RSA 2011: Cybercriminals perfect theft from Europe’s carbon registries


RSA 2011: Cybercriminals perfect theft from Europe’s carbon registries

Warwick Ashford

An Eastern European gang of cyber criminals appears to have perfected techniques to steal millions of pounds from Europe's carbon registries, which allow companies to buy and sell pollution credits.

The attacks use a combination of phishing, malicious links and modified Trojans, according to Uri Rivner, senior researcher at RSA, the security division of EMC.

The gang impersonated employees responsible for buying and selling carbon emission permits, he told RSA Conference 2011 in San Francisco.

They gathered intelligence about the carbon registries in 25 nations and then used the information to craft targeted e-mails containing links to documents infected with the Nimkey banking Trojan.

The criminals used the Trojan to steal account credentials, which were then used to carry out transactions and divert the proceeds into accounts controlled by accomplices.

Using this technique, the gang stole $31m (£19.1m) from a Romanian cement company and $25.6m from the Czech Republic registry.

The European Commission shut down all the registries in mid-January and although some have been allowed to reopen, most remain closed.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy