Online fraudsters have carried out a “widepread” cyber attack on the European Union’s Emissions Trading Scheme (ETS), the EU commission said Thursday, promising a security review.
The scam involved fake emails asking users of the carbon trading registries to log on to a malicious website and disclose their user identification code and password, the commission said.
With this data the cyber attackers could carry out fraudulent transactions at their victims’ expense, for example by stealing carbon emissions trading certificates.
“Some fraudulent transactions were carried out,” but the security of the Community Registry and transaction log “has not been compromised,” the EU executive assured.
The widespread “phishing” attack took place last Thursday.
Alerted by the Netherlands and Norway, the EU Commission informed all 27 member states and asked them to take “appropriate security measures” immediately.
The European Commission said in a statement that it “intends to prepare revised Internet security guidelines” following the cyber attacks.
The Emissions Trading Scheme is a method of putting a price on carbon dioxide emissions to turn them into a valuable resource in a bid to cut emissions from industry and limit the effects of global warming
According to the German version of the Financial Times, Germany was among the countries worst hit along with Belgium, Denmark, Greece, Italy, the Netherlands and Spain.
The attack forced the closure of the carbon registries in 13 European nations, according to Serge Harry, head of the BlueNext environmental trading exchange.
Companies currently receive EU carbon dioxide trading quotas for free. Those who use them sparingly can sell off surplus allowances to bad performers who exceed their free limits.
It is planned to start charging operators in some sectors for the trading permits from 2013.