Episode Show Notes



JACK: For over two hundred years bank robberies have stayed relatively the same. You’d have to go into the bank itself, demand the cash, often with violence, grab what you can and get out of there. But as banks started coming online and being digitally connected to each other, a whole new way to rob a bank started happening. This is the story of the first online bank robbery.

JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

JACK: In the early days of the internet there were a few different competing internets. There was ARPANET, Telenet, Tymnet, and some others. Each one of these networks spoke a completely different protocol. People, machines, and computers on Telenet could not talk to people, machines, and computers on the internet. They both kind of had their own ecosystem. There might be a few computers that could connect to both networks at once but those bridges and connections were rare. One of these early competing networks was Telenet. This is different than Telnet. Telenet was a full-blown network kind of like its own internet and it used a completely different protocol than the internet.

It used what’s known as the X.25 protocol to communicate between two systems. The internet at first was only available to governments to connect to but Telenet was the first public available network so it began picking up in popularity. By 1980 Telenet was available in seven major cities and US phone companies had set up over 1,000 network switches to route packets around the US. Another reason why this X.25 protocol became popular was because it was free to connect to this network. All you needed was a modem and a phone line. You didn’t have to pay any ISP fees; just dial into one of the switches and away you go. From there you can get to any system that’s also on the Telenet network. Large companies started connecting to this network to be able to communicate between branches.

Companies such as Apple, Dun & Bradstreet, Westinghouse, Boeing, and Sprint were all connected to this network. In fact Sprint saw big future in Telenet and actually acquired it themselves, renaming the whole network from Telenet to Sprintnet and Sprintnet continued to grow in popularity, connecting a dozen more states by the 1990s. Getting around on Sprintnet was not as easy as just Googling and finding what you’re looking for. It was mostly bulletin boards. You would read about a certain bulletin board in a magazine or from a friend, dial into Sprintnet, set your parameters on your modem, and type in some numbers and commands, get the command prompt in. If you’re lucky you’d get to the bulletin board which is kind of like an online forum but was a simple and crude way to exchange information across the country.

Sprintnet was not user-friendly. It took a lot of practice and patience to not only connect to it but then also find anything remotely interesting once there. The internet today has billions of users and millions of websites but Sprintnet in the 90s only had a few thousand servers connected to it. It was kind of a ghost yard unless you had something specific you needed to do. Going around in that time was an online magazine called Phrack. By 1993 there were already 41 issues released and each issue outlined numerous new hacking techniques and helpful information for hackers. Phrack is the longest-running online hacker magazine and still is kind of releasing issues today. In March of 1993, issue 42 of Phrack was released and in this issue there was a massive listing of all known Sprintnet numbers.

There were details on how to connect to all of them and what each system might be. It broke down into sections of states or companies connected to Sprintnet such as numbers to dial into Apple, Westinghouse, and a bunch of numbers to connect into Citibank. Citibank is a major bank in the US and headquartered in [00:05:00] New York City. This issue of Phrack told you the online location of 363 different Citibank computers. Citibank used Sprintnet to communicate between their major offices and other banks that were connected to it. The Citibank offices were in Singapore, Manila, Tokyo, New York, Milan, Paris, and they were all connected over Sprintnet. These systems were UNIX Systems, VAX computers, deck servers, mail servers, and more. Phrack had just unveiled the addresses of all these systems at Citibank.

It kind of looked like a phone book or a directory listing. It was the area code and then a one-to-four digit number which was the network address. This was just a map of what was out there and it didn’t actually tell you how to hack into any of it. A couple of hackers in St. Petersburg, Russia took notice of all these Citibank systems and began dialing into them. Their goal was simply to find if any of the Citibank computers were connected to the internet so they could go through Citibank to get onto the internet. Because at that time, it cost to connect to the internet but it was free to connect to Sprintnet so the hackers just wanted to find a free way to get on the internet. The two hackers spent a lot of time scouring the Citibank’s network, connecting to one number after another, learning what’s there and seeing what you can do once you get there.

For over a year they kind of poked at it but didn’t really find anything interesting. Most connections simply wouldn’t let you do anything at all or were password protected. But these two Russian hackers kept at it, connecting to these nodes over and over trying to see if there’s anything new there. One day one of the systems that normally asked them for a password was wide open. [MUSIC] Someone had used that computer and forgot to log out. On these old systems you could sort of ride in on other people’s logins. The hacker quickly tried to see if their access would allow them to see the password. Sure enough, it did. Sitting there in the config file was the username and password in clear text. It wasn’t great security in 1994 so this was something you’d see sometimes. But once the hacker got one known password they were able to get more passwords.

They scanned all 363 Citibank nodes to see which ones they could log in with with these new passwords. Before long these two hackers had gained access to numerous Citibank devices and from there they were able to map out a large portion of the Citibank network and eventually the hacker found a device in Chile that was connected to the internet. They were now able to dial into that system and get to the internet for free without having to pay for America Online or CompuServe or whatever it was at the time. This satisfied one of these Russian hackers but the other dug deeper. His name was Buckazoid. Buckazoid was fascinated with all the access they gained to Citibank’s network and couldn’t let it go. He would connect to some and watch what people did on there and try to take a guess at what each of the computers was for.

He eventually found his way onto a computer that looked like it was used to transfer money. Operators of this machine would log in, type in the bank, the bank account number, the amount to transfer, and away the money would go. This was amazing. Buckazoid had discovered the exact place and commands and logins needed to transfer money from one bank to another, but he also noticed this computer logged everything, every command, every connection, and every transfer that was done. He believed these logs would probably have been printed out every day and put on a shelf for long-term reference. At that time Citibank was processing half a trillion dollars a day through these systems. Even though there was a lot of logs, a rogue transfer might go undetected. Buckazoid and his hacker friend did not take that chance. Instead he told another computer guy in St. Petersburg named Vladimir Levin what he found.

Vladimir was very interested in what Buckazoid found and gave him a hundred dollars for all the information; how to connect, usernames and passwords, which systems to connect to, and how to do the bank transfer. This kind of freaked out Buckazoid and his hacker friend so they disappeared from the Citibank network, thinking it was too risky to hang out there now that Vladimir knew their secret. The story of Buckazoid and his hacker friend in St. Petersburg may not be true. These hackers have never been found and the hackers like this don’t like telling their stories but there was one Russian blog post about this. That’s all I’m going by but this story makes a lot of sense to me because it matches a lot of other details that were going on at the time.

Like, I confirmed the Citibank codes were actually published in the Phrack magazine at that time and a few other things. But what we do know for sure is that by that summer of 1994, Vladimir Levin in St. Petersburg, Russia had everything he needed to make a rogue money transfer out of Citibank. Vladimir was thirty years old, living in St. Petersburg, Russia and he was really into computers. PCs were just becoming a thing at this time and Vladimir would put computers together for people and deal with computer parts. He also had a day job where he’d work for a software company. But he had a bit of a dark side to him. Perhaps it was because of growing up and seeing the lawless side of Russia.

Whatever it was, he wasn’t afraid of hanging out with some rough guys or stealing some stuff. Vladimir checked his access to the [00:10:00] Citibank computer. He went to work where the good computers are. He dialed into Sprintnet. He logged into the Citibank cash management system and confirmed he could type commands in it. [BEEPING] All he would need to do is type a few keystrokes, hit Enter, and the money would be transferred to wherever he wanted. He knew this was a big deal and didn’t want to transfer the money to himself right there in St. Petersburg. He met up with a friend who agreed to go to Finland and they’d send the money there. The friend arrived in Finland and stood by waiting for Vladimir. [TYPING, DIALING] Vladimir went to work and fired up his computer, dialed into Sprintnet, logged into the Citibank computer, and typed in the commands to transfer some money to Finland and hit Enter.

[POWER SURGE] The computer accepted the commands and the transfer was complete. Vladimir called his friend in Finland and told him to withdraw the money. The friend went to the bank and sure enough, there was a brand-new $400,000 in his account. He withdrew all $400,000 and got out of the country. [MUSIC] The excitement of stealing this much money gave Vladimir wild dreams. This was easy. This was way too easy. He wanted to do it again and again and started thinking of ways to conduct the next one. But on the other side of the globe in New York City, this transaction raised alarms. The Citibank IT staff noticed this but they were too slow to react to stop the transfer. The VAX computer that their cash management system was on logged every transaction and this one triggered an alert. This was a lot of money so Citibank quickly called the FBI. [PHONE RINGING] I called the FBI too.

STEVE: Hello.

JACK: So we can get the inside scoop to this story.

STEVE: I’m Steve Garfinkel. I’m a retired FBI agent. I spent twenty-one years in the FBI and I was a case agent on the Vladimir Levin case.

JACK: I was able to talk to Steve as he was driving back home from a summer trip. He had a long drive on his hands.

STEVE: Five hours altogether, yep.

JACK: He was willing to talk to me on this car ride. We talked about podcasts we listen to.

STEVE: You should listen to that. It’s really a good story.

JACK: And computer problems.

STEVE: My freaking Mac Book totally crashed.

JACK: But of course, I was fascinated with the Vladimir Levin case.

STEVE: Yeah, so the case started in summer of 1994 and I was working in the FBI New York office and contacted by the victim bank here which was Citibank. [MUSIC] When I started this the FBI definitely did not have a cyber-division. There were no computer squads so I was not a computer expert by any means. For me, it was a lot of on-the-job training. My role was not so much to figure out the bits and the bytes as to what happened but to – what every FBI agent does which is you gather evidence that’s going to be used in a prosecution.

JACK: The technical parts to this were all handled by Citibank. They had an IT department with a great system in place for detecting fraudulent transactions and they would give this information to Steve at the FBI.

STEVE: They were basically monitoring this system and they knew when a bad transfer was happening.

JACK: Citibank’s ears were perked up, waiting for the next alert. They knew exactly how to detect a bad transfer and now they were ready to call the FBI the moment they detected it.

STEVE: So what we started doing at that point was trying to identify who the bad bennies are. The bad guys are gonna want to take the money out.

JACK: A bad benny or beneficiary is the receiving bank that the money is fraudulently sent to. The FBI was poised and ready for this to happen again. Back in St. Petersburg Vladimir had a friend who was a neurosurgeon but this guy found out he could make more money as a computer-distributor than a brain surgeon so he switched to doing that instead. Vladimir knew this neurosurgeon computer-distributor and told him about the money transfer that he knew how to do. The neurosurgeon was connected to some shady guys and knew just who could help. He introduced Vladimir to a few guys from the Tambov gang.

This is a gang out of Tambov Russia who are ex-wrestlers and they turned into regular street thugs. [MUSIC] The gang was rough. Picture your average mafia-style gang. They’d go into businesses and threaten the owner with violence unless they’d pay the gang a commission. In exchange the gang would watch over the businesses to make sure nobody else would rob the place. This was known as a protection racket and the gang was making a name for itself clashing with other gangs, taking over new territories, and leaving a trail of blood wherever it would go. Vladimir met up with this Tambov gang asking for help to go around the world and collect money from these bank transfers. The Tambov gang agreed to this plan and would finance the people to fly to foreign countries, set up bank accounts there, and collect the money and fly back.

The plan [00:15:00] was in place and the next chapter was about to begin. The Tambov gang sent someone to Argentina who opened a bank account there and gave Vladimir the bank account number. Vladimir went to work, turned on his computer, connected to Sprintnet, logged into the Citibank computer and typed in the commands to make the transfer. [POWER SURGE] The money was deposited in the bank account in Argentina. But Citibank caught this transaction immediately.

STEVE: The bank was monitoring their systems. We knew that there was a bad transfer going to this bank.

JACK: The FBI was able to notify the bank in time to freeze the account. When that member of the Tambov gang went to withdraw the funds, the account was frozen and he couldn’t get it out so he quickly left the bank. It all happened too fast for the Argentina police to catch them. This mission was a failure for Vladimir and a success for Citibank but this wouldn’t slow him down at all. Vladimir quickly set up another attempt with the Tambov gang, this time in Israel. Vladimir went to work. [BEEPING, POWER SURGE] He transferred a large amount of money to this accomplice in Israel. Citibank detected this bad transfer right away and notified the FBI.

STEVE: The Israeli cops arrested a guy by the name of Aleksey Loshmanov.

JACK: Another failed transfer for Vladimir. Vladimir wasn’t sure how these banks were detecting this. He thought he just caught a couple bad breaks. Vladimir worked with the gang to coordinate another attempt. This time a guy named Yevgeny Korolkov would travel with his wife to San Francisco and open up numerous bank accounts there. The plan was to do multiple bank transfers to see if any of them would go through. Yevgeny set up five bank accounts in San Francisco and was ready for the transfers. But for some reason he wasn’t able to wait around. He left the country and went back to Russia, but he left his young wife Katarina behind to withdraw the money. Vladimir got the bank account numbers and went to work. [BEEPING, POWER TRANSFER] The transfer was complete and they notified Katarina. She went to the bank to withdraw the money.

STEVE: At that point the bank was monitoring their systems. We knew that there was a bad transfer going to this – one of the, I think it was Sumitomo Bank in San Francisco. She came in to make a withdrawal and they said oh, something’s not right here. You’ll have to come back tomorrow to pick up the money, to make the withdrawal. When she came back the following day FBI San Francisco office was waiting for her and arrested her.

JACK: When the FBI agents searched her apartment in San Francisco her bags were already packed and there was a one-way plane ticket to Russia. But instead of going back to Russia she took a one-way trip to New York City where she would sit in a jail and await her trial.

STEVE: She was gonna go to trial. Just before trial she agreed to cooperate. She calls her husband in Russia.

JACK: She apparently was really mad at her husband for leaving her behind and getting her in jail. She demanded he come back to help get her out. One FBI agent said that she practically read him The Riot Act over the phone.

STEVE: We convinced her husband to, over the phone, to cooperate with us.

JACK: This was a stroke of luck for the FBI. The guy who got arrested in Israel got a nice private lawyer but Katarina had a public defendant so her husband got real mad about this and wanted to come out and help her. Once Yevgeny agreed to cooperate the FBI was able to convince him to call Vladimir Levin on the phone.

STEVE: We convince him. This is all over the phone, New York to Russia to call Levin while we’re listening to the call. It’s a three-way call. Levin doesn’t know this. So Korolkov and Levin speak. We basically get Levin admitting to the whole scheme.

JACK: Now the FBI has their proof of who was behind this case with a name and location. This would be enough evidence to begin going after Vladimir.

STEVE: But we get an arrest warrant for Levin but we had no extradition agreement with the Russians. The Russians aren’t going to arrest Levin.

JACK: Yevgeny Korolkov flies from Russia to New York to come help his wife and to turn himself in. Steve and the FBI team were waiting for him at the airport. As soon as he de-boards the plane the FBI move in to arrest him but he has something that totally surprises the FBI. He brought his six year old daughter.

STEVE: He shows up at the airport with the girl. I’m like what the – nobody said anything about them having a daughter.

JACK: The FBI is totally flabbergasted on what to do about this girl.

STEVE: We can’t have them both in jail with their daughter here. That wasn’t gonna work.

JACK: To top that off the immigration officers refusing to allow Korolkov and his daughter into the country.

STEVE: [00:20:00] He doesn’t have a VISA. The whole thing was a mess. Immigration wasn’t gonna let him into the country and I’m standing there at Immigration. They couldn’t care less, me being an FBI agent and this is a witness. Then I look at the guy’s nametag, the Immigration guy. It’s a guy I went to summer camp with when I was a kid. He’s like oh, Steve, yeah, no problem. He’s like yeah, he can come in the country. Yeah [audible].

JACK: So Yevgeny and Katarina both get locked up in jail. Steve took the six year old daughter around with him until he could figure out what to do with her.

STEVE: We weren’t in the office really. She was in the office I think for a short amount of time. But we were just kind of driving. Then at some point the kid got carsick and she puked in the back of my Crown Vic. That’s another couple hours to talk about.

JACK: Eventually Steve got the mother out on bail and got some informant funds to help them out. The mother couldn’t leave the country because she was needed to cooperate with the case but because of this kid Steve helped them out and…

STEVE: Get them an apartment. Not only that, I get her an apartment, plus I got her registered in school and a vaccine. They won’t register the kid without their vaccine. I should have got an award for being a social worker that day. It was crazy.

JACK: At this point Vladimir strikes again, this time transferring 1.5 million dollars to a bank in Rotterdam in the Netherlands. Quickly, Citibank called the FBI.

STEVE: The first thing they did is call the bank and said hey, you got a million and a half dollars going there. It’s a bad transfer. They, at the same time, were calling the cops and getting everyone on board. The Dutch police arrested a Anatoly Lysenkov, the guy who was arrested in Holland picking up money. He thought he was gonna pick up one and a half million dollars in a bank in Holland. He got to the bank and the Dutch cops were waiting for him. They locked him up. I traveled to Holland. I interviewed him while I was there and he denied everything, made up some stories, he was picking up the money for somebody. He didn’t know it was stolen funds. Anyway, we end up – he waives the extradition, came to the US. Then when we went to interview him in the US he said well, first of all my name is not Anatoly Lysenkov. My name is Vladimir Voronin. Then he tells us the whole story.

JACK: Back in St. Petersburg, Vladimir Levin continued to attempt to do money transfers. [POWER SURGES] In the course of the next six months he conducted dozens of transfer attempts totalling over ten million dollars. All attempts were foiled by Citibank and the FBI. The FBI was getting closer to finding Vladimir but because he was in Russia the police there wouldn’t cooperate entirely with the FBI to arrest him. But the FBI did tell the Russian police they’re looking for him.

STEVE: Turns out when we did that phone call between Korolkov and Levin and we were listening in, the Russian cops were listening in too.

JACK: The Russian police were tracking the Tambov gang which led them to Vladimir so they were listening in on the call looking for information on what the next crime might be committed in Russia.

STEVE: [MUSIC] They tipped us off when Levin was leaving the country. Levin was flying from St. Petersburg to Holland. I’m not sure if it was where in Holland, Amsterdam, or Rotterdam probably. But he had to change planes in London. He was flying through Stansted Airport.

JACK: When Steve and the FBI got this tip they immediately called the UK police who were able to quickly go to the airport and find Vladimir waiting in the lounge and arrested him. Vladimir was held in UK police custody and put in jail but Vladimir was denying the involvement in the whole thing, saying he had nothing to do with the hacking and claiming complete innocence. This made the FBI wonder a little if they had the right guy. The only evidence they had was a phone call between Korolkov and Vladimir where Vladimir was admitting to it.

STEVE: The Russian cops arrested a bunch of people who were part of this Tambov gang and they seized a bunch of computers from Levin that were from that business. [MUSIC] I went to Russia and we did a search of those computers. I went over there with a guy who was an FBI agent who was a forensic examiner. We basically found the smoking gun stuff on that computer. We know that was the computer they were using to hack into the bank. Then when we found that smoking gun [00:25:00] stuff on the computer, it was in the police headquarters in St. Petersburg and it was about 11:00 in the morning and that precipitated a big celebration.

[MUSIC] I have to say at the end of that day, I don’t think before that day or after that day, I have never drank so much vodka. It was a huge celebration. We were drinking vodka, eating pickles. It was actually a very crazy day. We ended up going to a party somewhere that night. It was really – nobody answered the bell the following morning, put it that way.

JACK: Now the FBI have felt confident they completely busted this crew up. They arrested the main hacker involved, seized the computers that were used to do this with, and arrested four members of this gang. Vladimir Levin was still being held in a jail in the UK.

STEVE: At some point I actually – we went to England. I went to London. We had an extradition hearing.

JACK: After being held for thirty months in UK jails, Vladimir Levin was extradited to the US. During his trial in the US, after he saw the amount of evidence they had against him, he pled guilty and explained and admitted to everything. Vladimir Levin attempted forty fraudulent money transfers totalling ten million dollars. He was able to successfully steal $400,000 and that was before the FBI got involved. Neither Citibank or the FBI could recover that $400,000. It’s believed that money was used to purchase guns and weapons. Vladimir was sentenced to three years in prison but the thirty months that he was being held in UK jails counted towards this, so he only had to serve less than a year in US prison. He was also sentenced to pay back $240,000 in restitution.

STEVE: I have no idea what happened to him. I even heard at one point that he went to – he was in Eastern Europe, not in Russia. He was in Prague and I had heard he had been killed. I don’t know if any of that’s true. I’d be kind of curious as to whatever really happened to him.

JACK: [MUSIC] I wasn’t able to track down what he’s up to, either. He probably changed his name after this because Vladimir Levin went down in the history books as one of the most notorious hackers of all time. That’s because he was the first-known online bank robber. Vladimir didn’t use a gun or a mask or even a note. He did the whole thing from across the world. In 1994 this was a really big deal and being the first in something like this will often make you famous. Since this incident, the world changed. More crimes started being conducted online.

STEVE: [MUSIC] About a year, year and a half later, the FBI formed its first computer crime squad. There was one in San Francisco, there was one in DC, and we formed one in New York. I ended up on that squad. Every crime now digital forensics are involved. Even if you talk to any homicide investigator, those homicides now are key evidence found in a digital form. That’s really I think a huge change in law enforcement. You look at any kind of crime out there, any kind, and it involved digital forensics.

JACK: It’s amazing to witness firsthand the digital transformation our world went through in the last thirty years. We were here for it. Generations from now we’ll look back on the 1980s and think it was so primitive and crude. Computers and the internet have changed every one of our lives in almost every way. How we meet friends, how we order food, and how we go to school. How we solve crimes, and even how some people rob banks.

JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. Please consider donating to help support this show by visiting darknetdiaries.com/donate. It really helps a lot. This show is made by me, the Karate Skid, Jack Rhysider and the theme music is made by the masked Breakmaster Cylinder.



Transcription performed by LeahTranscribes