Credit card numbers are so passe. Today’s hackers know the real powerhouse data to steal is emission certificates.
That’s exactly what hackers went after last week when they obtained unauthorized access to online accounts where companies maintain their carbon credits, according to the German newspaper Der Spiegel.
The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded.
When workers entered their credentials into a bogus web page linked in the e-mail, the hackers were able to hi-jack the credentials to access the companies’ Trading Authority accounts and transfer their carbon credits to two other accounts controlled by the hackers.
Under environmental cap-and-trade laws, there’s a limit to the greenhouse gases companies can emit. Companies that exceed this limit can purchase so-called carbon credits from entities that produce fewer greenhouse emissions than the limit provides them.
The scheme has produced a robust market for the trade of credits. More than 8 million tons of CO2 emissions worth $130 billion were traded in Europe last year.
According to the BBC, it’s estimated the hackers stole 250,000 carbon credit permits from six companies worth more than $4 million. At least seven out of 2,000 German firms that were targeted in the phishing scam fell for it. One of these unidentified firms reportedly lost $2.1 million in credits in the fraud.