log onto the agency’s website and reregister to prevent hacker attacks, in no small irony.

The shadowy group used the log-in info from various companies to quickly transfer the emissions allowances to other accounts in Denmark and Britain before reselling them. Financial Times Deutschland estimated at least nine cases of such fraud in Germany alone, with one German company losing allowances worth $2.1 million.

Criminals have proven more than willing to exploit the new energy economy. Italian authorities continue to investigate whether the Mafia sank about 30 ships as acts of illegal nuclear waste disposal. And more recently, thieves have made off with solar panels worth thousands of dollars from California wineries in Napa Valley.

The DEHSt has suspended registration of new trades for now, and various European nations also temporarily shut down their emissions trading. We suspect that authorities and companies alike will be taking the time to try and become more Internet-savvy.

[via Der Spiegel]