Anything worth anything is worth something to somebody. And carbon credits are not just something small – these days, they’re worth millions. It is no wonder, then, that hackers have hatched a plan to steal some.
According to the Wired, they launched a phishing campaign targeting employees of European, Japanese and New Zealander companies. The emails in question purported to be from the German Emissions Trading Authority, and were requesting a re-registration of the company accounts with the Authority.
The website where they were sent to was a fake, designed by the hackers to fool the users, and after the login credentials were entered, they were know to the attackers.
The hackers used those credential to transfer the carbon credits from the accounts of the companies to two accounts under their control. The credits were promptly sold off to other companies, and the hackers made a killing profit – how much exactly, it has not been revealed, but just to give you an idea of the possible figure: One of the seven German companies that fell for the scam lost carbon credits in the amount of $2.1 million.
Access to the databases of the Authority has been suspended for a week, to allow for a thorough investigation. The final buyers of the credits will almost certainly not be prosecuted because they had no way of knowing that the credits were stolen.