EU shuts down emissions trading as 30 million euros worth go missing
The European Union has been forced to shut down its carbon credit markets after hackers stole up to 30 million euros ($40.8 million/728.4 million Kč) worth of the emissions allowances from the registries of five European countries, including the Czech Republic.
The Czech Registry for Emissions Trading was one of the worst affected by the hack, losing 7 million euros worth of the pollution permits, known as EU Allowances (EUAs).
Some 2 million EUAs were stolen by hackers from Austria, the Czech Republic, Greece, Estonia and Poland within a few days. Each credit allows the bearer one ton of emissions and is worth 14 euros.
EU authorities say they suspect a phishing scam enabled hackers to log into unsuspecting companies’ carbon credit accounts and transfer the allowances to themselves, allowing them to be sold on.
“For us at this stage, it is theft, not sabotage,” said spokeswoman Maria Kokkonen of the EU Climate Action Commissioner’s office at a press briefing in Brussels Jan. 20. “It could be possible that it is concerted action, because the recent incidents … happened within the last five days.”
The credits are normally traded between companies that have a shortage of or excess emissions allowances for their current operations, and involve instant payment, meaning hackers can create accounts and then delete them as soon as they are paid.
Zuzana Záhorová of the Czech Republic’s market registrar Electricity Market Operator (OTE) said about 1 million EUAs – worth some 350 million Kč – were missing from their accounts.
She told Bloomberg the registry would remain closed indefinitely.
Having initially said that markets would remain closed until Jan. 26, the EU later said member markets would reopen one by one as IT security upgrades were completed.
In a statement, the European Commission said it would “proceed to determine together with national authorities what minimum security measures need to be put in place before the suspension of a registry can be lifted.”
The EU Emissions Trading Scheme (ETS) allows around 12,000 companies, including major corporations, to buy and sell rights to pump industrial gases into the atmosphere.
Launched in 2005, the ETS is the largest carbon-trading scheme in the world, with revenue exceeding 72 billion euros last year.
It is thought the lack of agreement among the 27 member states – plus EEA members Norway, Iceland and Liechtenstein – about minimum Internet security standards could be relevant to the attacks.
A switch to an EU-wide single market for carbon credits is already slated for 2013.
Traders said the security breaches raised fears they might receive stolen allowances, telling the Financial Times they feared having to later forfeit credits they had purchased in good faith.
Despite the halt of on-the-spot trading, companies continued to deal in futures contracts, which account for the majority of the carbon credits sold, although the credits will be frozen until the market reopens.
It is not the first time the ETS has suffered a security breach. The system was hit by a phishing scam last year that saw 13 European markets shut down, while a cross-border fraud scam in 2008 and 2009 netted criminals 5 million euros, according to Agence France-Presse.