Professional Documents
Culture Documents
UNIVERSITY OF NEW YORK TIRANA Rr. Medar Shtylla,Tirana, Albania Tel.: 00355-(0)4- 2441330 Fax: 00355-(0)4- 2441329 Web Site Address: http://www.unyt.edu.al
Class: Semester:
Deadline: Instructor:
Internet Fraud CaseVladimir Levin Vladimir Leonidovich Levin, born on March 11, 1971, a biochemistry graduate of St. Petersburg's Tekhnologichesky University in mathematics, led a Russian hacker group in the first international bank robbery over a network. Vladimir, who worked for AO Saturn, a trading company in St. Petersburg, befriended a former St. Petersburg bus driver who had turned entrepreneur in San Francisco, according to recently unsealed court documents. Levin allegedly told his new friend he had found out how to wire-transfer money out of the bank's computer system. Twice already, he allegedly bragged, he had squirreled substantial amounts into his own account in Finland. Court documents say Levin's colleague became a partner in what would become a multinational hackerring. Just a few weeks later, transfers were made to BankAmerica accounts held by Primorye (roughly translated as "Shoreland" in Russian) Corp. and Shore Corp., both of San Francisco. The companies were owned by Levin's friend Jevgenij Korolkov. By this time, the bank officials had begun to suspect foul play and started questioning Korolkov. Korolkov left the country but apparently was not deterred. Instead, the two pressed on and recruited new partners around the globe, authorities say. By October 1994, he broke into the bank's computerized cash management system and attempted forty illegal transactions to California, Israel, Germany, Holland, and Switzerland. Vladimir was allegedly using his office computer at AO Saturn, a computer firm in St. Petersburg, Russia, to break into the bank's computers and then obtained a list of customer codes and passwords. In July 1994 customers complained of $400,000 mysteriously "disappearing" from two bank accounts. the bank's security system flagged two transfers in August 1994, one for $26,800 and another for $304,000. Bank officials then contacted the FBI, who tracked Levin as he trespassed on the bank's system and made more illegal transfers. He logged on 18 times over a period of few weeks and between June and October 1994 transferred more than $10 million in funds from three corporate customers of the bank to bank accounts through wire transfers to accounts his group controlled in the United States, Finland, Netherlands, Germany, and Israel.
Address: Rr. Rr. Medar Shtylla Tirana, Albania Post code 1001 Telephone: +355 4 2441330 Fax: +355 4 2441329 Web site: http://www.unyt.edu.al
This case was not only a serious embarrassment for the perceived integrity of global banking systems but more pertinently for the bank itself. The bank said it was the first time its payment system had been successfully compromised but they deserve praise for the way in which they both reported it to the authorities and took the resultant adverse publicity on the chin. Turning potentially damaging publicity to their advantage the bank said the only reason $10 million was transferred from the New York accounts was because the bank cooperated with US authorities investigating the scheme. After the first $400,000 was stolen, the bank said, other illegal transactions were allowed to occur so an electronic trail could be laid that would identify all of the conspirators. Yet there was a critical gap in security procedures at the bank that also helped allow the crimes to be committed. Before a corporate transaction is finally approved, most banks require users to swipe a credit-card-like pass smart card through a terminal. The card is encoded with an electronic signature unique to the user and if the signature isnt present the transaction is voided. The bank didnt make these cards available to clients before Vladimir Levin penetrated the banks network, although it said it has done so since the crime was discovered. All the accounts that were hit by Levin are known as Cash Management Systems, designed for use by corporate customers who can transfer money between their accounts. Further, all the accounts targeted were not encrypted, giving Levin easy access to the money. The bank took immediate action so this event would not occur for a second time. The bank has since implemented a security system known as the Dynamic Encryption Card. The card looks like a pocket calculator. The user turns the card on and enters a personal identification number. The card then generates a password to enable users to log into the system. The password can only be used once, heightening security and taking away the responsibility of customers to frequently change their password. As far as The bank is aware, it is the only financial organization using such a system. The bank said that no current or former employees of the bank were involved in the scheme, but some bankers speculated that someone with inside knowledge of the banks security procedures helped perpetrate the crime. Issues for discussion Would you categorize this crime as coming from insiders our outsiders? Describe the fraud process detailed in steps: planning, theft, conversion to cash and concealment.
Telephone: +355 4 2441330 Fax: +355 4 2441329 Web site: http://www.unyt.edu.al
Address: Rr. Rr. Medar Shtylla Tirana, Albania Post code 1001
Address: Rr. Rr. Medar Shtylla Tirana, Albania Post code 1001