Famous Hackers

Vladimir Levin

In 1994, Vladimir Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service and transferred funds to accounts set up by accomplices in Finland, Germany and Israel, Netherlands and The United States.

Three of his accomplices were arrested attempting to withdraw funds in Tel Aviv, Rotterdam and San Francisco. After interrogation, his accomplices directed investigations to Levin, who was working as a computer programmer for St. Petersburg based computer company AO Saturn. At the time however, there were no extradition treaties between the US and Russia covering these crimes.

In March 1995 Levin was apprehended at London's Stansted Airport by Scotland Yard officers when making an interconnecting flight from Moscow. Levin's lawyers fought against extradition to the US, but their appeal was rejected by the House of Lords in June 1997.

Levin was delivered into U.S. custody in September 1997. In his plea agreement he admitted to only one count of conspiracy to defraud and to stealing US$3.7 million. In February 1998 he was convicted and sentenced to three years in jail, and ordered to make restitution of US$240,015. Citibank claimed that all but US$400,000 of the stolen US$10.7 million had been recovered.

After the compromise of their system, Citibank updated their systems to use Dynamic Encryption Card, a physical authentication token. However, it was not revealed how Levin had gained access to the relevant account access details. Following his arrest in 1995, anonymous members of hacking groups based in St. Petersburg claimed that Levin did not have the technical abilities to break into Citibank's systems, that they had cultivated access to systems deep within the bank's network, and that these access details had been sold to Levin for $100.

Back