A Byte Out of History
$10 Million Hack, 1994-Style
It was hardly the opening salvo in a new era of virtual crime, but it was certainly a shot across the bow.
Two decades ago, a group of enterprising criminals on multiple continents—led by a young computer programmer in St. Petersburg, Russia—hacked into the electronic systems of a major U.S. bank and secretly started stealing money. No mask, no note, no gun—this was bank robbery for the technological age.
Our case began in July 1994, when several corporate bank customers discovered that a total of $400,000 was missing from their accounts. Once bank officials realized the problem, they immediately contacted the FBI. Hackers had apparently targeted the institution’s cash management computer system—which allowed corporate clients to move funds from their own accounts into other banks around the world. The criminals gained access by exploiting the telecommunications network and compromising valid user IDs and passwords.
Working with the bank, we began monitoring the accounts for more illegal transfers. We eventually identified approximately 40 illegal transactions from late June through October, mostly going to overseas bank accounts and ultimately adding up to more than $10 million. Meanwhile, the bank was able to get the overseas accounts frozen so no additional money could be withdrawn.
The only location where money was actually transferred within the U.S. was San Francisco. Investigators pinpointed the bank accounts there and identified the owners as a Russian couple who had previously lived in the country. When the wife flew into San Francisco and attempted to withdraw funds from one of the accounts, the FBI arrested her and, soon after, her husband. Both cooperated in the investigation, telling us that the hacking operation was based inside a St. Petersburg computer firm and that they were working for a Russian named Vladimir Levin. (See the sidebar for more on the San Francisco angle of the case from one of the agents who worked it.)
We teamed up with Russian authorities—who provided outstanding cooperation just days after a new FBI legal attaché office had been opened in Moscow—to gather evidence against Levin, including proof that he was accessing the bank’s computer from his own laptop. We also worked with other law enforcement partners to arrest two co-conspirators attempting to withdraw cash from overseas accounts; both were Russian nationals who had been recruited as couriers and paid to take the stolen funds that had been transferred to their personal accounts.
In March 1995, Levin was lured to London, where he was arrested and later extradited back to the United States. He pled guilty in January 1998.
Believed to be the first online bank robbery, the virtual theft and ensuing investigation were a needed wakeup call for the financial industry…and for law enforcement. The victim bank put corrective measures in place to shore up its network security. Though the hack didn’t involve the Internet, the case did generate media coverage that got the attention of web security experts. The FBI, for its part, began expanding its cyber crime capabilities and global footprint, steadily building an arsenal of tools and techniques that help us lead the national effort to investigative high-tech crimes today.
Source: U.S. Federal Bureau of Investigation
- 308 reads
Human Rights
Ringing FOWPAL’s Peace Bell for the World:Nobel Peace Prize Laureates’ Visions and Actions
Protecting the World’s Cultural Diversity for a Sustainable Future
The Peace Bell Resonates at the 27th Eurasian Economic Summit
Declaration of World Day of the Power of Hope Endorsed by People in 158 Nations
Puppet Show I International Friendship Day 2020