Kim Schmitz aka Kimble

January 31, 2001

http://europe.thestandard.com/article/display/0,1151,14368,00.html

Schmitz is no white knight for LetsBuyIt

Kim Schmitz's company has no board, no registration and no money. Can the notorious hacker be relied on to save LetsBuyIt?

By Boris Grondahl and Rick Wray

LetsBuyIt.com thought it had found its saviour last week in former hacker Kim Schmitz. But an investigation by The Standard Europe has uncovered a tale of confusion that raises serious doubts about the ability of Schmitz to fund the aggregate buying network to profitability. It has emerged that Schmitz's investment vehicle is not even a registered company in Germany.

Schmitz, a convicted German computer hacker, emerged as a white knight on 24 January, offering part of the 4 million demanded by LetsBuyIt's Dutch administrators to stave off immediate bankruptcy proceedings. He also promised that his investment vehicle Kimvestor would provide up to 50 million euros to back the business through to projected profitability in the fourth quarter of next year.

But it is hard to see what Kimvestor has to offer except promises. The weekend after receiving the proposal, LetsBuyIt's chief executive John Palmer held meetings with Schmitz. It soon became clear to Palmer that despite Schmitz's claims, Kimvestor has no funds at its disposal.

"We have come a long way but nothing is on the bottom line yet," Palmer admitted.

Schmitz is looking to raise 20 million euros by selling a 10 per cent stake in Kimvestor to new shareholders - a move which will value the self-styled "start-up factory" at 200 million euros. Schmitz told The Standard Europe he had successfully sold "95 per cent" of the 10 per cent share being offered but declined to name the individuals backing him. All he would say is that they were "well-known CEOs and businessmen".

These backers are taking a chance on Schmitz. The company, Kimvestor, has not been properly set up. Schmitz offered these backers shares in Kimvestor in a private placement which was backed up by an online prospectus that claimed the business was founded in January 2000. However, the German authorities have no record of the business.

Schmitz was not available for comment on the fact that he appears to have sold shares in a company which has not been registered.

Under German law, a company can exist before it has been registered, but this must be made plain to the authorities, and would have been on record for the Standard Europe to see. Schmitz has failed to follow this basic procedure. There are other procedures that Schmitz has failed to follow: it seems that Kimvestor doesn't control the assets which Schmitz has claimed it does.

According to the Kim-vestor Web site, the business has a share of three companies founded by Schmitz himself: Data Protect, Megacar and Monkeybank. However these shares are owned by Data Protect GmbH, of which Schmitz is chief executive.

Schmitz also said that Kimvestor will "close an investment fund worth 200 million euros on 10 February". He declined to name the sources of his capital or the potential companies he would invest this money in.

Asked if he would use this fund for the LetsBuyIt bailout, Schmitz said: "We have not decided yet what will make the most sense."

In Kimvestor's four-page prospectus, Schmitz promises that the company will float within 18 months and be worth 1 billion euros in five years. He also lays claim to a supervisory board made up of three members of the German technocracy: Gerhard Barth, the chief technical officer of the German financial institution Dresdner Bank; Gerrit Huy, an executive of media group KirchPayTV; and Dieter Haban of car giant DaimlerChrysler.

In fact, a spokeswoman for Barth told The Standard Europe that he is not on the board because there is none. Haban explained that the board is currently being formed and while he has full confidence in Schmitz, he knows little about the operation of the business, nor whether it actually has any funds. Huy was unavailable for comment.

As The Standard Europe went to press, LetsBuyIt's John Palmer was trying to put the finishing touches to a rescue package which will provide him with the 40 million euros he has publicly stated will get the business to profit. That package relies more heavily upon LetsBuyIt's existing venture capital backers and new sources of funding than it does on Schmitz.

With Kimvestor in such disarray, it is likely that Schmitz's involvement in LetsBuyIt will initially have to be funded out of his own pocket. His personal wealth is unknown and comes predominantly from the sale of 80 per cent of software security firm Data Protect early last year to T.V Rheinland-Berlin-Brandenburg, a technology firm.

The amount that Schmitz received for the business has never been made public. However, T.V spokesman Tobias Kirchhoff said the business is not large: it employs just 15 people and has DM-denominated revenues "in the seven figures".

More confusion surrounds Schmitz's criminal escapades. Even his much-publicised claim to have altered the credit rating of former German Chancellor Helmut Kohl is not backed up by court records.

Schmitz styles himself as a hacker hero, but has few friends among German hackers. This is at least partly because some German hackers believe he shopped them to the police when he was arrested.

The Chaos Computer Club (CCC) has barred him from its meetings. The CCC spokesman Andy M.ller-Maguhn explains: "Nobody wants to be connected with him."

Members of the CCC also take a dim view of Schmitz's bragging. In the Kimvestor prospectus he claims to have hacked into Nasa, the Pentagon and Citigroup. But M.ller-Maguhn dismisses these claims as "made up". Schmitz - who used the hacker nickname "Kimble", after Dr Richard Kimball, star of the American TV series The Fugitive - also claims to have once broken into Citibank and transferred $20 million (21.6 million euros) in small transactions from 4 million accounts to Greenpeace.

Sara Holden, a spokesperson for environmental campaigners Greenpeace International says this is "just not true".

She added: "Twenty million dollars would have been half our annual budget in the mid-1990s, and I am sure we would have noticed this [boost to our funds]."

In fact, Citibank fell victim to hackers that caused $10 million (10.8 million euros) in damages in the mid-1990s. But a Russian hacker was charged and convicted of the break-in, and he had no links to Greenpeace.

Schmitz, who has been more than ready to talk about his hacking stunts to other members of the press in the last few days, declined to comment on them when asked by The Standard Europe. But if the break-ins he lays claim on took place, they were not an issue explored in his trial, according to court papers obtained by The Standard Europe.

The verdict, announced by a court in Munich in March 1998, states that Schmitz was arrested twice in 1994, at the age of 20, and detained for a month both times. He was convicted of 11 cases of computer fraud, 10 cases of "data espionage", 11 cases of what amounts to stealing business secrets, the receiving of stolen goods and fraud.

However, he received just a two-year suspended sentence because he was under-age when he carried out many of these offences.

One of the charges related to a scam which earned Schmitz over DM120,000. (61,000 euros). Having bought two thousand stolen phone card account numbers from US-based hackers, Schmitz then set up chat lines in the Caribbean and Hong Kong and developed a computer program that automatically called those lines using the stolen cards.

As the owner of the lines, he got a share of the charges he had stolen from the calling cards - as well as running up enormous bills on the cards himself.

But perhaps the one crime that says the most about Schmitz is the fact that when the college drop-out applied for a credit card, he did so under his own name - but with the addition of "Dr".


main page ATTRITION feedback