The fact and fiction behind Kimble

[InfoSec News <isn () C4I ORG>]

Forwarded by: Anonymous Source <remailer () mixmaster shinn net>

http://europe.thestandard.com/article/display/0,1151,14412,00.html

The Standard

January 31, 2001, 3:00 PM GMT

The fact and fiction behind Kimble

Notorious hacker and LetsBuyIt.com saviour Kim Schmitz is shrouded by
hype

By Boris Gr?ndahl

Kim Schmitz, the surprise investor who surfaced last week to save
LetsbuyIt.com, doesn't make a secret of his past alias of "Kimble",
the convicted computer hacker. On the contrary, he makes this one of
his selling points.

This may appear honest at first glance, but if you compare what stunts
he lays claim to, and what his court verdict in 1998 found him guilty
of, his past looks a bit less glamorous.

However, Schmitz's claims follow a pattern. He takes bits of what he
has been found guilty of, bits of other hackers' publicised doings,
even tales of hacker movies, and mixes them together to form his
"personae".


MYTH: Many papers reported that Schmitz lowered the credit rating of
former German chancellor Helmut Kohl to zero.

TRUTH: Credit ratings on individuals in Germany are different from the
US. There is no rating of a kind that you could "lower to zero". And
the court verdict against Schmitz has nothing to say about this.

THE LINK: According to Schmitz's verdict, he had broken into the
computers of the Deutscher Beamtenbund, a public officials' union, and
among other documents, copied the union's correspondence with the
chancellor. The Masters of Deception, a New York hacker group, lowered
the credit rating of cyber-celebrity John Perry Barlow to zero during
an online discussion in the early 1990s.


MYTH: Schmitz told the Sunday Telegraph he "got into Citibank's system
and transferred $20 million (21.4 million euros) by taking tiny
amounts from the accounts of 4 million customers and giving it to
Greenpeace".

TRUTH: Nothing like this is in the court records. In fact, there's no
link to Citibank or Greenpeace at all. A Greenpeace spokeswoman told
The Standard Europe the claim was "just not true", adding that $20
million (21.4 million euros) would have been half the organisation's
annual budget in the mid-1990s.

THE LINK: In a widely publicised case in 1996, Citibank did indeed
fall victim to a group of Russian hackers who caused $10 million (10.7
million euros) in damages. The money didn't go to Greenpeace, though.
However, the final scene in the hacker movie "Sneakers" (featuring
Robert Redford, Dan Aykroyd and Sidney Poitier) is a TV news speaker
announcing that the Republican Party had to declare insolvency while
Greenpeace announces an enormous anonymous donation.


MYTH: Schmitz also told the Sunday Telegraph that "he developed the
Blue Box, software that would override the phone charging system".

TRUTH: According to the court papers, Schmitz didn't use clever
software to "override the phone charging system", but simply stolen
calling card numbers he had bought from US hackers.

THE LINK: Blue Box is the name for a hardware device which cheated the
phone charging system by simulating its signals. They were widely used
in the US, years before Schmitz was born in 1974.


MYTH: In the prospectus of his company Kimvestor, Schmitz claims to
have broken into NASA and the Pentagon.

TRUTH: Nothing like this in on the records. The spokesman of the
German hacker organisation Chaos Computer Club dismisses his claims as
"made up".

THE LINK: The hacking into a wide array of computers including those
of the NASA made the Chaos Computer Club world-known in 1988. Some of
the hackers who had done this were hired by the Soviet intelligence
service KGB and broke into computers of military research labs in the
US, but not into the Pentagon.


MYTH: Schmitz told the Sunday Telegraph "when he came out of prison he
was inundated with offers from companies... Within a week he was
working for Lufthansa".

TRUTH: According to his verdict, Schmitz was breaking into systems and
used what he found to offer those firms his advice in security matters
through an accomplice's consultancy. The accomplice was a former
Lufthansa employee and Lufthansa was among their victims. However, the
court states that it wasn't Schmitz who broke into Lufthansa's network
but another accomplice.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".