Feeds

Carbon trade phish scam disrupts exchanges

Complex fraud lies behind emissions permissions attack

Combat fraud and increase customer satisfaction

Phishing fraudsters have extended their net beyond harvesting e-banking credentials via a scam that resulted in the theft of 250,000 carbon permits worth over €3m.

The outbreak of fraud resulted in the suspension of trading in several EU registries on 2 February. The crooks are thought to have created fake emission registries, promoted via spam emails, before using identity details submitted on these sites to trade rights to blow-off greenhouse gases on the legitimate sites.

Six unnamed German firms were among the victims of the scam, a new form of corporate identity theft. Illegal transactions have also happened in the Czech Republic. German police have begun investigating the fraud. The EU Commission may also become involved, the BBC reports.

Meanwhile the United Nations' Framework on Climate Change (UNFCCC) is working with national registries to boost the security of registries and to help develop policies to frustrate similar attacks in future. Short term measures reportedly include warning users and resetting passwords.

Emissions trading continued via the European Emissions Exchange but exchanges in Belgium, Denmark, Hungary, Italy, Greece, Romania, Bulgaria, Spain and Germany were badly affected. Registries in Austria, the Netherlands and Norway were temporarily suspended but began trading again after minimal disruption.

"We have to be careful not to blow this out of proportion," EU environment spokeswoman Barbara Helfferich told EUobserver. "This happens to banks, Visa, Mastercard about once or twice a month. And this is the same sort of thing.

"It's not something intrinsic to the ETS (Emissions Trading Scheme). This could happen to anyone," she added.

Net security firm McAfee adds that a phishing attack targeting the Danish quota-market occurred in 12 January, leading to its temporary suspension, prior to a much wider attack two weeks later around the turn of the month.

McAfee analyst Francois Paget suggested that "[the] people behind these attacks cannot be simple hackers", but are instead "likely [to be] in the pay of rogue states that reject rules-based international trade".

Crikey.

A graphic from McAfee suggests that cordon permits were raided via a network of corrupt brokers and intermediaries via a scheme akin to VAT carousel fraud, where crooks collect the tax on easy to trade goods such as mobile phones before disappearing before a tax bill becomes due.

McAfee's explanation is the best stab we've seen at explaining how fraudsters laundered stolen carbon permits which, unlike credit card details or even webmail accounts, are not the sort of thing you are likely to be able to sell in underground hacking forums. Use of carbon permit "money mules" and cash transfers via Western Union also seems a bit unlikely. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.