Information Security News mailing list archives
The fact and fiction behind Kimble
From: InfoSec News <isn () C4I ORG>
Date: Fri, 2 Feb 2001 02:10:50 -0600
Forwarded by: Anonymous Source <remailer () mixmaster shinn net> http://europe.thestandard.com/article/display/0,1151,14412,00.html The Standard January 31, 2001, 3:00 PM GMT The fact and fiction behind Kimble Notorious hacker and LetsBuyIt.com saviour Kim Schmitz is shrouded by hype By Boris Gr?ndahl Kim Schmitz, the surprise investor who surfaced last week to save LetsbuyIt.com, doesn't make a secret of his past alias of "Kimble", the convicted computer hacker. On the contrary, he makes this one of his selling points. This may appear honest at first glance, but if you compare what stunts he lays claim to, and what his court verdict in 1998 found him guilty of, his past looks a bit less glamorous. However, Schmitz's claims follow a pattern. He takes bits of what he has been found guilty of, bits of other hackers' publicised doings, even tales of hacker movies, and mixes them together to form his "personae". MYTH: Many papers reported that Schmitz lowered the credit rating of former German chancellor Helmut Kohl to zero. TRUTH: Credit ratings on individuals in Germany are different from the US. There is no rating of a kind that you could "lower to zero". And the court verdict against Schmitz has nothing to say about this. THE LINK: According to Schmitz's verdict, he had broken into the computers of the Deutscher Beamtenbund, a public officials' union, and among other documents, copied the union's correspondence with the chancellor. The Masters of Deception, a New York hacker group, lowered the credit rating of cyber-celebrity John Perry Barlow to zero during an online discussion in the early 1990s. MYTH: Schmitz told the Sunday Telegraph he "got into Citibank's system and transferred $20 million (21.4 million euros) by taking tiny amounts from the accounts of 4 million customers and giving it to Greenpeace". TRUTH: Nothing like this is in the court records. In fact, there's no link to Citibank or Greenpeace at all. A Greenpeace spokeswoman told The Standard Europe the claim was "just not true", adding that $20 million (21.4 million euros) would have been half the organisation's annual budget in the mid-1990s. THE LINK: In a widely publicised case in 1996, Citibank did indeed fall victim to a group of Russian hackers who caused $10 million (10.7 million euros) in damages. The money didn't go to Greenpeace, though. However, the final scene in the hacker movie "Sneakers" (featuring Robert Redford, Dan Aykroyd and Sidney Poitier) is a TV news speaker announcing that the Republican Party had to declare insolvency while Greenpeace announces an enormous anonymous donation. MYTH: Schmitz also told the Sunday Telegraph that "he developed the Blue Box, software that would override the phone charging system". TRUTH: According to the court papers, Schmitz didn't use clever software to "override the phone charging system", but simply stolen calling card numbers he had bought from US hackers. THE LINK: Blue Box is the name for a hardware device which cheated the phone charging system by simulating its signals. They were widely used in the US, years before Schmitz was born in 1974. MYTH: In the prospectus of his company Kimvestor, Schmitz claims to have broken into NASA and the Pentagon. TRUTH: Nothing like this in on the records. The spokesman of the German hacker organisation Chaos Computer Club dismisses his claims as "made up". THE LINK: The hacking into a wide array of computers including those of the NASA made the Chaos Computer Club world-known in 1988. Some of the hackers who had done this were hired by the Soviet intelligence service KGB and broke into computers of military research labs in the US, but not into the Pentagon. MYTH: Schmitz told the Sunday Telegraph "when he came out of prison he was inundated with offers from companies... Within a week he was working for Lufthansa". TRUTH: According to his verdict, Schmitz was breaking into systems and used what he found to offer those firms his advice in security matters through an accomplice's consultancy. The accomplice was a former Lufthansa employee and Lufthansa was among their victims. However, the court states that it wasn't Schmitz who broke into Lufthansa's network but another accomplice. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- The fact and fiction behind Kimble InfoSec News (Feb 02)