Perhaps they were beginning to feel guilty about their inflated carbon footprints — guilty enough to steal. But the hackers who broke into a carbon credit trading system in Germany last week were probably more motivated by money than by environmental concerns.
Cyber thieves used a classic phishing scheme to gain access to $4 million in carbon emissions credits, sending out e-mails to businesses asking them to log in to a fraudulent Website posing as the German Emissions Trading Authority (DEHSt).
German newspaper Der Spiegel said employees of numerous companies in Europe, Japan and New Zealand visited the bogus site and entered sensitive information that gave the hackers access to their accounts. The hackers then transferred the companies’ emissions allowances to other accounts.
As a result, carbon trading came to a screeching halt across a large portion of the European Union as officials worked to sort out the mess. All DEHSt transactions were suspended for several days. So far, nine fraudulent transactions have been identified — but not the hackers.
If the schemers aren’t found, the companies tricked by the phishing e-mails will be out of the money, which in the case of one medium-sized German company reached $2.1 million.
A warning on the DEHSt Website gives businesses tips on how to identify phishing sites, stating “if you received e-mails containing the request to visit a homepage via a link and to enter your user data of the registry, we ask you to not further take notice of it.”
This isn’t the first time the carbon trading market has been used for fraud. The New York Times’ Green Inc. Blog reports that a loophole — now corrected — once allowed crooks to add E.U.’s value-added tax to the price of carbon permits sold to businesses without ever actually turning it over to the government.