Companies exceeding their emissions quotas can buy them from companies don't need them.
This creates a market for buying and selling emission certificates. A very big market. Market big enough to interest online criminals.
If the criminals are able to log into an online trading system with a company account, they can sell the emission rights and pocket the money. This involves changing the bank account in the system to point to an account of a money mule.
As a result of this, there have been several attacks trying to gain access to EU Emission Trading System (EU ETS).
All emission trading in EU was halted yesterday as the latest attack was discovered. Certificates valued at over 28 Million Euros were stolen.
'The thefts could have been a concerted action because the recent incidents happened within the last few days', said Maria Kokkonen, a spokeswoman for EU climate policy.
We've seen targeted phishing scams that have been emailed to people in charge of emission trading. These have been sent in various languages.
Here's two example phishing emails, in German and in Finnish:
Here's an example of a website EU has warned about multiple times. It is not related to European Commission.
Sites like tradingprotection.com and europeanclimateregistry.eu have been registered either with false information or with domain protection systems:
As a result of these attacks, national emission trading systems are getting rid of authentication with just a username and a password, and are introducing stronger authentication systems. These include multi-factor and SMS authentication systems.
In Finland, logging to the emission trading system already supports using bank account multifactor authentication schemes:
PS. The commenting system in our blog is broken for at the moment. We'll get it fixed shortly.
On 21/01/11 At 11:51 AM
Tidak ada komentar:
Posting Komentar