On any routine business day, Citigroup moves a trillion dollars or more around the world. Little wonder, then, that information technology security executives at the world's biggest financial services giant were stunned one day in 1994 when they learned that a hacker had broken into their systems' innards and was moving around millions of dollars. As Colin Crook, former chief technology officer of Citigroup, recalls, "It was a profoundly traumatic experience.". . .

On any routine business day, Citigroup moves a trillion dollars or more around the world. Little wonder, then, that information technology security executives at the world's biggest financial services giant were stunned one day in 1994 when they learned that a hacker had broken into their systems' innards and was moving around millions of dollars. As Colin Crook, former chief technology officer of Citigroup, recalls, "It was a profoundly traumatic experience."

Crook, now a senior fellow at Wharton's SEI Center for Advanced Studies in Management, says that fortunately for Citigroup, the culprit--Vladimir Levin from St. Petersburg in Russia--was soon caught. He had stolen customer passwords to transfer $10 million into his accounts, and Scotland Yard and the FBI tracked him down and arrested him. By the time a U.S. judge sentenced Levin in 1998, Citibank had recovered more than $9.5 million of the missing money.

Following this experience, the financial services company--which expects more than $112 billion in annual revenue this year--installed procedures aimed not just at patching security gaps but also at recognizing signals that someone may be trying to hack into the computer system. The act of breach is not a unique event; it has precursors. "You must be able to recognize the fingerprints among the noise," Crook says.

The link for this article located at CNET is no longer available.