Kim Schmitz aka Kimble

January 28, 2001

http://www.telegraph.co.uk/et?ac=003100565149417&rtmo=VDwSs3gK&atmo=hhhhhhhe&pg=/et/01/1/28/ccprof28.html



Kim Schmitz has broken into computers at the Pentagon and NASA and raided Citibank's coffers. Now he is rescuing LetsBuyIt.com, writes Amanda Hall.

KIM SCHMITZ is a PR man's nightmare and a journalist's dream.

"Everyone tells me not to live the way I do," he says, sitting at the head of an oblong office table with the fingers of his big hands loosely intertwined in front of him. Behind him on a smaller table are two huge white altar-like candles with large Ks, his personal insignia, at the bottom; they are lit, he says, whenever he commits to backing a new business.

"Everyone tells me not to say the things I do. I'm very direct, very undiplomatic. Everyone tells me to stop talking about my hacker history, about my lifesytle, but I don't give a ****, I've just stayed the way I am. Over the past few years I realised that if I was to run a company or a fund, I needed to be the captain and not listen to anyone else. I needed to be the ruler of my world otherwise it was never going to work."

It would take an extremely brave man or woman to disagree with him. At 6ft 5in and 23 stones and just turned 27, he is the tallest, heaviest and probably the most bizarre businessman I have interviewed.

Last Thursday, when news came over the wires that a former convicted computer hacker had come to the rescue of LetsBuyIt.com, another of those online shops that has run into a little financial difficulty, it was clear that this was a story that had to be seen to be believed.

Schmitz is famous in cyberland as Kimble, the world renowned superhacker who, from a flat in Munich, routed his way into hundreds of top secret files at the Pentagon, at Nasa, the CIA and the FBI.

He got into scores of companies and institutions; he read high security information on Saddam Hussein during the Gulf War; he read the news before it was broadcast; he even got into Citibank's system and transferred $20m by taking tiny amounts from the accounts of 4m customers and giving it to Greenpeace.

(CIA.. FBI.. Pentagon.. Gulf War.. News outlets .. 20 million from Citibank.. this list is a fairy tale.

I don't recall the name 'Schmitz' being involved on the Citibank hack. I remember a 'Vladimir Levin', and the amounts ranging from 10 - 12 million.

I remember the 'Phonemasters' being part of a short list to compromise several FBI machines (and NCIC).

I don't recall any Greenpeace/Citibank story, even years after the supposed fact.)

Today he runs Kimvestor, a private venture capital business which was one of the contributors, the wire story said, to Eu4m (2.5m) of new investment that LetsBuyIt had raised which would allow it to stave off bankruptcy. Schmitz thinks LetsBuyIt is such a fabulous investment opportunity that he is negotiating this weekend with John Palmer, the company's founder, to put in more money - up to Eu50m before the end of February.

That is why, late on Friday afternoon, I am waiting on the fifth floor of a cold, deserted and spookily quiet modern glass building in downtown Munich.

Schmitz comes to the door. He is wearing a huge black suit, a black turtle-neck shirt and a pair of extraordinary black and white shoes that would not look amiss on a golf course. He is carrying a pair of dark glasses and wears one of those super-expensive Breitling watches that can send out an emergency signal if ever he gets into trouble.

As we pass through reception, I notice a lifesize cardboard cut-out, a cartoon version of him leaning against a cupboard. "It's Kimble," he says as if having a cardboard version of yourself in reception is the most natural thing in the world.

For a man running an investment business Kim Schmitz has such an odd story that it's probably best to tell it straight. He was the third of three children and born in Kiel, 50 miles north of Hamburg. His mother was a cook and his father a cruise ship captain. Schmitz was bright, he says, but more than that, he was ambitious. When everyone else said they wanted to be a firemen or a nurse when they grew up, he said he wanted to be a millionaire.

"Ever since I was a small kid I've known I wanted to do something big. When I entered the hacker scene, I just wanted to reach the top - and I reached the top." At nine, he got his first computer as a birthday present. By 12, he had learnt to override the copyright protection on games software and gained instant popularity with his friends by selling copies for a few marks.

By 15, he had mastered most programming languages and, as modems emerged, he turned his bedroom into a mini software exchange, linking his stash of computers with his friends' and sending software over the phone lines. Wasn't his mother worried that he had 12 phone lines coming into his bedroom? "No, absolutely not. My parents didn't understand what was going on. All they saw was flashing lights and me saying I was working."

Even 'back then', the notion someone could master "most" programming languages is absurd.

If there was a turning point in Schmitz's life that took him from computer whizz to world famous computer hacker who today is still wanted on charges in the US, it came with the phone lines. As he used more phone time to send and receive software, his expenses ballooned. To get round the problem he developed the Blue Box, software that would override the phone charging system. Initially he sold the software to about 100 people who then passed it on.

Still wanted in the US? If this is public knowledge, should be easy for the journalist to dig up some official paperwork confirming that.

"This was freaking," he says. "Before hacking there was freaking, a way of going into a phone system, messing it up and phoning for free. That was how I got into the business of getting through barriers and finding ways to bypass security, get onto servers and doing all sorts of crazy things. That was how the hacking started." Every time Schmitz hacked into a computer, he would leave behind his hacker identity - the name Kimble and a skull on either side.

(Try "phreaking"..)

"People knew when they turned their computer on and this popped up that it was me," he says. "Every hack was a trophy. I had a big feeling of power because I was running the most important worldwide mailbox exchanging hacking information and I knew what was really going on. I was living two lives; my cyber life had much more priority because I was one of the key players in a scene that was growing and growing every day."

(Turning the computer on to see his logo is exactly what se7en used to claim too.)

The software he used to sabotage Citibank and transfer the $20m to Greenpeace took him just a week to write.

By chance in 1993, Schmitz discovered a computer account that included the word "Pentagon". "I connected to the computer, made myself a super-user on it and after five or six hours had access to 100 computers within the Pentagon. I found the main router and so could 'sniff' all the traffic and jump from computer to computer. Some had real-time connections with satellites that were taking photographs of [Saddam] Hussein's palace - I had no idea that technology even existed. It was like Ali Baba finding the treasure cave."

And then, in 1996, Schmitz' cyber world came crashing down. At 6.00am masked policemen with guns broke down the door of his Munich flat, arrested him and threw him in jail for three months. Had he not lived for years with the anxiety that at any moment he might be discovered? "No," he says. "Absolutely not. I was so confident I could never be found."

In fact, the authorities did not trace Schmitz through his cybertrail but via one of the few contacts he had made over the computer networks who he had subsequently met. "It was from social contact. That was the weak point."

Schmitz's story was so well reported in the German press that when he came out of prison he was inundated with offers from companies wanting to hire him as a consultant to secure their systems. Within a week he was working for Lufthansa and later brought together a team of elite hackers to form Dataprotect. Last year, he sold 80 per cent of the business and set up Kimvestor. It has Eu200m to invest, he says, and likes to back technology start-ups.

And if any of his numerous employees or consultants go on the record, the story of 'Dataprotect' will sound more like a nightmare to most involved, except Kimble.

As any visitor to Schmitz's website (kimble.org) will see, he lives a high-rolling life. At New Year he hired a jet, flew to the Caribbean and went cruising on a yacht. He met Paul Allen, the Microsoft billionaire. "He was on this big boat, sitting there having a party with Puff Daddy doing music. That's cool!" Then he went to Rio, hired eight bodyguards and invited Oasis to his suite - the presidential one - at the Rio Palace Hotel. It all sounds rather too unreal.

Perhaps, because it is unreal?

Schmitz says his hacking days are behind him, which is what you would expect him to say. But if we wanted, just for fun, does he think he could access, say, the private email of the chairman of Marks & Spencer?

"Absolutely. On my own, it would take about two days. With my guys, two hours. But today I'm a businessman and I'm playing the business game quite well. I have a huge ego, I know that. Do I worry about it? No! I think it's cool. I have a lot of fun."

And what about his personal life? Is he married? Girlfriend? "Yeah, well, it's fluctuating," he says. "It's just like with companies, most girls get boring after a certain period. But don't take that personally. Okay?"


main page ATTRITION feedback