Vladimir exists speculation that Levin had partners inside

 

     Vladimir
Levin was a 26 years old mathematics graduate of St. Petersburg’s
Tekhnologichesky University that worked at Russian computer firm AO Saturn. In
1994 Vladimir hacked Citibank’s computers and stole 10.7 million dollars. Levin
used an obsolete 286 computer to hack Citibank’s Cash Manager system and
obtained a list of customer codes and passwords. Then between June and August,
he logged onto the system 18 times and transferred money through wire transfers
to accounts he controlled in USA, Germany, Israel, Finland, Netherland and Switzerland. The Interpol
arrested him at Heathrow Airport in 1995. Levin was sent to prison in the
United States for three years and had to pay back $240,015 to Citibank. Levin’s
case is critically analyzed in this essay.

     Firstly we will analyze the type of
Levin’s crime. Citibank’s hack that Vladimir did is an outsider crime. Even
though exists speculation that Levin had partners inside the bank that give him
information, evidence that supports those ideas are never shown. There are
three theories how Levin got the information he needed without an insider
accomplice. Vladimir instead of internet used telecommunications systems by
intercepting on clients ‘calls to get their account number and PINs. The second
theory is that Levin hacked Citibank network and obtained a list of customer
codes and passwords. The third theory was released ten years later by someone
named ArkanoiD that claims Levin bought that information for 100 dollars.
ArkanoiD’s group deny use of internet and claim that communications were
carried over x.25 network. Using this network, they found out that Citibank
systems were unprotected and spent some weeks exploring the structure of the
bank. They even played with systems’ tools like installing, and running games
and staff of the bank didn’t notice anything. ArkanoiD considered themselves as
white hats and didn’t plan to lead a robbery so after some time they stopped
their activities. One of them “betrayed” by selling the crucial access data to
Levin. Levin’s hack is and will be considered as outsider crime until evidence
to the contrary will be shown.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

   Secondly, we will describe the fraud
process. Levin before committed the crime had to plan it. He planned how to get
the necessary information, how to hack Citibank, how and where to transfer the
money which people would include in this crime and how to hide everything.
Firstly Vladimir needed information about accounts and PINs. The most credible
theory is that he got that information by intercepting on clients ‘calls while
recording the punched in account numbers. (This was what FBI officially said)
Other theories are by hacking Citibank system or buying from the member of
ArkanoiD’s group. (These theories are explained above.) Vladimir befriended
with Jevgenij Korolkov, a former St. Petersburg bus driver who had moved to San
Francisco. Jevgenij and his wife were partners of Levin in his crime. Levin
told Jevgenij that he had found a way to wire transfer money out of Citibank’s
computer system and moved an amount into his account in Finland. He compromised
Citibank’s cash management system that allowed its customer to start their fund
transfers to other banks by dialling in remotely. To avoid suspicious Levin
worked late at night from his apartment in Russia and used valid user IDs and
passwords of other banks. After few weeks transfer were made into BankAmerica
accounts held by Primorye and Shore Corporations owned by Jevgenij. On 2 August
1994 Citibank security system flagged transfers $26800 and $304000 as
“strange”. The bank was looking for Jevgenij to ask him about transfers but he
left the USA. After that Levin and Jevgenij recruited new partners around the
world. By October 1994, 40 more transfers were made to Israel, Netherland,
Switzerland, California, and Germany.

   Thirdly we will name same reasons why
hackers commit the fraud. The first and apparent reason is for money. Everyone
loves money. People always search for the easier way to make money without much
fatigue and effort. Levin found out a golden opportunity from the poor security
of Citibank and decided to use it. I am sure that almost all people that would
have his chance and his abilities will do the same. The second reason is for
fun, for a hobby, for passion. Maybe this bank hack started as a game, as a
challenge to know if the hacker could break the system, to see how far he could
reach. After reaching the top (hacking bank), he couldn’t let himself to fall;
he couldn’t stop what he was doing.  The
third reason is for fame, to make sure everyone knows his name, to “engrave”
his name in history even though it is for bad. After FBI arrested Levin
everyone knew his name, Russian, Americans and all world talked about him,
people nowadays continue to talk about him (like we are doing) and they take
him as an example.

   Also,
we will name some known techniques used in this fraud scenario.  One important technique is espionage by
intercepting on clients ‘calls to get their account number and PINs. Second
technique can be phishing. Phishing means e-mail fishing for personal and
financial information disguised as legitimate business e-mail. Vladimir may
have used this method for cheating clients of Citibank and having their account
numbers and PINs. Another technique can be Man in The Middle Attack (MITM).
Network connections that are secure can expose the user to MITM attack that is
an intercepting of the data stream between sender and recipient. The hacker
established two connections that are one with himself and server, and other is
himself and client. All data that are passed through this connection are read
from the hacker. Maybe Vladimir had used MITM to get information for accounts,
transfers etc. that clients exchanged with banks online.

   The weakest link that
Citibank had in the security is unencrypted accounts. Apparently, not all
accounts in this bank were encrypted. Encryption is one method of protecting
files by encoding messages or information that they have in such a way that can
be accessed only by authorized people, people without the necessary authorized
cannot. This technique doesn’t prevent interference but denies the
comprehensible content to a would-be interceptor. If all accounts were
encrypted, Levin would get information and money that they had inside. Other
weaknesses are the poor security system, missed of frequent updates and maybe
they used of x.25network. If what ArkanoiD pretends is true then all Citibank
systems were unprotected, they even play games and bank didn’t notice. Also,
system managers appeared so self-confident and inattentive, that hackers could
walk about in their possession practically not masking.       

   The main reason that helped
the bank to recover almost the entire amount of the money is the deal with
Vladimir Levin. Maybe Citibank manager and FBI made a deal with Vladimir by reducing
some charges and lowering the sentence in exchange for money. They were more
than ten million dollars in the game, so the best deal for all was money for a
lower sentence. This maybe explains the fact that Vladimir was sentenced only
to three years in prison and had to pay the Citibank $240,015. This sentence
was very strange because Vladimir who stole so much money had fewer years in
jail than the one given to Kevin Mitnick captured in 1995, who had stolen 20000
credit card numbers.

    Next, we will analyze if
the bank did the right thing by going on FBI. We are considering the fact that
the bank lost 20 clients because they didn’t see Citibank anymore as a secure
place and $400,000.The action that Citibank did by going to FBI and denounced
this fraud was absolutely correct. The crime is a crime even it is a minor or a
major. It is not our job to consider the type and consequences of crime. This
is the job of policies and judges. Citibank by denounced this fraud in FBI and
by cooperating with them in order to find hacker that that caused all these
damages bought as a result the arrest of Vladimir Levin, recover of almost
entire of the money and the most important they caught a criminal who would
continue to commit crimes, who may hack other banks and companies. Thanks to
bank denouncement the world had one black hat hacker less for three years.

   Furthermore, in the
analyzing of this fraud case, I would consider like I was one of the customers
of the Citibank. If I were a customer of the bank, I would do the same that 20
clients did.  I would leave the bank as
soon as possible by transferring the money to another bank that I would think
that was most secure.  I would feel insecure,
perhaps frustrated and disappointed with the Citibank that let their system to
be hacked. In the end, the reason why I put money in the bank is that they are
considered secure place. Otherwise, I would keep them in the safe at home.

    Finally, I will say my
feeling as a reader for all this case and for Vladimir Levin. Initially, I will
disapprove his actions. He is a criminal, broke the law, hacked money from the
account of people in the bank.  Who are
you to steal the money of someone that has worked very hard to gain? Vladimir
is a hacker, so if he wanted money, he could work for companies or organization
that offered jobs that are appropriate for it. On the other hand, I cannot deny
that I feel a hidden admiration for him. I really wanted to have its abilities.
For good or bad Levin is a genius. It is very rare to find people who have
Vladimir skills. I admire his abilities and if I had them I would use for good
purposes, I would be a “white hat” hacker.