Feeds

Carbon trade phish scam disrupts exchanges

Complex fraud lies behind emissions permissions attack

Secure remote control for conventional and virtual desktops

Phishing fraudsters have extended their net beyond harvesting e-banking credentials via a scam that resulted in the theft of 250,000 carbon permits worth over €3m.

The outbreak of fraud resulted in the suspension of trading in several EU registries on 2 February. The crooks are thought to have created fake emission registries, promoted via spam emails, before using identity details submitted on these sites to trade rights to blow-off greenhouse gases on the legitimate sites.

Six unnamed German firms were among the victims of the scam, a new form of corporate identity theft. Illegal transactions have also happened in the Czech Republic. German police have begun investigating the fraud. The EU Commission may also become involved, the BBC reports.

Meanwhile the United Nations' Framework on Climate Change (UNFCCC) is working with national registries to boost the security of registries and to help develop policies to frustrate similar attacks in future. Short term measures reportedly include warning users and resetting passwords.

Emissions trading continued via the European Emissions Exchange but exchanges in Belgium, Denmark, Hungary, Italy, Greece, Romania, Bulgaria, Spain and Germany were badly affected. Registries in Austria, the Netherlands and Norway were temporarily suspended but began trading again after minimal disruption.

"We have to be careful not to blow this out of proportion," EU environment spokeswoman Barbara Helfferich told EUobserver. "This happens to banks, Visa, Mastercard about once or twice a month. And this is the same sort of thing.

"It's not something intrinsic to the ETS (Emissions Trading Scheme). This could happen to anyone," she added.

Net security firm McAfee adds that a phishing attack targeting the Danish quota-market occurred in 12 January, leading to its temporary suspension, prior to a much wider attack two weeks later around the turn of the month.

McAfee analyst Francois Paget suggested that "[the] people behind these attacks cannot be simple hackers", but are instead "likely [to be] in the pay of rogue states that reject rules-based international trade".

Crikey.

A graphic from McAfee suggests that cordon permits were raided via a network of corrupt brokers and intermediaries via a scheme akin to VAT carousel fraud, where crooks collect the tax on easy to trade goods such as mobile phones before disappearing before a tax bill becomes due.

McAfee's explanation is the best stab we've seen at explaining how fraudsters laundered stolen carbon permits which, unlike credit card details or even webmail accounts, are not the sort of thing you are likely to be able to sell in underground hacking forums. Use of carbon permit "money mules" and cash transfers via Western Union also seems a bit unlikely. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.