It was hardly the opening salvo in a new era of virtual crime, but it was certainly a shot across the bow.
Two decades ago, a group of enterprising criminals on multiple continents—led by a young computer programmer in St. Petersburg, Russia—hacked into the electronic systems of a major U.S. bank and secretly started stealing money.
No mask, no note, no gun—this was bank robbery for the technological age.
The case began in July 1994, when several corporate bank customers discovered that a total of $400,000 was missing from their accounts.
Once bank officials realized the problem, they immediately contacted the FBI. Hackers had apparently targeted the institution’s cash management computer system—which allowed corporate clients to move funds from their own accounts into other banks around the world. The criminals gained access by exploiting the telecommunications network and compromising valid user IDs and passwords.
Working with the bank, the FBI began monitoring the accounts for more illegal transfers. The FBI eventually identified approximately 40 illegal transactions from late June through October, mostly going to overseas bank accounts and ultimately adding up to more than $10 million. Meanwhile, the bank was able to get the overseas accounts frozen so no additional money could be withdrawn.
The only location where money was actually transferred within the U.S. was San Francisco.
Investigators pinpointed the bank accounts there and identified the owners as a Russian couple who had previously lived in the country.
When the wife flew into San Francisco and attempted to withdraw funds from one of the accounts, the FBI arrested her and, soon after, her husband. Both cooperated in the investigation, telling us that the hacking operation was based inside a St. Petersburg computer firm and that they were working for a Russian named Vladimir Levin.
The FBI teamed up with Russian authorities—who provided outstanding cooperation just days after a new FBI legal attaché office had been opened in Moscow—to gather evidence against Levin, including proof that he was accessing the bank’s computer from his own laptop.
Agents also worked with other law enforcement partners to arrest two co-conspirators attempting to withdraw cash from overseas accounts; both were Russian nationals who had been recruited as couriers and paid to take the stolen funds that had been transferred to their personal accounts.
In March 1995, Levin was lured to London, where he was arrested and later extradited back to the United States.
He pled guilty in January 1998.
Believed to be the first online bank robbery, the virtual theft and ensuing investigation were a needed wakeup call for the financial industry…and for law enforcement. The victim bank put corrective measures in place to shore up its network security.
Though the hack didn’t involve the Internet, the case did generate media coverage that got the attention of web security experts. The FBI, for its part, began expanding its cyber crime capabilities and global footprint, steadily building an arsenal of tools and techniques that help us lead the national effort to investigative high-tech crimes today.
Reflections of a Case Investigator
Special Agent Andrew Black, who back in 1994 was part of a white-collar crime squad in the FBI’s San Francisco Office, recalled that he became involved in the New York-based investigation when it was discovered that some of the money moved out of the bank by the hacker ended up in several San Francisco bank accounts.
FBI Special Agent Andrew Black May 18, 2017
“At the time,” Black said, “we didn’t have a cyber crime team in the office, so the white-collar crime route seemed the most logical way to go.” He remembered that in August 1994, after identifying the owners of the bank accounts as Russian nationals Evygeny and Ekaterina Korlokova—who had an apartment in San Francisco—Ekaterina attempted to withdraw funds from one of the accounts.
“Because the account had been frozen, she wasn’t able to get the money,” he said. Ekaterina went back to her apartment and started packing her bags. Black said when he and an FBI interpreter went to her residence to arrest her, her suitcases were in the hallway and she had a one-way ticket to Russia.
And where was her husband? Black said Evygeny had flown back to Russia, “leaving his young wife alone in the U.S. to withdraw the illegal funds from their bank accounts.” But Ekaterina, who agreed to cooperate in the investigation, managed to convince him to return—according to Black, she “read him the riot act over the phone…in Russian, of course.” He returned, was arrested, and agreed to cooperate as well.
Black remembered that the case garnered a great deal of attention at the time, “which was good, because it resulted in a lot more focus on network security.” And after it ended, he gave presentations on it to raise general awareness of an emerging criminal threat.
“There was a particularly high demand for the presentation from the banking industry,” he added. And in 1995, Black was asked to become a part of the San Francisco FBI’s newly formed computer intrusion squad…one of the Bureau’s first.
The revelation a decade later
In 2005 an alleged member of the former St. Petersburg hacker group, claiming to be one of the original Citibank penetrators, published under the name ArkanoiD a memorandum on popular Provider.net.ru website dedicated to telecom market.
According to him, Levin was not actually a scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit them.
ArkanoiD emphasized all the communications were carried over X.25 network and the Internet was not involved.
ArkanoiD’s group in 1994 found out Citibank systems were unprotected and it spent several weeks examining the structure of the bank’s USA-based networks remotely. Members of the group played around with systems’ tools (e.g. were installing and running games) and were unnoticed by the bank’s staff.
Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some time. One of them later handed over the crucial access data to Levin (reportedly for the stated $100).
Sources
FBI.GOV