From convicted hacker to dotcom backer

[InfoSec News <isn () C4I ORG>]

http://www.telegraph.co.uk/et?ac=003100565149417&rtmo=VDwSs3gK&atmo=hhhhhhhe&pg=/et/01/1/28/ccprof28.html

Sunday 28 January 2001

Kim Schmitz has broken into computers at the Pentagon and Nasa and
raided Citibank's coffers. Now he is rescuing LetsBuyIt.com, writes
Amanda Hall.

KIM SCHMITZ is a PR man's nightmare and a journalist's dream.

"Everyone tells me not to live the way I do," he says, sitting at the
head of an oblong office table with the fingers of his big hands
loosely intertwined in front of him. Behind him on a smaller table are
two huge white altar-like candles with large Ks, his personal
insignia, at the bottom; they are lit, he says, whenever he commits to
backing a new business.

"Everyone tells me not to say the things I do. I'm very direct, very
undiplomatic. Everyone tells me to stop talking about my hacker
history, about my lifesytle, but I don't give a ****, I've just stayed
the way I am. Over the past few years I realised that if I was to run
a company or a fund, I needed to be the captain and not listen to
anyone else. I needed to be the ruler of my world otherwise it was
never going to work."

It would take an extremely brave man or woman to disagree with him. At
6ft 5in and 23 stones and just turned 27, he is the tallest, heaviest
and probably the most bizarre businessman I have interviewed.

Last Thursday, when news came over the wires that a former convicted
computer hacker had come to the rescue of LetsBuyIt.com, another of
those online shops that has run into a little financial difficulty, it
was clear that this was a story that had to be seen to be believed.

Schmitz is famous in cyberland as Kimble, the world renowned
superhacker who, from a flat in Munich, routed his way into hundreds
of top secret files at the Pentagon, at Nasa, the CIA and the FBI.

He got into scores of companies and institutions; he read high
security information on Saddam Hussein during the Gulf War; he read
the news before it was broadcast; he even got into Citibank's system
and transferred $20m by taking tiny amounts from the accounts of 4m
customers and giving it to Greenpeace.

Today he runs Kimvestor, a private venture capital business which was
one of the contributors, the wire story said, to Eu4m (2.5m) of new
investment that LetsBuyIt had raised which would allow it to stave off
bankruptcy. Schmitz thinks LetsBuyIt is such a fabulous investment
opportunity that he is negotiating this weekend with John Palmer, the
company's founder, to put in more money - up to Eu50m before the end
of February.

That is why, late on Friday afternoon, I am waiting on the fifth floor
of a cold, deserted and spookily quiet modern glass building in
downtown Munich.

Schmitz comes to the door. He is wearing a huge black suit, a black
turtle-neck shirt and a pair of extraordinary black and white shoes
that would not look amiss on a golf course. He is carrying a pair of
dark glasses and wears one of those super-expensive Breitling watches
that can send out an emergency signal if ever he gets into trouble.

As we pass through reception, I notice a lifesize cardboard cut-out, a
cartoon version of him leaning against a cupboard. "It's Kimble," he
says as if having a cardboard version of yourself in reception is the
most natural thing in the world.

For a man running an investment business Kim Schmitz has such an odd
story that it's probably best to tell it straight. He was the third of
three children and born in Kiel, 50 miles north of Hamburg. His mother
was a cook and his father a cruise ship captain. Schmitz was bright,
he says, but more than that, he was ambitious. When everyone else said
they wanted to be a firemen or a nurse when they grew up, he said he
wanted to be a millionaire.

"Ever since I was a small kid I've known I wanted to do something big.
When I entered the hacker scene, I just wanted to reach the top - and
I reached the top." At nine, he got his first computer as a birthday
present. By 12, he had learnt to override the copyright protection on
games software and gained instant popularity with his friends by
selling copies for a few marks.

By 15, he had mastered most programming languages and, as modems
emerged, he turned his bedroom into a mini software exchange, linking
his stash of computers with his friends' and sending software over the
phone lines. Wasn't his mother worried that he had 12 phone lines
coming into his bedroom? "No, absolutely not. My parents didn't
understand what was going on. All they saw was flashing lights and me
saying I was working."

If there was a turning point in Schmitz's life that took him from
computer whizz to world famous computer hacker who today is still
wanted on charges in the US, it came with the phone lines. As he used
more phone time to send and receive software, his expenses ballooned.
To get round the problem he developed the Blue Box, software that
would override the phone charging system. Initially he sold the
software to about 100 people who then passed it on.

"This was freaking," he says. "Before hacking there was freaking, a
way of going into a phone system, messing it up and phoning for free.
That was how I got into the business of getting through barriers and
finding ways to bypass security, get onto servers and doing all sorts
of crazy things. That was how the hacking started." Every time Schmitz
hacked into a computer, he would leave behind his hacker identity -
the name Kimble and a skull on either side.

"People knew when they turned their computer on and this popped up
that it was me," he says. "Every hack was a trophy. I had a big
feeling of power because I was running the most important worldwide
mailbox exchanging hacking information and I knew what was really
going on. I was living two lives; my cyber life had much more priority
because I was one of the key players in a scene that was growing and
growing every day."

The software he used to sabotage Citibank and transfer the $20m to
Greenpeace took him just a week to write.

By chance in 1993, Schmitz discovered a computer account that included
the word "Pentagon". "I connected to the computer, made myself a
super-user on it and after five or six hours had access to 100
computers within the Pentagon. I found the main router and so could
'sniff' all the traffic and jump from computer to computer. Some had
real-time connections with satellites that were taking photographs of
[Saddam] Hussein's palace - I had no idea that technology even
existed. It was like Ali Baba finding the treasure cave."

And then, in 1996, Schmitz' cyber world came crashing down. At 6.00am
masked policemen with guns broke down the door of his Munich flat,
arrested him and threw him in jail for three months. Had he not lived
for years with the anxiety that at any moment he might be discovered?
"No," he says. "Absolutely not. I was so confident I could never be
found."

In fact, the authorities did not trace Schmitz through his cybertrail
but via one of the few contacts he had made over the computer networks
who he had subsequently met. "It was from social contact. That was the
weak point."

Schmitz's story was so well reported in the German press that when he
came out of prison he was inundated with offers from companies wanting
to hire him as a consultant to secure their systems. Within a week he
was working for Lufthansa and later brought together a team of elite
hackers to form Dataprotect. Last year, he sold 80 per cent of the
business and set up Kimvestor. It has Eu200m to invest, he says, and
likes to back technology start-ups.

As any visitor to Schmitz's website (kimble.org) will see, he lives a
high-rolling life. At New Year he hired a jet, flew to the Caribbean
and went cruising on a yacht. He met Paul Allen, the Microsoft
billionaire. "He was on this big boat, sitting there having a party
with Puff Daddy doing music. That's cool!" Then he went to Rio, hired
eight bodyguards and invited Oasis to his suite - the presidential one
- at the Rio Palace Hotel. It all sounds rather too unreal.

Schmitz says his hacking days are behind him, which is what you would
expect him to say. But if we wanted, just for fun, does he think he
could access, say, the private email of the chairman of Marks &
Spencer?

"Absolutely. On my own, it would take about two days. With my guys,
two hours. But today I'm a businessman and I'm playing the business
game quite well. I have a huge ego, I know that. Do I worry about it?
No! I think it's cool. I have a lot of fun."

And what about his personal life? Is he married? Girlfriend? "Yeah,
well, it's fluctuating," he says. "It's just like with companies, most
girls get boring after a certain period. But don't take that
personally. Okay?"

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".