Vladimir Levin (hacker)

Vladimir Leonidovitch Levin (Владимир Леонидович Левин) is a Russian individual famed for his involvement in a hacking attempt to fraudulently transfer $10.7 million ($ million in ) via Citibank's computers.

The commonly known story
At the time, the mass media claimed he was a mathematician and had a degree in biochemistry from Saint Petersburg State Institute of Technology.

According to the coverage, in 1994 Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service (Financial Institutions Citibank Cash Manager) and transferred funds to accounts set up by accomplices in Finland, the United States, the Netherlands, Germany and Israel.

Three of his accomplices were arrested attempting to withdraw funds in Tel Aviv, Rotterdam and San Francisco. Interrogation of his accomplices directed investigations to Levin, who was then working as a computer programmer for St. Petersburg-based computer company AO Saturn. However, Russia's Constitution prohibits the extradition of its citizens to foreign countries.

In March 1995, Levin was lured to London and apprehended at London's Stansted Airport by Scotland Yard officers when making an interconnecting flight from Moscow. Levin's lawyers fought against extradition to the U.S., but their appeal was rejected by the House of Lords in June 1997.

Levin was delivered into U.S. custody in September 1997 and was tried in the United States District Court for the Southern District of New York. In his plea agreement, he admitted to only one count of conspiracy to defraud and to stealing US$3.7 million. In February 1998, he was convicted and sentenced to three years in jail, and ordered to make a restitution of US$240,015. Citibank claimed that all but US$400,000 of the stolen US$10.7 million had been recovered.

After the compromise of their system, Citibank updated their systems to use Dynamic Encryption Card, a physical authentication token. However, it was not revealed how Levin had gained access to the relevant account access details. Following his arrest in 1995, anonymous members of hacking groups based in St. Petersburg claimed that Levin did not have the technical abilities to break into Citibank's systems, that they had cultivated access to systems deep within the bank's network, and that these access details had been sold to Levin for $100.

The revelation a decade later
In 2005, an alleged member of the former St. Petersburg hacker group, claiming to be one of the original Citibank penetrators, published a memorandum under the name ArkanoiD on the popular Provider.net.ru website dedicated to the telecom market. According to him, Levin was not actually a scientist (mathematician, biologist, or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate Citibank machines and then exploit them.

ArkanoiD emphasized that all the communications were carried over X.25 network, and the Internet was not involved. ArkanoiD's group in 1994 found out Citibank systems were unprotected, and they spent several weeks examining the structure of the bank's USA-based networks remotely. Members of the group played around with systems' tools (e.g. were installing and running games) and were unnoticed by the bank's staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some point. One of them later handed over the crucial access data to Levin (reportedly for the stated $100).