Vladimir Levin
From Wikipedia, the free encyclopedia
Vladimir Levin (born 1971) is a Russian individual famed for his involvement in the attempt to fraudulently transfer US$10.7 million via Citibank's computers in 1994.
[edit] The commonly known story
Mass media claimed at the time he was a mathematician and had a degree in biochemistry from Saint Petersburg State Institute of Technology.
According to the coverage, in 1994 Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service (Financial Institutions Citibank Cash Manager) and transferred funds to accounts set up by accomplices in Finland, the US, the Netherlands, Germany and Israel.
Three of his accomplices were arrested attempting to withdraw funds in Tel Aviv, Rotterdam and San Francisco. Interrogation of his accomplices directed investigations to Levin, then working as a computer programmer for St Petersburg based computer company AO Saturn. However, at the time, there were no extradition treaties between the US and Russia covering these crimes.
In March 1995 Levin was apprehended at London's Stansted Airport by Scotland Yard officers when making an interconnecting flight from Moscow. Levin's lawyers fought against extradition to the US, but their appeal was rejected by the House of Lords in June 1997.
Levin was delivered into US custody in September 1997, and tried in the Southern District of New York. In his plea agreement he admitted to only one count of conspiracy to defraud and to stealing US$3.7 million. In February 1998 he was convicted and sentenced to three years in jail, and ordered to make restitution of US$240,015. Citibank claimed that all but US$400,000 of the stolen US$10.7 million had been recovered.
After the compromise of their system, Citibank updated their systems to use Dynamic Encryption Card, a physical authentication token. However, it was not revealed how Levin had gained access to the relevant account access details. Following his arrest in 1995, anonymous members of hacking groups based in St Petersburg claimed that Levin did not have the technical abilities to break into Citibank's systems, that they had cultivated access to systems deep within the bank's network, and that these access details had been sold to Levin for $100.
[edit] The revelation a decade later
In 2005 an alleged member of the former St Petersburg hacker group, claiming to be one of the original Citibank penetrators, published under the name ArkanoiD a memorandum on popular Provider.net.ru website dedicated to telecom market.[1] According to him, Levin was not actually a scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit them.
ArkanoiD emphasized all the communications were carried over X.25 network and the Internet was not involved. ArkanoiD's group in 1994 found out Citibank systems were unprotected and it spent several weeks examining the structure of the bank's USA-based networks remotely. Members of the group played around with systems' tools (e.g. were installing and run games) and were unnoticed by the bank's staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some time. Someone of them later handed over the crucial access data to Levin (reportedly for the stated $100).
[edit] References
- TLC: Hackers' Hall of Fame
- Bank Robbers Go Electronic Byte.com, November 1995
- 1997 Extradition judgment
- ^ (Russian) Levin's Case, the Missing Chain — Provider.net.ru, November 11 2005
- (Russian) Net Crackers and the Truth about Levin's Case — the book 'Attack from Internet', 2002, I. Medvedkovsky, P. Semyanov, D. Leonov, A. Lukatsky