From: attila <attila@primenet.com>
Date: Sun, 21 Jan 1996 19:00:23 +0800
To: cypherpunks@toad.com
Subject: good background on CitiBank/Russian caper
Message-ID: <Pine.BSD.3.91.960121104303.1821D-100000@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



The folling article was culled from the current issue of the journal of 
internet banking.

---------- Forwarded message ----------
Date: Fri, 19 Jan 1996 18:01:32 -0500

Journal Of Internet Banking And Commerce
Vol. 1, no. 1, January 19, 1996


---------------------------------------------
The Citibank Affair:  A Purely Russian Crime?
---------------------------------------------

Nahum Goldmann
ARRAY Development
Nahum.Goldmann@ARRAYdev.com>
http://www.ARRAYdev.com/

---------------------------------------------------------------------
Nahum Goldmann has been employed as a manager, scientist and lecturer 
in leading industrial high-tech firms and academia.  Mr. Goldmann has 
published several critically acclaimed books that deal with knowledge 
transfer issues.
---------------------------------------------------------------------

Novoye Russkoe Slovo (NRS), a NY-published newspaper which acclaims 
itself as the largest Russian-language daily outside of the x-USSR, 
published an engaging account of the so-called Citibank Affair in 
September 1995.  A fairly large article ("Purely Russian Crime..." 
NRS, Sept. 15, 1995, pp. 13-14) was written by Vladimir Strizhevsky 
but was actually based on the original investigative materials 
submitted by several contributors from Moscow and St. Petersburg, as
well as from NY, London, Brussels and other world financial capitals. 
 
Undoubtedly, NRS have done quite a good job in clarifying and 
illuminating the background of the Citibank Affair.  For whatever 
reasons, the English-language media have not covered the background 
of Russian participants that well.  However, an expert in 
electronic banking and commerce on Internet might find utterly 
fascinating the very minute details of this complex crime scheme that 
involved many people and spread across several continents. 
 
The story at NRS starts at the end of August, 1994 in Tel-Aviv.  A 
certain Alexei Lachmanov, a Georgian national and a holder of a false 
Greek passport to the name of Alexios Palmidis, had been arrested by 
Israeli police when he tried to withdraw nearly US$1M.  The funds in 
question were electronically transferred to five Israeli banks from 
Invest-capital, an Argentinean subsidiary of the Citibank.  The 
Israelis had been tipped by the Citibank through the FBI with the 
information that all the money transfers had been done with the 
illegal use of Invest-capital's own secret codes. 
 
The subsequent multinational investigation has shown that it was a 
leading St. Petersburg's, Russia computer expert Vladimir Levin who 
was able to conduct numerous electronic transfers from several 
Citibank's subsidiaries in Argentina and Indonesia to various 
financial institutions in San Francisco, Tel-Aviv, Amsterdam, Germany 
and Finland.  According to NRS's speculations, Mr. Levin's succeeded 
so well because, in addition to Citibank's own electronic cash-
management hub in NY, he was also able to crack down the electronic 
defense of several SWIFT's branch offices in the third-world 
countries.  SWIFT, a secretive Belgium-based electronic 
telecommunication consortia of World-leading banks, is primarily 
involved in mutual settlement payments amongst its members. 
 
On the other hand, in the interview with an NRS correspondent V. 
Kaminsky, Citibank's spokesman rejected the newspaper's version of 
SWIFT's penetration.  Instead he claimed that Citibank knew all along 
about Mr. Levin's infiltration, playing with him a sophisticated 
multistep deception game.  Of course, the Citibank's face-saving 
version of events sounds not that convincing, taking into account a 
large number of uncontrollable players, a sizable amount of real cash 
involved, multicontinental reach of the overall crime scheme and the 
fact that the bank was ultimately unable to recover a substantial 
chunk of its own money. 
 
Not your ordinary self-taught hacker, Mr. Levin, 31, an aloof man and 
a graduate of a prestigious Department of Applied Mathematics, was 
considered somewhat of a computer genius in the St. Petersburg's 
University circles.  The scheme started when Mr. Levin's 
acquaintance, a Russian-American wholesale trader, asked him to 
develop programming support for his international trading business. 
 
According to Mr. Levin's university friends, the idea of breaking 
into secure bank networks has been born somewhat spontaneously during 
a purely technical discussion on the advantages and disadvantages of 
different bank networking programs.  The debaters were members of a 
St. Petersburg's group of elite computer experts that could best be 
described as a local response to the Internet's own Cypherpunk 
community.  I found it fascinating and somewhat ironic that the 
infiltration plot had actually started as a low-key bet that the 
Russian famous resourcefulness would triumph where the famed Yankee 
ingenuity has already proven to be unsuccessful! 
 
In the overall crime scheme, Levin was supported by as many as 30 
collaborators, at least some of them computer experts.  Several of 
his partners-in-crime, arrested in the U.S., Russia, Israel and the 
Netherlands, were primarily involved in cash retrieval and 
laundering, ultimately the most vulnerable part in any grand scheme 
of electronic theft.  It is hardly a secret that most professional 
bankers are routinely trained to contest, or at least report to 
authorities, any suspicious withdrawal of large sums of cash.  Some 
of the U.S. arrests have been successfully kept in secret for many 
months, for the fear of alerting the criminals back in Russia.  Mr. 
Levin himself was arrested in September 1995 in a UK airport, en-
route through that country. 
 
Apparently, in the best tradition of this fledging industry, Citibank 
have already used the lessons obtained from Mr. Levin's penetration 
to beef up the security of its own electronic payment system.
COPYRIGHT
=========

The Journal Of Internet Banking And Commerce is Copyright (C) 1996
by ARRAY Development, Ottawa, Canada.  All Rights Reserved.

Copying is permitted for noncommercial, educational use by academic 
computer centers, individual scholars, and libraries.  This message 
must appear on all copied material.  All commercial use requires 
permission.



__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....