Redazione RHC : 18 October 2025 21:39
Today we’ll meet another hacker from the past. He’s Vladimir Levin, a Russian hacker from St. Petersburg (Владимир Леонидович Левин), who became famous for breaking into the servers of the U.S. bank Citibank and transferring $400,000 from their accounts.
When banks first went online, they were almost immediately targeted by hackers. Vladimir Levin was one of the first known hackers to attempt to rob a bank. Levin thus went down in history as one of the world’s most famous hackers, due to his early attempts to rob online banks.
Vladimir Leonidovich Levin was born on March 11, 1971, and graduated from St. Petersburg Technological University with a degree in biochemistry and mathematics.
Vladimir was working as a systems administrator for AO Saturn, a trading company in St. Petersburg, when he met Yevgeny Korolkov, a former bus driver who had moved to San Francisco to become an entrepreneur.
Levin allegedly told his new friend that he had discovered how to transfer money via wire transfer from the bank’s computer system. He had already boasted twice,
of having paid large sums of money into his account in Finland.
In fact, a few weeks after the two met, money transfers were made to some BankAmerica accounts held by Primorye Corp. and Shore Corp., both San Francisco companies.
The companies were owned by Levin’s friend Yevgeny Korolkov. By this time, bank officials had begun to suspect foul play and began questioning Korolkov. But Korolkov soon left the country and was undeterred. In fact, the two began recruiting new partners around the world.
Court documents state that Levin’s colleague soon became a partner in what would later become an international hacker group that conducted the first publicly disclosed online bank heist.
Once the group was formed, things got serious.
From a dial-up terminal connected to St. Petersburg, Russia, Levin, using a laptop, accessed Citibank’s IT infrastructure, obtaining a list of customer codes and passwords.
Once he acquired the logins to these accounts, he logged in 18 times over a period of weeks, transferring approximately $3.7 million via wire transfers to accounts controlled by his group in the United States, Finland, the Netherlands, Germany, and Israel.
Levin was able to access the fund through the company’s telephone cash management system, a system that was neither secure nor encrypted. He used valid account information and simply made the transfers.
Levin pulled off a major robbery in an old-fashioned bank, but without a gun, a mask, or hostages. The heist was therefore the robbery for the history books, in the early days of the technological age, when banks were just starting to go online.
When Citibank noticed the transfers on its network, it contacted the authorities, who began investigating the matter and gradually led to the cybercriminal gang led by Levin. As cunning as the crime was at the time, Levin and his accomplices were quickly caught.
Three of Levin’s associates were arrested for a separate crime, attempting to withdraw money from banks in San Francisco, Rotterdam and Tel Aviv.
After being questioned, the three divulged information about the gang leader, Levin, and their previous theft. Levin, after fighting extradition for 30 months, was transferred to the United States in 1997.
Once extradited to the United States, he was tried in New York. He confessed to numerous crimes, including conspiracy to defraud and the theft of $3.7 million. All but $400,000 of the money was eventually recovered.
Levin was sentenced to three years in prison and ordered to repay $240,000 to Citibank. He was sentenced to three years in prison, and the four members of Levin’s group pleaded guilty to conspiracy and pleaded guilty to committing bank fraud and served various sentences.
When Levin was extradited to the United States in 1997, newspapers described him as the mastermind behind the first Internet raid on a bank. However, some security experts dispute this claim. Levin, they say, used telecommunications systems, not the Internet, to break into the bank.
In fact, he was able to intercept the bank’s customers’ phone calls and, while the customers authenticated themselves to their accounts by entering their account numbers and PINs, they obtained the information needed to make fraudulent transactions.
At the extradition hearing in the UK, Levin’s lawyer argued that no computer in the United States had been used to access the bank’s accounts and that extradition was unjustified. When the case was settled, Levin’s American lawyer argued that none of the transactions had technically passed through New York, where Levin was being tried, since the bank’s computer is on the river in New Jersey.
The incident highlighted the vulnerabilities present in financial institutions that were increasingly relying on electronic transactions at the time. But cybersecurity experts said what was remarkable about this hack was that it all became public.
Banks were racing to offer their customers various ways to transfer money, pay bills, and conduct other transactions electronically. But as they sought to promote electronic services and reduce the high costs of operating branches, they were taking risks.
Since this major cybersecurity incident, the victim bank has implemented corrective measures to strengthen its network security. Although the hack did not involve the internet, the incident has generated media coverage that has attracted the attention of web security experts.
After Levin’s fraud, banks implemented additional security features to protect all access points within the banking system. Levin was a pioneer in fraud and deception using new technologies.
The significance of this historic hack hinged on the creativity and innovation of the criminals involved and served as a testament to the comprehensive security of any organization. From secure locks to encrypted data, organizations and businesses are forced to stay one step ahead of the attackers.
The FBI, for its part, has also begun expanding its cybercrime capabilities and global footprint, steadily building an arsenal of tools and techniques that help us lead the national effort to investigate high-tech crimes today.
Vladimir Levin’s 3-year sentence in 1997 was surprisingly shorter than that given to Kevin Mitnick, who was caught in 1995 for stealing 20,000 credit card numbers.
Redazione