Credit card numbers are so passe. Today’s hackers know the real powerhouse data to steal is emission certificates.
That’s exactly what hackers went after last week when they obtained unauthorized access to online accounts where companies maintain their carbon credits, according to the German newspaper Der Spiegel.
The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded.
When workers entered their credentials into a bogus web page linked in the e-mail, the hackers were able to hi-jack the credentials to access the companies’ Trading Authority accounts and transfer their carbon credits to two other accounts controlled by the hackers.
According to the BBC, it’s estimated the hackers stole 250,000 carbon credit permits from six companies worth more than $4 million. At least seven out of 2,000 German firms that were targeted in the phishing scam fell for it. One of these unidentified firms reportedly lost $2.1 million in credits in the fraud.
The credits were resold for an undisclosed sum. The buyers, who likely believed the transactions were legitimate, haven’t been named.
The German Emissions Trading Authority has suspended access to its databases for a week while an investigation is underway.
The fraud is the latest example of hacks aimed at gaming environment controls. A year ago, hackers penetrated the Brazilian government’s quota data for Brazilian rain forest products — allowing the illegal poaching of more than 1.7 million cubic feet of timber.