Since the shutdown of Megaupload, stories have eased out about the life and exploits of the company’s larger-than-life founder, the self-styled ‘Dr. Evil’ of file sharing, Kim Dotcom.
The man once known as Kim Schmitz, Kimble, Kim Tim Jim Vestor, and most recently Kim Dotcom, is now awaiting extradition from New Zealand to face charges of conspiracy, money laundering and copyright infringement crimes in the US. His life has enveloped his all of the hype and bluster that echoes the worst of the dot-com bubble. Schmitz has continued living the life of a 1990’s dotcom scammer, long after the bubble burst.
In 2001, the Telegraph described Schmitz as “a PR man’s nightmare, but a journalist’s dream.”
Schmitz recently wrote that his colour-filled past is far behind him now, he’s a family man, happy to meet the neighbors for coffee. But when New Zealand police arrived en masse at his mansion outside Auckland, in sleepy New Zealand last week, Dotcom’s new-found lily whiteness dissipated quickly, his past came crashing down around him, a stark reminder that the past is never far behind you.
Of the raid police said in a In a statement, that officers cut their way through various locks and then into the home’s safe room, where Dotcom was reportedly standing close to a sawed-off shotgun, officers took him into custody.
Worldwide raids, in which 100’s of servers were seized, 100’s of law enforcement officers raiding homes and offices related to Megaupload and Schmitz around the globe, seizing property including high performance vehicles, abruptly ending the luxury lifestyle of Schmitz and his cohorts.
All adding another layer to the ever growing legend of Dotcom, a legend that Schmitz has been growing since he was a teenager: God of Hackers, Midas Touch, Kimble. Venture Beat has Dotcom listed as the No1 Modern Warfare 3 multiplayer, oops, even that status has slipped to No2 while this is being penned.
Since the early 1990’s Dotcom has gone out of his way to put himself at the center of media attention. He’s certainly has it now.
But who is Kim Dotcom?
Born in Kiel, Germany to a Finnish mother – source of his dual citizenship – Schmitz has made a career of being larger than life. In the early 1990s, Schmitz used the little hacker cred he’d grown and the worlds growing paranoia of hackers and phreakers to launch a media-powered cyber-security career. Schmitz got his first shot at media stardom in 1992, when he was interviewed by the German press and was subsequently featured in a Forbes article on the “computer hacker crime wave.” Schmitz took advantage of the complete lack of technical credibility of reporters and the growing “hacker mystique” to create a sexier, more dangerous version of himself—if not James Bond, then Dr. No.
Giving his hacker handle “Kimble” – which he later claimed was taken from the name of the main character in the 1993 film The Fugitive – as well as claiming to be the leader of an international hacker group – Dope – Schmitz said he had hacked hundreds of US companies’ PBX systems and was selling the access codes at $200 a pop, bragging that “every PBX is an open door to me.” He also claimed to have developed an encrypted phone that could not be tapped, and to have sold a hundred of them.
In a 2001 interview with the Telegraph, Schmitz claimed to have hacked Citibank and transferred $20 million to Greenpeace, a claim refuted by Greenpeace. Schmitz also claimed to have hacked NASA and said that he had accessed Pentagon systems, reading top-secret information on Saddam Hussein during the Gulf War.
There’s no record to substantiate most of this; perhaps some of it is true. What he did do was steal phone calling card codes and conduct a premium number fraud similar to the recent rash of Filipino phreaking frauds. He bought stolen phone card account information from American hackers. After setting up premium toll chat lines in Hong Kong and in the Caribbean, he used a “war dialer” program to call the lines using the stolen card numbers—ringing up €61,000 in ill-gained profits.
Schmitz was also playing pirate in other ways. Andreas Bogk, a member of the Chaos Computer Club, recently told the Wall Street Journal that Schmitz set up a computer system for the uploading and downloading of pirated PC software, charging people for access. (Schmitz exposed the scheme in an interview with a German television news program, and it was subsequently shut down by Deutsche Telekom.)
Schmitz’s efforts to branch into the “legit” world of security consulting with his security company Data Protect initially backfired by exposing his real identity—and by allowing it to be connected to his hacker credentials. In March of 1994, he was arrested by police for trafficking in stolen phone calling card numbers. He was held in custody for a month, then arrested again on additional hacking charges shortly afterward—and again released. In 1998, he was convicted of 11 counts of computer fraud, 10 counts of data espionage, and an assortment of other charges. He received a two-year suspended sentence—because, at just 20, he was declared “under age” at the time the crimes were committed.
But Schmitz used the notoriety to boost his security business. He soon landed a security contract for Data Protect with the airline Lufthansa by demonstrating an apparent security vulnerability—though according to claims by others in the German hacking community, his connection to the airline was thanks to collaboration with an insider there, and to the hacking skills of an accomplice.
The influx of cash began to fuel Schmitz’s fantasy fulfillment engine, funding his love of fast cars and outrageous antics. He promoted his new bad-boy rich hacker genius image through a bizarre Flash movie called Kimble, Special Agent, in which his cartoon alter-ego drives a “Megacar” and then a “Megaboat” before breaking into Bill Gates’ compound and riddling the wall behind Gates with a machine gun (spelling out “Linux” with bullet holes). The cartoon was the first public demonstration of Schmitz’s obsession with all things Mega.
Rise, Fall, Rise, Fall
A year after the slap on the wrist, Schmitz shifted his focus from phone fraud to Internet start-ups. Almost from the beginning, he made an effort to portray himself as someone who was Germany’s answer to Silicon Valley—even if he was closer to Pets.com than to Yahoo.
His first effort tied together two of the great loves of his life: the Internet and expensive cars. Schmitz and Data Protect led the development of a real Megacar, an Internet-connected luxury car system with its own Pentium III Windows NT on-board computer, router, multi-camera video conferencing system, and 17-inch display. To get the broadband bandwidth required, the car had 16 multiplexed GSM cellular connections.The sticker price started at $90,000.
While it went nowhere, the press it received helped raise the profile of Data Protect—and of Schmitz. Schmitz was also making other efforts to create his persona. In 1999, according to New Zealand’s Investigate magazine(PDF), he was spotted at the airport in Munich getting his picture taken inside parked airplanes, which he then used to suggest that he owned them.
In 2000, Schmitz sold an 80 percent stake in Data Protect to the German conglomerate TÜV Rheinland, which bought the company for its “in-depth network expertise.” Schmitz held the remaining stake through his new holding company, Kimvestor.
Flush with at least some cash, Schmitz was quick to burn some of it by waving his own particular brand of freak flag. He hired a German centerfold, a collection of other actors, a film crew, and fast car aficionados for a self-produced film called Kimble Goes Monaco—a road movie about a lavish trip to Monaco, including a cruise on a rented yacht. The movie was punctuated with Schmitz playing with expensive toys, and featured a bizarre Bill-Gates-is-spying-on-me subplot.
While Schmitz reveled in the attention, it wasn’t long before TÜV was wondering what, exactly, it had bought. First, there was LetsBuyIt.com, a failing Internet retail site. In January 2001, as the dot-com crash was starting to gain momentum, LetsBuyIt was close to bankruptcy. Schmitz bought 375,000 euros in the company’s shares—and then announced he was preparing to invest an additional 50 million Euros. “I’m completely convinced LetsBuyIt can reach profitability despite its current problems,” he told the Guardian.
The news hit the market, and the stock price of LetsBuyIt surged. Schmitz cashed out, making a profit of €1.5 million. Perhaps Schmitz was just ignorant of the legal ramifications of what he had done— insider trading wasn’t even a crime in Germany until 1995.
Regardless, he didn’t waste time rolling the money into building his persona—part of the profit was burned buying his Mercedes Brabus EV12 Megacar that April, in which he finished first in the 2001 Gumball 3000 road rally.
But as an investigation began into Schmitz’s shady investment strategy, another pet project was getting ready to crater. Schmitz had launched Monkey AG and Monkeybank, an e-payment company with venture capital from German private equity company BMP (which held a 35 percent stake). Monkey also shared the address, and most of the employees, of Data Protect—which was owned by TÜV.
By June of 2001, BMP and TÜV went into damage control mode, cutting Schmitz’s management involvement in Monkey and the rest of the companies. “Everything that has grown up around Mr. Schmitz is, to say the least, somewhat dubious,” TÜV spokesman Tobias Kerchoff told the German business site Handelsblatt.com. And there was plenty of reason for that dubiousness: somewhere in the confusion, Schmitz got €280,000 in the form of an unsecured loan to Kimvestor. He would later claim to have been “dazzled,” unaware that he would be unable to repay the loan.
In the meantime, Schmitz was busy trying to brush up on his hacker cred to improve his Dr. Evil image. In the wake of the September 11, attacks, he claimed to be launching a group called Young Intelligent Hackers Against Terrorism (YIHAT), and to have hacked Sudanese bank accounts belonging to Osama Bin Laden. (He also offered a $10 million reward for information leading to Osama’s capture on his now-defunct kimble.org site.)
But the pressure was mounting. In September of 2001, he claimed his net worth was $100 million. By November, his companies were all circling the drain. The hacker community had turned on him—one hacker, with the moniker of Fluffy Bunny, had defaced his site and the site of YIHAT.
With insider trading charges pending over LetsBuyIt, Schmitz decided it was time to lay low (by his standards); “in fear for his life,” he fled to Thailand in January of 2002.
Kim Schmitz aka Kimble, the founder of a group which made unsubstantiated claims to have hacked a Sudanese bank with /bin/laden accounts, has fled the country in fear of his life.
At least that’s what the man himself would have us believe from a farewell letter on his site which shows, if nothing else, that Kimble is not afraid to sing his own praises.
The “500-million-mark” man, “super brain” and “Internet entrepreneur” was wrongly made out to be a “braggart” and “fraud” by people out to destroy his vision, he would have us believe. The authorities are unable to protect him against kidnap or death threats so he’s decided to take his ego elsewhere.
There’s no mention of reported financial problems and, sadly, Kimble’s site has also been stripped of pictures of him and his mates flying in private jets to exotic locations with a bevvy of busty strumpets.
It’s not clear what his plans are or where Schmitz is at the moment, and he’s proving difficult to track down.
In January 2002, CNN reported that the German finance community, and Letsbuyit.com which he reportedly helped by offering to invest $40 million early last year when it was close to collapse, are unfazed by Schmitz’s exile.
The hacking community will be hopeful that he’s disappeared for good. Schmitz’s self-created legend of hacking proficiency, based on a little fact combined with tasty bits from media interviews and movies, as this article makes all too clear, raised hackles in the community.
After the September 11 attacks, Schmitz claimed to have created an elite squad of cyber ninjas called YIHAT (Young Intelligent Hackers Against Terrorism) whose goal was “eliminating the electronic foundations of terrorist activities worldwide”.
Last October Schmitz claimed that his YIHAT guard had obtained data on accounts held by members of Al Qaeda, including bin Laden, held at the AlShamal Islamic Bank in Sudan, but he offered not one shred of proof.
Days later Yihat was re-christened Young IDIOTIC haxOrz and Terrorists after an attack on its kill.net Web site by infamous hacker Fluffy Bunny.
Which say’s it all really. ®
Since we last looked, Schmitz has put up a fake headstone on his site announcing his death on Monday, which will be his 28th birthday. He’s even put up a countdown clock and invited people to see his “death” live on the site. Really is there no end to this man’s posturing?
A story in Germany’s Der Spigel suggests Schmitz has been arrested in Thailand. Here’s a translation from the original German, with thanks to all the readers who submitted it:
The End of the Road
Kim Schmitz Arrested in Thailand
Whatever he planned next, it will never materialise: Kim “Kimble” Schmitz has been arrested in Thailand. The ‘King of the Hackers’ has been accused of insider dealing, by which he allegedly made 1.5 million euros.
Munich computer expert Schmitz, sought internationally for his fraudulent insider dealing, was apprehended in Bangkok. The public prosecutor from Munich I confirmed on Friday a report to that effect by ‘Teleboerse Online’. The 27 year-old was accused of using insider knowledge to buy shares for 375,000 euros, then selling them off shortly afterwards for 1.5 million euros.
Now we must wait to see how this develops, and when the accused will be handed over to Germany, said a representative of the public prosecutor’s office. On the advice of the state supervisory office for bond trading, the Munich authorities have initiated inquiries and obtained the arrest warrant through Munich’s law courts.
Schmitz is regarded as an enigmatic figure. He became known in Munich as a computer hacker and later sold his knowledge of security holes to companies.
Even now he is still ensuring sensation with one of his abstruse publicity tricks: on his Web site he is advertising his suicide on Monday – or at least his crossing “to a new world”.
On his website, he hinted at possible suicide, saying he would be crossing “to a new world,” Hale-Bopp cult style. But instead of offing himself, he declared that he wanted to be known as “King Kimble the First, Ruler of the Kimpire”—a label he would apply to his future projects. (It’s listed as his title on LinkedIn.)
As it turned out, Thailand wasn’t happy to see him. He was promptly arrested and fast-track deported to Germany to stand trial. However, the few nights in a Thai jail turned out to be the worst of it, as fears of prison in Germany were unfounded—he was sentenced to 20 months probation and slapped with a €100,000 fine. In 2003, he pled guilty to embezzlement charges over the Monkey “loan” and received another two years of probation.
After the law’s repeated lashes with a wet noodle, Schmitz left Germany and moved to Hong Kong to start the next level of Mega-insanity. Read the full article »»»»