Computer Crime Research Center


Carbon Credit Cybercrime for Dummies

Date: January 25, 2011

Just what exactly is going on with all this talk about cybertheft and carbon dioxide allowances, you may be asking yourself. In short, the answer is: a savvy hacker, who has a thorough understanding of how the European Union’s CO2 emissions allowances are electronically traded, broke through electronic security systems and transferred millions of virtual certificates that have a very real street value to several different locations. Then the perpetrator likely resold the goods for a handsome profit before authorities knew what happened.

A few keystrokes and the hacker’s a multi-millionaire. How so?

Power companies and industrial polluters in the European Union need a CO2 emissions certificate for every ton of greenhouse gas they emit in their operations. It’s an added cost to production so to reduce the cost, they have to either cut pollution or get credits for a good price.

Each certificate, or allowance or credit, is worth roughly 14.4 at the time of writing.

Imagine stealing free minutes from a cellular phone operator. You don’t have anything material from the theft, but if you have the means to deliver the virtual goods, they can be resold at a profit.

What began last November as an isolated 23 million theft in Romania has turned into a pan-European string of cybercrime, with 18.7 million stolen in Prague last week and another 7 million in Austria earlier this month. Some of the allowances stolen from Romania were the very same ones stolen last week in Prague.

Throughout the EU, registry operators, local police and EU officials are trying to find out how this cybercrime is perpetrated and how to stop it. The European Commission has halted trading of the allowances and set a deadline of Wednesday, Jan. 26, to settle these issues.

But if these credits exist in the electronic world, can’t a computer or application simply track them as deals are made to prevent stolen goods from being resold?

No, say traders and those familiar with the ETS, or Emissions Trading Scheme.

Michael Kroehnert, a Berlin-based consultant in the EU CO2 emissions trading sector and operator of website, said that for now allowances must be checked manually, comparing numbers in one list with those in another with human eyes. Because individual numbers aren’t checked electronically, traders largely ignore the risk that they may be dealing with stolen property.

Mr. Kroehnert said that movement of individual credits can’t be electronically monitored in realtime. But with the temporary shutdown of the trading system Europe-wide, authorities should be able to find the allowances in question and examine deals to determine whether something fishy is going on.

Looking at the price at which someone buys credits may be proof enough.

If a purchaser buys CO2 allowances at a price within a few percentage points of the market price, a deal is probably legit. But if someone is selling credits for 10 when the going rate is 14.4, the explanation that he needs some cash fast may be suspect, Mr. Kroehnert said.

Once all credits stolen in the three recent cybercrimes have been identified, people who acquired them at a discount “will have problems with the police,” Mr. Kroehnert said.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo