Cyber-security expert Anup Ghosh of Secure Command says carbon traders in Europe fell for a kind of phishing scam we're all supposed to watch out for. The hackers sent an official-looking email instructing traders to re-register their online credentials. "They were able to log in to the carbon trading site and transfer those credits to their own account," Ghosh says. The cyber-crooks then posed as traders, he says, and resold the credits.
"As long as there's a buyer, they can sell credits as digital currency to someone else and get real money dropped into their account," Ghosh says. Then the crooks empty the account and make off with the loot before anyone catches on.
Cyber-crime consultant Nick Selby says the carbon credit system was particularly vulnerable. "When you have relatively new markets, like carbon trading, it's a lot easier for criminals to target because few people know what 'good' looks like," Selby says. "And if you don't know what 'good' looks like, you're not likely to catch 'bad' when it comes across the wire."
For all of the firewalls and cyber-security systems that companies use to protect themselves, Selby says the crooks will always go after the weakest link. Most of the time, that weak link is us -- and our gullible drive to do the right thing.
"This can come, as we saw in carbon trading, with some plain old-fashioned conning. You'll get email that looks legit. It asks you to do something that seems legit. And people generally want to be helpful," Selby says.
Selby recommends following President Ronald Reagan's Cold War maxim: Trust, but verify.
Experts say that individuals and small business are most vulnerable to cyber crime. To boost security, Anup Ghosh says online banking, payroll and other money-related transactions should be conducted on a computer dedicated just for those tasks. Don't mix money with email and browsing.
"Most cyber crime happens on people's everyday machines," Ghosh says. "The best way to do high-value transactions is use a special-purpose machine -- either a virtual machine on your own desktop or a separate machine."
Although the carbon credit hackers embarrassed a European Emissions Trading System that's had other problems with fraud, experts says the $118.5 billion carbon market suffered only a temporary disruption.