Vladimir Levin

The commonly known story

Vladimir Levin, a biochemistry graduate of St. Petersburg's Tekhnologichesky University in mathematics, led a Russian hacker group in the first publicly revealed international bank robbery over a network. Levin used a laptop computer in London, England, to access the Citibank network, and then obtained a list of customer codes and passwords. Then he logged on 18 times over a period of weeks and transferred $3.7 million through wire transfers to accounts his group controlled in the United States, Finland,the Netherlands, Germany, and Israel. Citibank later retrieved all but about $400,000. When Citibank noticed the transfers, they contacted the authorities, who tracked Levin down and arrested him at a London airport in March, 1995. He fought extradition for 30 months, but lost, and was transferred to the US for trial. He was convicted and sentenced to three years in jail, and ordered to pay Citibank $240,015. Four members of Levin's group pleaded guilty to conspiracy to commit bank fraud, and served various sentences. According to the coverage, in 1994 Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service (Financial Institutions Citibank Cash Manager) and transferred funds to accounts set up by accomplices in finland, the United states, the netherlands, germany and israel. Three of his accomplices were arrested attempting to withdraw funds in Tel Aviv, Rotterdam Interrogation of his accomplices directed investigations to Levin, then working as a computer programmer for St.Petersburg based computer company AO Saturn. However, at the time, there were no extradition treaties between the US and Russia covering these crimes. In March 1995 Levin was apprehended at London's stansted airport by scotland yard officers when making an interconnecting flight from moscow. Levin's lawyers fought against extradition to the US, but their appeal was rejected by the house of Lords in June 1997. Levin was delivered into U.S. custody in September 1997, and tried in the United States District Court for the Southern District of New York. In his plea agreement he admitted to only one count of conspiracy to and San francisco.defraud and to stealing US$3.7 million. In February 1998 he was convicted and sentenced to three years in jail, and ordered to make restitution of US$240,015. Citibank claimed that all but US$400,000 of the stolen US$10.7 million had been recovered. After the compromise of their system, Citibank updated their systems to use Dynamic Encryption Card, a physical authentication token. However, it was not revealed how Levin had gained access to the relevant account access details. Following his arrest in 1995, anonymous members of hacking groups based in St. Petersburg claimed that Levin did not have the technical abilities to break into Citibank's systems, that they had cultivated access to systems deep within the bank's network, and that these access details had been sold to Levin for $100.

The revelation a decade later

In 2005 an alleged member of the former St. Petersburg hacker group, claiming to be one of the original Citibank penetrators, published under the name ArkanoiD a memorandum on popular Provider.net.ru website dedicated to telecom market. According to him, Levin was not actually a scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit them. ArkanoiD emphasized all the communications were carried over network and the internet was not involved. ArkanoiD's group in 1994 found out Citibank systems were unprotected and it spent several weeks examining the structure of the bank's USA-based networks remotely. Members of the group played around with systems' tools (e.g. were installing and running games) and were unnoticed by the bank's staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some time. One of them later handed over the crucial access data to Levin (reportedly for the stated $100).