The Citibank Affair: A Purely Russian Crime?
By Nahum Goldmann
Nahum.Goldmann (at) ARRAYdev.com
Nahum Goldmann has been employed as a manager, scientist and lecturer
in leading industrial high-tech firms and academia. Mr. Goldmann has
published several critically acclaimed books that deal with knowledge
Novoye Russkoe Slovo (NRS), a NY-published newspaper which acclaims
itself as the largest Russian-language daily outside of the x-USSR,
published an engaging account of the so-called Citibank Affair in
September 1995. A fairly large article ("Purely Russian Crime..."
NRS, Sept. 15, 1995, pp. 13-14) was written by Vladimir Strizhevsky
but was actually based on the original investigative materials
submitted by several contributors from Moscow and St. Petersburg, as
well as from NY, London, Brussels and other world financial capitals.
Undoubtedly, NRS have done quite a good job in clarifying and
illuminating the background of the Citibank Affair. For whatever
reasons, the English-language media have not covered the background
of Russian participants that well. However, an expert in
electronic banking and commerce on Internet might find utterly
fascinating the very minute details of this complex crime scheme that
involved many people and spread across several continents.
The story at NRS starts at the end of August, 1994 in Tel-Aviv. A
certain Alexei Lachmanov, a Georgian national and a holder of a false
Greek passport to the name of Alexios Palmidis, had been arrested by
Israeli police when he tried to withdraw nearly US$1M. The funds in
question were electronically transferred to five Israeli banks from
Invest-capital, an Argentinean subsidiary of the Citibank. The
Israelis had been tipped by the Citibank through the FBI with the
information that all the money transfers had been done with the
illegal use of Invest-capital's own secret codes.
The subsequent multinational investigation has shown that it was a
leading St. Petersburg's, Russia computer expert Vladimir Levin who
was able to conduct numerous electronic transfers from several
Citibank's subsidiaries in Argentina and Indonesia to various
financial institutions in San Francisco, Tel-Aviv, Amsterdam, Germany
and Finland. According to NRS's speculations, Mr. Levin's succeeded
so well because, in addition to Citibank's own electronic cash-
management hub in NY, he was also able to crack down the electronic
defense of several SWIFT's branch offices in the third-world
countries. SWIFT, a secretive Belgium-based electronic
telecommunication consortia of World-leading banks, is primarily
involved in mutual settlement payments amongst its members.
On the other hand, in the interview with an NRS correspondent V.
Kaminsky, Citibank's spokesman rejected the newspaper's version of
SWIFT's penetration. Instead he claimed that Citibank knew all along
about Mr. Levin's infiltration, playing with him a sophisticated
multistep deception game. Of course, the Citibank's face-saving
version of events sounds not that convincing, taking into account a
large number of uncontrollable players, a sizable amount of real cash
involved, multicontinental reach of the overall crime scheme and the
fact that the bank was ultimately unable to recover a substantial
chunk of its own money.
Not your ordinary self-taught hacker, Mr. Levin, 31, an aloof man and
a graduate of a prestigious Department of Applied Mathematics, was
considered somewhat of a computer genius in the St. Petersburg's
University circles. The scheme started when Mr. Levin's
acquaintance, a Russian-American wholesale trader, asked him to
develop programming support for his international trading business.
According to Mr. Levin's university friends, the idea of breaking
into secure bank networks has been born somewhat spontaneously during
a purely technical discussion on the advantages and disadvantages of
different bank networking programs. The debaters were members of a
St. Petersburg's group of elite computer experts that could best be
described as a local response to the Internet's own Cypherpunk
community. I found it fascinating and somewhat ironic that the
infiltration plot had actually started as a low-key bet that the
Russian famous resourcefulness would triumph where the famed Yankee
ingenuity has already proven to be unsuccessful!
In the overall crime scheme, Levin was supported by as many as 30
collaborators, at least some of them computer experts. Several of
his partners-in-crime, arrested in the U.S., Russia, Israel and the
Netherlands, were primarily involved in cash retrieval and
laundering, ultimately the most vulnerable part in any grand scheme
of electronic theft. It is hardly a secret that most professional
bankers are routinely trained to contest, or at least report to
authorities, any suspicious withdrawal of large sums of cash. Some
of the U.S. arrests have been successfully kept in secret for many
months, for the fear of alerting the criminals back in Russia. Mr.
Levin himself was arrested in September 1995 in a UK airport, en-
route through that country.
Apparently, in the best tradition of this fledging industry, Citibank
have already used the lessons obtained from Mr. Levin's penetration
to beef up the security of its own electronic payment system.