NEWS FROM THE LAB - Friday, January 21, 2011

CO2 Phishing Posted by Mikko @ 11:51 GMT

This post has been modified since it was first posted. See here for a correction.

The European Union caps the amount of carbon dioxide (CO2) a company may emit in a year.

Companies exceeding their emissions quotas can buy them from companies don't need them.

This creates a market for buying and selling emission certificates. A very big market. Market big enough to interest online criminals.

If the criminals are able to log into an online trading system with a company account, they can sell the emission rights and pocket the money. This involves changing the bank account in the system to point to an account of a money mule.

As a result of this, there have been several attacks trying to gain access to EU Emission Trading System (EU ETS).

All emission trading in EU was halted yesterday as the latest attack was discovered. Certificates valued at over 28 Million Euros were stolen.

Emission phishing

"The thefts could have been a concerted action because the recent incidents happened within the last few days", said Maria Kokkonen, a spokeswoman for EU climate policy.

We've seen targeted phishing scams that have been emailed to people in charge of emission trading. These have been sent in various languages.

Here's two example phishing emails, in German and in Finnish:

Emission phishing, German

Emission phishing, Finnish

Sites such as tradingprotection.com have been registered either with false information or with domain protection systems:


As a result of these attacks, national emission trading systems are getting rid of authentication using just a username and a password, and are introducing stronger authentication systems. These include multi-factor and SMS authentication systems.

In Finland, logging to the emission trading system already supports using bank account multi-factor authentication schemes:

Emission authentication

P.S. The commenting system on our blog is broken at the moment. We'll get it fixed shortly.