Hackers paralyse emissions trading scheme
Emissions trading is considered the yardstick for reducing pollutant emissions. Using market-based mechanisms, it aims to encourage economies and businesses to gradually reduce their overall emissions, such as those caused by burning fossil fuels. Emissions permits that define a specific volume of a greenhouse gas such as carbon dioxide are assigned or purchased, allowing businesses which emit less than their permitted volume to sell excess permits on a trading platform specifically set up for the purpose. Businesses which produce more pollutants than they have permits for must obtain additional certificates.
But where there's money involved, criminals are likely not too far behind. For example, the Germany Emission Trading Authority (DEHSt) and Federal Criminal Police Office have confirmed that hackers have used phishing emails to gain access to databases containing official information on individual companies' emissions permits. The phishing emails are reported to have been sent in the name of the DEHSt. Recipients were instructed to visit a web page and enter their user registration data – to protect against impending hacking attacks.
The German Financial Times (FTD) reports that the perpetrators then transferred emissions permits to accounts primarily in Denmark and the UK, from where they were "rapidly sold on". According to the FTD, at least nine cases of fraud have been uncovered, with one manufacturer reported to have lost permits valued at 1.5 million euros. Fraud on the emissions trading market has reportedly caused a tax loss of £4.5 billion over the past 18 months. As well as manufacturers, electricity providers and traders are also reported to have been affected. However, the perpetrators are unlikely to be able to enjoy the spoils of their coup, carried out last week, for long. All emissions permits have IDs and are traceable, and many European countries immediately shut down their certificate trading systems so that, at present, no further transactions can be posted.
- Emissions Trading Registry: Phishing E-Mails, advisory from the German Emission Trading Authority.
- Hackers Disrupt European CO₂ Market, a McAfee Labs Blog post.
- Hacker greifen Emissionshändler an, German language Financial Times post.