A Russian hacker has been locked up for three years in a New York jail after being found guilty of attempting to steal millions from Citibank. Vladimir Levin pleaded guilty to conspiracy in January after breaking into the CitiCorp’s Citibank computers from his machine in St Petersburg. The 30-year-old used the US bank’s customer identification […]
A Russian hacker has been locked up for three years in a New York jail after being found guilty of attempting to steal millions from Citibank. Vladimir Levin pleaded guilty to conspiracy in January after breaking into the CitiCorp’s Citibank computers from his machine in St Petersburg. The 30-year-old used the US bank’s customer identification codes and passwords to transfer money from cash management accounts to accounts in other banks controlled by himself and his accomplices. Levin has also been ordered to pay Citibank $240,000, the amount Vladimir successfully withdrew. Levin and his accomplices transferred $12m in all, and the bank detected the fraud after the first $400,000 but let the rest go through so it could track the thieves. On discovery of the fraud in July 1994, Citibank went straight to the FBI, and Levin carried on with the fraud until the bank put a stop to it in the October of that year. But it wasn’t until Levin was in the UK the following the March that he was arrested. All the accounts that were hit by Levin are known as Cash Management Systems, designed for use by corporate customers who can transfer money between their accounts. Citibank spokesperson Amy Dates said all the accounts targeted were not encrypted, giving Levin easy access to the money. This is not an option the bank now offers customers, and to protect against similar attacks in the future Citibank has implemented a security system known as the Dynamic Encryption Card. The card looks like a pocket calculator. The user turns the card on and enters a personal identification number. The card then generates a password to enable users to log into the system. The password can only be used once, heightening security and taking away the responsibility of customers to frequently change their passwords. As far as Citibank is aware, it is the only financial organization using such a system. Two other men involved in the fraud have been sentenced; another two are awaiting sentence. Meanwhile, the US defense headquarters, The Pentagon is reviewing its security system after also being targeted by hackers. The Pentagon says the attacks were directed at unclassified information and came at a time when there was a hacker contest going on and it looks likely that the incident was a game. Nevertheless it is taking the matter seriously, despite no harm being caused and will speed the upgrading of its security system.