偷carbon credits. 31million + 25.6million = 56.6million.
http://www.usatoday.com/tech/news/2011-02-21-carbonhack21_ST_N.htm
Hackers target European carbon registries
By Byron Acohido, USA TODAY
An Eastern European cybergang has perfected an emerging form of digital theft to steal millions of dollars from Europe's carbon registries
Elite cybergangs are gaining deep access to corporate networks and carrying out Ocean's 11-like capers that are equal parts digital con game and digital burglary.
Another such gang, for instance, gained recent media attention for its deep access to Nasdaq's Directors Desk, a cloud-based collaboration service for senior executives. Authorities have released few details. But that gang went undetected for at least a year, giving it plenty of time to try different ways to pilfer sensitive corporate documents from 175 organizations.
"It's become very common for advanced groups to be in systems for a year or longer without being detected," says Kim Peretti, forensics director at PricewaterhouseCoopers. "What's frightening is their motives aren't so clear as to what they're looking for and what they're trying to do."
Europe's carbon registries let companies buy and sell pollution credits. The gang that gamed them put a fresh spin on phishing, the art of tricking users into clicking on a poisoned link. They also tweaked a commonplace tool, called a banking Trojan, used to highjack online accounts, says Uri Rivner, senior researcher at RSA, the security arm of EMC.
Rivner disclosed details at the RSA conference last week. He outlined how the gang impersonated employees charged with buying and selling carbon emission permits. After gathering intelligence about the carbon registries in 25 nations, the gang began to target specific employees, most likely sending them carefully crafted e-mails enticing them to open a work document infected with the Nimkey banking Trojan.
From that foothold, the crooks methodically harvested account log-ons and closely monitored trading processes. At the proper moment, someone would log on as an authorized trader, execute a transaction and divert the proceeds into accounts controlled by accomplices.
"Creativity has never been in short supply in the criminal underground," says Rivner.
In one sting, the gang stole $31 million from a Romanian cement company; in another, they called in a bomb threat to the Czech Republic registry. While the building was cleared, the bad guys exfiltrated $25.6 million. After several other large thefts, the European Commission shut down all the registries in mid-January. Some have been allowed to reopen, but the majority of Europe's carbon registries remain closed
- posted on 02/23/2011
http://www.wired.com/threatlevel/tag/carbon-credit/
Hackers Steal Millions in Carbon Credits
By Kim Zetter February 3, 2010 | 5:04 pm | Categories: Cybersecurity, Hacks and Cracks
Credit card numbers are so passe. Today’s hackers know the real powerhouse data to steal is emission certificates.
That’s exactly what hackers went after last week when they obtained unauthorized access to online accounts where companies maintain their carbon credits, according to the German newspaper Der Spiegel.
The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded.
When workers entered their credentials into a bogus web page linked in the e-mail, the hackers were able to hi-jack the credentials to access the companies’ Trading Authority accounts and transfer their carbon credits to two other accounts controlled by the hackers.
Under environmental cap-and-trade laws, there’s a limit to the greenhouse gases companies can emit. Companies that exceed this limit can purchase so-called carbon credits from entities that produce fewer greenhouse emissions than the limit provides them.
The scheme has produced a robust market for the trade of credits. More than 8 million tons of CO2 emissions worth $130 billion were traded in Europe last year.
According to the BBC, it’s estimated the hackers stole 250,000 carbon credit permits from six companies worth more than $4 million. At least seven out of 2,000 German firms that were targeted in the phishing scam fell for it. One of these unidentified firms reportedly lost $2.1 million in credits in the fraud.
The credits were resold for an undisclosed sum. The buyers, who likely believed the transactions were legitimate, haven’t been named.
The German Emissions Trading Authority has suspended access to its databases for a week while an investigation is underway.
The fraud is the latest example of hacks aimed at gaming environment controls. A year ago, hackers penetrated the Brazilian government’s quota data for Brazilian rain forest products — allowing the illegal poaching of more than 1.7 million cubic feet of timber.
Please paste HTML code and press Enter.
(c) 2010 Maya Chilam Foundation