Schmitz is no white knight for LetsBuyIt

[InfoSec News <isn () C4I ORG>]

Forwarded by: Anonymous Source <remailer () mixmaster shinn net>

http://europe.thestandard.com/article/display/0,1151,14368,00.html

January 31, 2001

Schmitz is no white knight for LetsBuyIt

Kim Schmitz's company has no board, no registration and no money. 
Can the notorious hacker be relied on to save LetsBuyIt?

By Boris Grondahl and Rick Wray

LetsBuyIt.com thought it had found its saviour last week in former
hacker Kim Schmitz. But an investigation by The Standard Europe has
uncovered a tale of confusion that raises serious doubts about the
ability of Schmitz to fund the aggregate buying network to
profitability. It has emerged that Schmitz's investment vehicle is not
even a registered company in Germany.

Schmitz, a convicted German computer hacker, emerged as a white knight
on 24 January, offering part of the ?4 million demanded by LetsBuyIt's
Dutch administrators to stave off immediate bankruptcy proceedings. He
also promised that his investment vehicle Kimvestor would provide up
to 50 million euros to back the business through to projected
profitability in the fourth quarter of next year.
 
But it is hard to see what Kimvestor has to offer except promises. The
weekend after receiving the proposal, LetsBuyIt's chief executive John
Palmer held meetings with Schmitz. It soon became clear to Palmer that
despite Schmitz's claims, Kimvestor has no funds at its disposal.

"We have come a long way but nothing is on the bottom line yet,"
Palmer admitted.

Schmitz is looking to raise 20 million euros by selling a 10 per cent
stake in Kimvestor to new shareholders - a move which will value the
self-styled "start-up factory" at 200 million euros. Schmitz told The
Standard Europe he had successfully sold "95 per cent" of the 10 per
cent share being offered but declined to name the individuals backing
him. All he would say is that they were "well-known CEOs and
businessmen".

These backers are taking a chance on Schmitz. The company, Kimvestor,
has not been properly set up. Schmitz offered these backers shares in
Kimvestor in a private placement which was backed up by an online
prospectus that claimed the business was founded in January 2000.
However, the German authorities have no record of the business.

Schmitz was not available for comment on the fact that he appears to
have sold shares in a company which has not been registered.

Under German law, a company can exist before it has been registered,
but this must be made plain to the authorities, and would have been on
record for the Standard Europe to see. Schmitz has failed to follow
this basic procedure. There are other procedures that Schmitz has
failed to follow:  it seems that Kimvestor doesn't control the assets
which Schmitz has claimed it does.

According to the Kim-vestor Web site, the business has a share of
three companies founded by Schmitz himself: Data Protect, Megacar and
Monkeybank. However these shares are owned by Data Protect GmbH, of
which Schmitz is chief executive.

Schmitz also said that Kimvestor will "close an investment fund worth
200 million euros on 10 February". He declined to name the sources of
his capital or the potential companies he would invest this money in.

Asked if he would use this fund for the LetsBuyIt bailout, Schmitz
said: "We have not decided yet what will make the most sense."

In Kimvestor's four-page prospectus, Schmitz promises that the company
will float within 18 months and be worth 1 billion euros in five
years. He also lays claim to a supervisory board made up of three
members of the German technocracy: Gerhard Barth, the chief technical
officer of the German financial institution Dresdner Bank; Gerrit Huy,
an executive of media group KirchPayTV; and Dieter Haban of car giant
DaimlerChrysler.

In fact, a spokeswoman for Barth told The Standard Europe that he is
not on the board because there is none. Haban explained that the board
is currently being formed and while he has full confidence in Schmitz,
he knows little about the operation of the business, nor whether it
actually has any funds. Huy was unavailable for comment.

As The Standard Europe went to press, LetsBuyIt's John Palmer was
trying to put the finishing touches to a rescue package which will
provide him with the 40 million euros he has publicly stated will get
the business to profit. That package relies more heavily upon
LetsBuyIt's existing venture capital backers and new sources of
funding than it does on Schmitz.

With Kimvestor in such disarray, it is likely that Schmitz's
involvement in LetsBuyIt will initially have to be funded out of his
own pocket. His personal wealth is unknown and comes predominantly
from the sale of 80 per cent of software security firm Data Protect
early last year to T?V Rheinland-Berlin-Brandenburg, a technology
firm.

The amount that Schmitz received for the business has never been made
public. However, T?V spokesman Tobias Kirchhoff said the business is
not large: it employs just 15 people and has DM-denominated revenues
"in the seven figures".

More confusion surrounds Schmitz's criminal escapades. Even his
much-publicised claim to have altered the credit rating of former
German Chancellor Helmut Kohl is not backed up by court records.

Schmitz styles himself as a hacker hero, but has few friends among
German hackers. This is at least partly because some German hackers
believe he shopped them to the police when he was arrested.

The Chaos Computer Club (CCC) has barred him from its meetings. The
CCC spokesman Andy M?ller-Maguhn explains: "Nobody wants to be
connected with him."

Members of the CCC also take a dim view of Schmitz's bragging. In the
Kimvestor prospectus he claims to have hacked into Nasa, the Pentagon
and Citigroup. But M?ller-Maguhn dismisses these claims as "made up".
Schmitz - who used the hacker nickname "Kimble", after Dr Richard
Kimball, star of the American TV series The Fugitive - also claims to
have once broken into Citibank and transferred $20 million (21.6
million euros) in small transactions from 4 million accounts to
Greenpeace.

Sara Holden, a spokesperson for environmental campaigners Greenpeace
International says this is "just not true".

She added: "Twenty million dollars would have been half our annual
budget in the mid-1990s, and I am sure we would have noticed this
[boost to our funds]."

In fact, Citibank fell victim to hackers that caused $10 million (10.8
million euros) in damages in the mid-1990s. But a Russian hacker was
charged and convicted of the break-in, and he had no links to
Greenpeace.

Schmitz, who has been more than ready to talk about his hacking stunts
to other members of the press in the last few days, declined to
comment on them when asked by The Standard Europe. But if the
break-ins he lays claim on took place, they were not an issue explored
in his trial, according to court papers obtained by The Standard
Europe.

The verdict, announced by a court in Munich in March 1998, states that
Schmitz was arrested twice in 1994, at the age of 20, and detained for
a month both times. He was convicted of 11 cases of computer fraud, 10
cases of "data espionage", 11 cases of what amounts to stealing
business secrets, the receiving of stolen goods and fraud.

However, he received just a two-year suspended sentence because he was
under-age when he carried out many of these offences.

One of the charges related to a scam which earned Schmitz over
DM120,000. (61,000 euros). Having bought two thousand stolen phone
card account numbers from US-based hackers, Schmitz then set up chat
lines in the Caribbean and Hong Kong and developed a computer program
that automatically called those lines using the stolen cards.

As the owner of the lines, he got a share of the charges he had stolen
from the calling cards - as well as running up enormous bills on the
cards himself.

But perhaps the one crime that says the most about Schmitz is the fact
that when the college drop-out applied for a credit card, he did so
under his own name - but with the addition of "Dr".

[...]

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".