In December 1993, in St. Petersburg, Russia, a hacker known only as "arcanoid" was perusing the latest issue of Frack magazine. Frack was an online publication catering to hackers, filled with discussions on hacking techniques, cracking methods, and various cyber-related topics. Issue number 42 contained a list of hundreds of addresses connected to the x25 network. While the internet is the dominant network today, x25 was once the leading protocol, used by large companies to connect to various networks. The Sprint network, which utilized x25, enabled businesses to exchange data across long distances at high speeds.
Among the numerous companies listed in Frack magazine, City Bank stood out to arcanoid. Unlike the other entries, City Bank's listing lacked a specific geographical location. Intrigued, arcanoid enlisted the help of a friend to infiltrate City Bank's systems and explore its network.
As arcanoid and his friend navigated through City Bank's network, they encountered another hacker who, like them, had been drawn in by the information in Frack magazine. According to a blog post written by arcanoid, City Bank's lower-level networks were easily accessible. Communication within the network was also possible. As a result, arcanoid, his friend, the new hacker, and others they met within City Bank's network formed secret research groups, all with the goal of finding sensitive data and access points.
The team eventually discovered emails containing credentials for the credit and transfer terminals. This discovery gave them access to what was essentially a money-printing machine. However, most of the hackers were hesitant to risk their progress by attempting to transfer money to their own accounts.
The Emergence of Mr. Levan
One member of arcanoid's team, however, could not resist the temptation. Knowing he couldn't directly transfer money to himself, this unknown hacker sought accomplices. Eventually, he found someone willing to listen: a mysterious man known as Mr. Levan.
In early 1994, the hacker met with Levan in St. Petersburg. Levan, who also had a programming background, was very interested in the hacker's findings. However, instead of collaborating, Levan wanted the information for himself. The hacker agreed to sell the information to Levan for a mere $100.
The hacker explained the details of the Sprint network, the terminal needed to connect, and the credentials required at each step. The next day, Levan began to infiltrate the bank's network, following the hacker's instructions. After a few hours, he found the promised terminal, used for transferring money. Levan observed City Bank employees using the system, and after they finished, he entered bank credentials himself. Everything worked, confirming the accuracy of the information.
Levan knew he couldn't simply transfer money to his own account without raising suspicion. He began devising a plan to extract the money without being traced.
The Tambov Gang and the First Transfer
Despite being a programmer, Levan had connections to the tambov gang, a local crime group known for extortion, smuggling, and gang wars. He contacted a friend in the gang and explained his plan to make a significant amount of money, needing someone to open a new bank account and withdraw funds.
On July 15, 1994, Levan's friend in Finland confirmed he was ready to withdraw the money. Levan accessed the City Bank system and transferred $384,000 from a Uruguayan real estate company's account to his friend's account. He then called his partner, confirming the transfer.
The man, unaware of the details of the scheme, went to the bank to withdraw the money. The teller, suspicious of a new account receiving such a large sum, consulted with the bank manager. The teller returned with the money, and the man signed the receipt and left the bank with the cash. Levan and his accomplice had stolen nearly half a million dollars without violence.
The FBI Investigation
A few hours after the heist, the Uruguayan real estate company reported the missing funds to City Bank. City Bank discovered the fraudulent transaction and contacted the FBI. The FBI began investigating the crime.
City bank's security team and the FBI concluded that the perpetrators were likely still in the network and decided to monitor all transactions. They decided to allow the next fraudulent transaction to proceed as a honeypot. The FBI would then surveil the receiving bank and arrest the person attempting to withdraw the funds.
International Manhunt
As predicted, another fraudulent transaction occurred a few days later. A member of the tambov gang arrived in Argentina and opened a new bank account. Levan initiated a transfer of hundreds of thousands of dollars. However, this time, City Bank detected the transaction and alerted the Argentinian bank and the FBI, who in turn notified the Argentinian authorities.
As the gang member requested the funds, he was informed of an issue with the account and asked to wait. Suspecting something was wrong, he left the bank before the Argentinian police arrived. He contacted Levan, who realized his scheme had been discovered.
The Net Tightens
Levan intensified his efforts. In mid-August 1994, Alexios Palidas, a Greek citizen, arrived in Tel Aviv from St. Petersburg. He claimed to be a tourist but spent his time opening bank accounts. Simultaneously, a woman named Katarina Korova was doing the same thing in San Francisco. Both individuals had arrived from St. Petersburg and were setting up bank accounts.
On August 26, two suspicious transactions were initiated from City Bank's headquarters, deposited into the banks in Israel and San Francisco. Katarina attempted to withdraw the money in San Francisco but was stalled by the teller until the FBI arrived. This time, Levan's money mule was apprehended.
In Israel, undercover police were waiting at the bank. Alexio Palidas requested a large withdrawal. Realizing the bank was full of agents, he attempted to flee but was caught. He cursed at the police in Russian, revealing that he was not Greek but a Russian citizen named Alexi Lashman. The Israelis notified the FBI of the arrest.
The Mastermind Revealed
Katarina Korova, the first suspect in custody, was interrogated by the FBI. She claimed to be unaware of the full extent of the scheme and revealed that her husband, yevan corov, had traveled with her but left the country, instructing her to withdraw the money.
Korova, upset with her husband, agreed to cooperate. She persuaded yevan to reveal the name of the scheme's leader and set up a three-way call with the FBI, yevan, and the mastermind, Vladimir Levan. During the call, Levan confessed to everything.
Yevan's cooperation put his life in danger. When he arrived at JFK airport in New York, he was initially detained by immigration because he and his daughter lacked visas. However, an FBI agent recognized an immigration officer as a childhood friend, and yevan and his daughter were allowed to enter the country.
The FBI placed both parents in jail temporarily and cared for their daughter. Katarina was later released, and the FBI arranged an apartment and school for her daughter.
The Final Act
While the FBI was managing the corov family, the tambov gang pressured Levan to make his largest transfer yet. On September 13, 1994, a $1.5 million transaction hit a bank in Rotterdam. The FBI alerted the bank that someone would attempt to withdraw the money. A man entered the bank and requested the withdrawal. The Dutch police arrived and arrested him.
Levan's plan had failed again. The tambov gang, tired of Levan's failures, decided to punish him. Levan was now being hunted by the police and the Russian mafia. The Russian authorities, who were investigating the tambov gang, had intercepted calls between the gang and Levan and were also looking for him.
Capture and Aftermath
On March 3, 1995, Levan boarded a plane from St. Petersburg to London, hoping to stay with an old friend of his mother. However, the Russian authorities informed the FBI, who contacted UK law enforcement. Levan was arrested upon arrival in London.
FBI agents traveled to Russia and analyzed computers at Levan's workplace, a computer and software company called Saturn spb. They found the data they were looking for, confirming that he had used the company's machines to access City Bank's networks.
Levan spent 30 months in a British prison before being extradited to the US. To reduce his sentence, he offered his services to US law enforcement. However, some questioned his hacking abilities.
After being released from prison in 1998, Levan traveled to the Czech Republic and disappeared. Some believe he was murdered in Prague over a set of mysterious transactions worth several million dollars that he triggered before fleeing to London. He had sent $3.5 million to accounts of a Czech company reportedly belonging to one of his friends. Others believe that the owner of the company helped Levan assume a new identity.
In 2005, a hacker known as arcanoid wrote an article on a Russian hacking forum, claiming that Levan had simply bought the secrets from a member of his hacking group. The article explained the full extent of the hack, which had not been previously known.
The fate of Vladimir Levan remains unknown.
Lessons Learned
The City Bank hack exposed vulnerabilities in network security and highlighted the importance of strong passwords and monitoring systems. The case also demonstrated the potential for international cooperation in combating cybercrime.
In today's world, the threat of cybercrime is greater than ever. Hackers often target small businesses by exploiting compromised employee accounts. When personal accounts are breached, hackers use advanced tools to find out where the person works and then use the same credentials to access the company's network. Once inside, they can steal data, commit fraud, or drain finances.
Password managers like NordPass can help prevent these breaches by generating and storing unique, strong passwords for employees. NordPass also scans the dark web for compromised credentials and alerts users if their information is found. This helps businesses keep their credentials safe and avoid wasting time resetting passwords.
Responses (0 )