EC acts over cyber attacks on emissions trading account holders

4 February 2010

European Commission takes action over cyber attacks on emissions trading scheme
account holders

The European Commission today announced that it will revise its internet
security guidelines following cyber attacks on EU Emissions Trading System (EU
ETS) registries last week. Scam emails asked users of the registries to log on
to a website and disclose their user identification code and password. Some
fraudulent transactions were carried out but the security of the Community
Registry and the Community Independent Transaction Log was not compromised.

The widespread 'phishing' attack on users of EU ETS registries took place on 28
January. Alerted by The Netherlands and Norway, the Commission informed all EU
member states and asked them to take appropriate security measures immediately.

Although member states reacted promptly, a limited number of fraudulent
transactions were performed, as the website used the European Commission's
visual identity and appeared genuine. The Commission is actively supporting
member states in their investigations of these transactions. The Commission also
started immediate investigations of the offending website and is working on
closing it permanently.

In the light of the attack, the Commission intends to review the ETS registries'
security measures and will prepare revised security guidelines, as well as an
action plan for possible future incidents.

This follows the proposed new legislative security measures to prepare for the
inclusion of the aviation sector in the Community Registry in 2012.

__________________