Emissions hack sends EC security team back to drawing board

[nsane.forums]

Commission will revise IT security practices

The European Commission (EC) has decided to rethink its data security practices in the wake of a recent attack on its Emissions Trading System (ETS) web service.

The announcement follows a phishing attack which allowed cyber criminals to steal account data and perform a number of fraudulent transactions. Individuals were sent to users of the ETS registries which redirected to a phony log-in site which harvested account details.

The ETS service allows companies to trade carbon offsets in an attempt to manage and reduce carbon emissions amongst member states.

The EC said that a small number of fraudulent transactions were reported on 28 January as a result of the phishing operation. Several member states are currently investigating the attack and the EC is investigating the fraudulent web site itself.

The attack is also forcing the EC to re-think security practices for the ETS and its members.

"In the light of the attack, the Commission intends to review the ETS registries' security measures and will prepare revised security guidelines, as well as an action plan for possible future incidents," the EC said in a statement.

The attacks come at a rather inopportune time for the commission, as the ETS is preparing for the 2012 addition of the aviation industry to the ETS market.

View: Original Article