Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge Phishing Attack On Emissions Trade In Europe

Posted by timothy on from the feel-good-measures dept.

bratgitarre writes "A targeted phishing scam on companies trading with greenhouse gas emission certificates in Europe has reaped millions, Der Spiegel reports. By sending phishing e-mails to companies in Australia and New Zealand purporting to be from the German Ministry for Environmental Protection (German article, Google translation) the criminals obtained login credentials for companies owning polluting permissions. They then swiftly sold them to other polluters in various European countries. Damages are probably huge for a single incident, as 'one medium-sized German company alone had lost allowances worth €1.5 million ($2.1 million).' German federal officials, who can trace some of the transactions, claim that out of 2000 certificate sellers, seven responded to the scam."

9 of 114 comments (clear)

  1. What did they learn? by T+Murphy · · Score: 5, Insightful

    Is there any reason it would be a bad idea, if someone has control over millions in assets, two people's login credentials should be required to confirm a transaction? It's bad enough to have someone responsible for that much money be foolish enough to fall for a phishing scam, but I should hope there is a low chance two people could run a company successfully but both fall for the same scam.

    --
    My webcomic
    1. Re:What did they learn? by DaveGod · · Score: 4, Insightful

      No, and any company should be doing just that. The company's auditors should be detecting if it's not required, and reporting such weakness to management. Failing to implement such basic controls will cost the company, whether or not there is fraud. The auditor will face much greater audit risk and hence have to increase his workload (and hence fee) to compensate.

      On the other hand, such a control probably would not be very effective against this. For example Person A gets tricked and then gets Person B who probably does not go through the detailed mechanics - if anything he'd go check out the official website and approve it on that basis.

      A more relevant control would be authorised supplier lists combined with set procedures. For example, a company would only allow emissions trading through a specific broker and the payments would always be made to that broker's escrow account. That way you can get fiddled and all you get is a call from your broker wondering why they have your money.

      For what it's worth transactions were a lot better controlled when everything was paid by cheque. Cheques required two signatories. Banks were very good at ensuring authorised signatories were authorised. Now for smaller businesses with internet banking you have a bookkeeper who needs access to print statements and the same login can complete transactions from start to finish - half the time they're using the managing director's login. Well, you can't have the MD's time being used up doing silly things like printing statements can you? And bookkeepers, it's not like they're in a high-risk position and able to hide fraud....

  2. And that is why evil will always win by Chris+Burke · · Score: 4, Insightful

    Because good is dumb.

    --

    The enemies of Democracy are
    1. Re:And that is why evil will always win by Chris+Burke · · Score: 4, Insightful

      No, my family name is awesome.

      --

      The enemies of Democracy are
  3. Re:Is it only me by vxice · · Score: 4, Insightful

    Well at first yes, but isn't it a much bigger scam that people get to pollute, obviously they gain other wise they would have to pay to remove their waste pollution is free, rather than pay market value for access to the waste disposal they would use? You would complain about a company dumping waste on your lawn wouldn't you? If not then companies would dump everything they could, massively dropping their waste disposal costs. Unfortunately atmosphere is not easy to control access to, this is basically the classic example of a market failure and one of the few times economists advocate government stepping in and regulating industry by charging them for access to a resource they use but don't pay for. As long as it is free and there are no limits on what they can put in the atmosphere they will put everything they can to lower costs.

    --
    every anarchist is a baffled dictator. Benito_Mussolini
  4. Re:Is it only me by Arthur+Grumbine · · Score: 4, Insightful

    It was such a complete failure that acid rain is no longer a looming problem... oh, wait.

    Why do I feel this will be the exact same justification for the next environmental crusade after "looming AGW" fails to destroy the mankind?

    --
    Now that I think about it, I'm pretty sure everything I just said is completely wrong.
  5. Re:Is it only me by Alinabi · · Score: 4, Insightful

    It's mostly you. Every other commodity in this world is traded, including your odds of getting sick or having a car accident, so why not this one?

    --
    "You can't allow somebody to commit the crime before you detain them." [Condoleezza Rice]
  6. Re:Is it only me by sien · · Score: 5, Insightful

    The US cap and trade on sulphur dioxide emissions was passed in 1990.

    Overall, the Program's cap and trade program has been successful in achieving its goals. Since the 1990s, SO2 emissions have dropped 40%, and according to the Pacific Research Institute, acid rain levels have dropped 65% since 1976.[15][16] However, this was significantly less successful than conventional regulation in the European Union, which saw a decrease of over 70% in SO2 emissions during the same time period.[17]

    S02 emissions were also falling from a peak in the late 1970s toward the 1990s, in other words the US S02 trading scheme was on an already declining path and was less successful than more direct European approaches.

    S02 emissions trading was also local and not between countries which is another area where the proposed Green House Gas emissions trading schemes fall down. A corrupt county can just 'create' permits and then sell them. This has already happened with European and other schemes.

    A tax would be a much more honest, much more transparent scheme than an Emissions Trading Scheme (ETS). ETS type solutions are attractive largely because politicians don't have to say they are a new tax, they can be easily gamed by giving out free permits and Enron style firms (including Enron itself before it went bankrupt) see a potential bonanza.

  7. Re:Carbon allowance trading is a big scam by slinches · · Score: 4, Insightful

    Economists have modeled cap and trade versus the other alternatives (in a game theoretic sense) and the results are pretty much clear. Within the framework of a free market, there is no more efficient way of forcing companies to internalize their externalities.

    Great. We have an optimal method of internalizing the CO2 externality. Now what is the impact of CO2 output in $$/kg so we can put this method into practice?

    The problem I have with cap and trade is not that the method being used is inefficient, but that the value of the carbon credits is being set based on political motives. Rushing into cap and trade without an accurate carbon credit value estimate could end up costing far more than the effects of uncontrolled CO2 emissions. At this point, can we even be sure that increased CO2 output will cause a net loss of overall wealth?

    --
    Knowledge Brings Fear