As the chief teller at the Park Avenue branch of the now-defunct Union Dime Savings Bank, Roswell Steffen embezzled over $1.5 million over a three-year period in the early 1970s — roughly the equivalent of $10 million in 2022. Bank employees dipping into the till is a crime as old as the industry itself, but what made Steffen’s story so novel and newsworthy was his reported use of computers to brazenly steal. It’s gone down in history as one of the first cybercrimes — if not the first.
The maddeningly vague documentation of how exactly Steffen carried out his slow simmer heist is a product of its time: A still-nascent computer age where technical language was still up for debate amongst industry professionals, and the general public was only just beginning to grasp simplified examples of what computational power could achieve.
Crime at the dawn of the computer age
World War II had functioned as something of a global coming-out party for the computer, and over the ensuing decades the general collective understanding of their role in the world began to take form. By 1973, the former notions of frighteningly powerful and possibly evil Hal 9000-esque black boxes had mellowed into a disinterested acceptance of computers as something more like room-sized knowledge repositories, fed by inscrutable tapes and cards, and spewing out rolls of paper, always humming away in the backstage of civilization, affecting everyone, for better or worse, in ways far beyond their comprehension. With more pressing matters always at hand, an individual’s lack of understanding about the operational mechanics of a computer rarely justified further digging.
So when the news said some bank employee was using these machines to steal money, the squishy and indistinct coverage of the bust painted a crude image of Steffen daisy-chaining together a series of debits from accounts he had access to. Using a computer to conceal his pilfering from both customers and management by “shuffling” the numbers around so everyone’s balance always appeared in order made sense to the layperson.
Credit: New York Police Department
As the first reported instance of a computerized heist, Steffen’s case made for a salacious news item then, and for quite a while after. But while digging into what on the surface appeared to be a forgotten bit of tech history, it became increasingly apparent to me that the full story of Steffen’s crime may have never actually been told. Though the Manhattan DA, national press, and his former employer may have painted him as an elite hacker when he was busted, Steffen appears to have been closer to a non-genius, non-hacker. A good fictional comparison might be a more mediocre Walter White, rather than the proto-Mr. Robot I originally conjured in my mind when I started my reporting.
With Steffen and the vast majority of people directly connected to this case deceased or unhelpful (Living family members of the late Roswell Steffen, and, for that matter Rosnell Steffen, with publicly available phone numbers, were unreachable or unresponsive), the objective truth about what transpired may never come to light. But one thing is indisputable: The story of this middle-aged bank-employee-turned-reluctant-thief is just as tragic, captivating, and worthy of a revisit as that of the best prestige drama protagonists.
A possible cyber-myth
“I don’t think he ever actually touched a computer,” claimed Ronald Goldstock, a former assistant district attorney for New York County when I reached out to him about this old case that I couldn’t stop dredging for details. Goldstock was later the chief of the New York County District Attorney’s office’s “Rackets Bureau,” and was part of the team that nabbed Steffen. This astonishing recollection, offered at the beginning of our phone call, would be the first of many from Goldstock that reframed major elements of the entire story.
As that conversation with Goldstock and subsequent archival spelunking would make clear to me, Steffen’s cybercrime story was so legendary in its day that it began to shake off the tethers belaying it to reality as it passed from party to party, which helped it ascended to the mythical status it now enjoys.
“I don’t think he ever actually touched a computer.”
Somehow, the guy who stole $1.5 million only served two months of his three year sentence¹, a slap on the wrist unsuited to a master criminal. But by the time he was released, Steffen had seemingly leaned into the hacker persona garnering so many headlines. We’ll never know if self-preservation, opportunism, or some other motivational factor transformed this unlucky and purportedly computer-illiterate family man into the calculating savant he was now presenting himself as.
He wrote about (or signed off on a ghost writer’s version of) how he pulled off his low-key larceny in the June 1974 edition of Bank Systems and Equipment Magazine. The essay, titled “How I Embezzled $1.5 Million… and Nearly Got Away With It” kicked off his second act as an ex-criminal now consulting for the good guys. The essay also contradicts both earlier reporting and Goldstock’s recollection of events. In the essay, Steffen claims he would “go through the tapes” of the computer to find large deposits. “Then I would use the system’s override and make a correction for about half of the account’s balance — $50,000 for example — and use that money for gambling,” he wrote. This became the core of Steffen’s legend.
Today, if you Google Steffen’s name, you’ll see a (possibly erroneous) quote from him featured in a lot of 80s accounting courses as an essay prompt. “Discuss the following statement by Roswell Steffen, a convicted embezzler: ‘For every foolproof system, there is a method for beating it.’” Whether a hacking genius or just a regular guy who got himself into a felonious jam and then served a generously reduced sentence, it’s clear that Roswell Steffen had a knack for beating systems.
The term “cybercrime” hadn’t yet been invented in Steffen’s heyday. Electronic crime — or at least electronic mischief — existed by then, with John Draper, aka “Cap’n Crunch” having pioneered the dark art of phone phreaking two years before Steffen came along. But computer-related crime was certainly an exciting new concept, and in the years following Steffen’s conviction, he would often be cited in the press as a poster child for the burgeoning underworld of “DP crime” (“Data processing” or “DP” was the precursor to “IT” as a term for computer-based jobs). At the time of his arrest, however, it appears the media and law enforcement were just as lost as the average person when it came to tech jargon.
So during a press conference announcing the charges, District Attorney Frank S. Hogan chose the word “shuffle” to describe Steffen’s manipulation of customer account data to mask his visits to the vault and alleged these edits had been done at a computer terminal. The subsequent report from the New York Times painted the following rather unclear picture for readers: “Mr. Steffen allegedly stole the money during the last three years and was never discovered because, bank officials asserted, he utilized the cleverest and most invisible device available to conceal his thefts—the computer.”
Today, most of us are likely to know far more about how computers work than any of the people writing or reading about Steffen in 1973.
That includes Goldstock, whose recollection is further informed by decades of watching computers take over practically everything. “Younger kids were coming in with skills he didn’t have,” sighed Goldstock. “He knew he wasn’t going to be promoted any more and he wasn’t making enough money.” This is, Goldstock explained, what ultimately resulted in Steffen using a far-less sophisticated methodology to “borrow” money for a sequence of ill-fated “Hail Mary” gambles he hoped would leave him with his head above water.
Steffen’s previously unreported methodology was, according to Goldstock, to take the passport-sized paper banking books of customers with large (and preferably rarely-accessed “dormant”) accounts coming in to make a deposit. After typing out their transaction into an electric-typewriter-like machine, the adjusted balance would then be stamped into their booklet. Think of a time card. After concluding the transaction with the customer, according to Goldstock, Steffen would go to the enormous unspooled rolls of receipt-like paper keeping track of the day’s transactions, physically “rip it on the top and rip it on the bottom and then paste it together so that that thousand dollar deposit just doesn’t appear.” From there, Steffen would simply pocket $1,000 the next time he visited the vault, secure in the knowledge that the numbers would add up to anyone who did a cursory audit. And if a customer should ever complain about a spotted discrepancy or missing funds he’d failed to account for, Steffen would simply explain it away as a data entry error and amend the balance in their book right away, using the very same “rip and paste” move on another account to cover his tracks.
If you’re thinking that, even in 1973, a bank employee shouldn’t have been able to get away with such a crude scheme, you’re on the right track. The Union Dime’s security protocols, as Goldstock recalls, mandated that entry into the vault was a two-person job. Steffen had the key, and someone else was meant to dial in the combination. In theory, this extra pair of eyes should have prevented his embezzlement. But in Goldstock’s memory of the bank’s real-life protocols, the presumably harried, or perhaps lazy, coworker meant to have exclusive access to the combination was sharing it with Steffen, thus giving him unilateral vault control in day-to-day operations.
If I were in charge of a bank with such lax internal security, I might be tempted to put my customers and shareholders’ minds at ease by blaming something no one actually understood, like, say, a computer.
These thefts might have gone unnoticed even longer had Goldstock’s aforementioned “undercover bookmaking operation” not taken notice of one incredibly unlucky high roller with a seemingly inexhaustible supply of cash.
A master thief, or just a problem gambler?
See, Steffen didn’t just gamble for fun; he had a gambling problem, according to Goldstock. His daily vault thefts — upwards of $30,000 a day toward the end — were going directly toward racetrack and basketball game bets he hoped would mitigate the known-only-to-him debt he’d amassed at the bank. And so, Goldstock’s version of Roswell Steffen fell into the death spiral of so many gamblers before him. As the debt grew, he made higher-risk, higher-reward bets because he perceived those as his only chance at salvation.
“He was just unlucky. There’s no other explanation,” Goldstock said, sympathizing. “You should lose about 5 percent. That’s the bookmaker’s edge. This guy lost 80 percent. We couldn’t figure out how this guy could be so bad at what he did.”
As Goldstock remembers the details divulged to him post-bust, Steffen had apparently been a law-abiding citizen and model employee without any sort of gambling habit for the majority of his life. Then a chest X-ray revealed a worrisome dark spot in his lungs. Afraid to return to the doctor for another scan that might confirm the worst-case scenario, but with his mortality and family’s future financial security now firmly in the forefront of his mind, the chief teller who made only $11,000 a year, and recognized he wasn’t going to be promoted any higher at his job, set out to build a nest egg for his wife and two teenage girls.
His initial supplementary income-earning effort was more wholesome: driving a cab at night. But as this was New York at the end of the ‘60s, he kept getting mugged. With little to show for all his second job’s work and the threat of metastasization looming, he shifted to a gambling strategy. Only when his own money was gone did he start to “borrow” from work, figuring he’d eventually pay it all back with no one the wiser. It makes complete sense that, according to Goldstock, Steffen seemed almost relieved once he was finally nabbed.
Goldstock posits a possible cause for the discrepancy between his detailed and illuminating explanation of Steffen’s “utterly simplistic” process and the detail-sparse contemporary reporting hiding behind the assumed inscrutability of computers. The DA might have misunderstood Steffen’s explanation of “shuffling” the receipts of what was merely an electronic adding machine, believing it to be something much more complicated than it was.
Again, that’s Goldstock’s secondhand account. But it fills in plenty of the gaps in what passes for history that are currently being patched over with ambiguity and sensationalism.
The evolution of a legendary crime
Reporting of Steffen’s crime evolved over time. Initially, the audacity of his means and the astronomical sum stolen was the focus¹. Then the focus shifted to the looming threat of more cybercriminals to follow². Within two weeks, bank officials were claiming he “never had direct access to the computer room and that the scheme was never caught by the bank’s computer system or… manual checks.” By December, the bank’s story had flipped back to his “unauthorized access” to a teller’s computer terminal.
One reporter for a New Jersey paper³, seeming to recognize that there was a great deal of interest in Steffen, went around the 900 unit complex where the Steffen family rented an apartment for $250-a-month (about $1,670 today) hoping to get a scoop from a neighbor. Failing to pull at the thread exposed by Steffen’s humble abode and comments from other residents about the “ordinary” and “quiet” family that drove a car “neither flashy nor luxurious enough” to cause a neighbor to take notice, the reporter instead printed quotes from six people saying they knew nothing or did not want to be interviewed.
And in 1975, when the full scope of the organized crime sting operation that busted a $200 million betting operation run by “key lieutenants of Anthony (Fat Tony) Solerno, gambling kingpin of Frank (Funzi) Tieri’s Mafia mob” was reported, Steffen’s mugshot was plastered right next to that of NY Giants’ Dr. Anthony Pisani, who’d also been caught up in the sting. These were people from entirely separate worlds.
Roswell Steffen’s pioneering, high-tech crime, and its place in history are clearly worth greater scrutiny. What’s more, Steffen’s legend is jarringly disparate from the bleak and sympathetic tale that Goldstock tells today.
This is a story rooted in dishonesty, filtered through a telephone game of what looks to have been ill-informed journalism, and historicization based on half-truths. The real story of Roswell Steffen is buried in a pile of 49-year-old discarded receipt paper, and needless to say we don’t have a prayer of accessing it anymore. But today, in an era defined by a blurring of the truth by electronic means, how fitting is it that what went down in history as the first cybercrime may have actually been an early example of that other 21st century plague: Big, fat, viral lies?
¹Fort Worth Star-Telegram, Apr. 25, 1975. Page 5
²Central New Jersey Home News, Mar. 23, 1973. Page 1
³Chicago Tribune, Mar. 29, 1973. Page 50
⁴Central New Jersey Home News, Mar. 23, 1973. Page 2