Auf Wiedersehen Prat: Kim Dotcom
The Megaupload bust introduced many people to Kim Dotcom for the first time. But the German hacker-entrepreneur has been on Angus Batey’s radar for over a decade. He interviewed him in 2001, and here presents a genuine comedy-drama of our times
Words Angus Batey
It’s the dichotomy of our age — the mystery around which the others revolve: in an era of unprecedentedly unrestricted access to information, where everyone with a connection to the web can perform their own audits, their own checks and verifications, we seem to increasingly prefer the safeties and certainties of fiction to the muddled open ends of truth.
In this context, the story of Kim Schmitz, or Kim Dotcom as he became known, could define its times. Dotcom is real, but he’s essentially a fictional character — a mixture of myth and hubris, PR spin and marketing, aggregated in one 6’4”, larger-than-life figure. He has become the malleable backdrop onto which a range of narratives can be projected, from whom a host of cautionary lessons can be learned. And at the time of writing, as he sits in a New Zealand jail awaiting his February 22 extradition hearing and, after that, perhaps, a long-postponed appointment with a destiny he’s been careening towards for the best part of two decades, his story is at once at its most fluid and its most fixed and defined. [February 22 update: Dotcom was released on bail, but barred from using the internet and ordered to stay within 80KM of his home.]
The first time most people probably heard of Dotcom was when he was arrested in January, charged by the FBI with heading a criminal enterprise that spanned continents and years. Megaupload.com, the site he founded in the mid-2000s, was credited with being the destination for more internet traffic than a large number of entire countries, and with hosting and disseminating trillions of bytes of copyright material, netting Dotcom and his cohorts hundreds of millions of dollars.
The Virginia grand jury indictment accused Dotcom and six others of, in the words of the FBI press release, “engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering, and two substantive counts of criminal copyright infringement.” Allegations also include that Megaupload’s purported legitimate use — as an online storage facility — was a smokescreen, and that the company would routinely delete files that weren’t frequently downloaded, while encouraging the uploading of popular content to drive traffic to the site. Further, the FBI claim that Megaupload failed to ban serial copyright abusers, were selective in removing copyrighted material after owners complained, and in some cases claimed they’d complied with takedown requests by removing one or two links to the pirated material while knowingly leaving many other copies of the files available on the site.
Following the arrests of Dotcom and a number of associates in New Zealand and elsewhere, the Feds confiscated a substantial collection of expensive cars. Pictures of his lavish pad, which he renamed the Dotcom Mansion and which was reputedly the most expensive home in New Zealand, were plastered across the internet. He didn’t only lose the toys — he lost the intangibles, too: incarcerated and without access to his Xbox and the internet, Dotcom slipped from his hard-won number one ranking on the online leaderboard for Modern Warfare 3.
Others would have first come across Dotcom late last year, when he appeared in the video for something called ‘The Mega Song’, a piece of PR for his site which was posted to YouTube, deleted amid controversy, then republished on the video portal. He appears in the video, briefly, among a string of celebrity musicians apparently endorsing Megaupload, including Kanye West, P. Diddy, Will.i.am, Alicia Keys, Macy Gray, Jamie Foxx, Lil Jon and Kim Kardashian. Yet even here, where the evidence of the viewer’s own eyes ought to be enough, the fictions were outweighing the facts. The story was always better that way.
Perhaps he knew. Perhaps he’d got wind of the FBI probe — after two years of investigation, they must have kicked over enough rocks to have alerted Dotcom to their interest in him, and perhaps ‘The Mega Song’ was a last-gasp attempt at presenting his case in the court of public opinion. After all, what better way of showing that, while he was a hacker and a multi-millionaire and a rampant egotist with a talent for self-promotion, he was also providing a service that the artists themselves (whose work he was about to be arrested for pirating) dug. Or maybe it was all of that and none of it — and after years of flying under the radar, he just couldn’t resist another spin in the limelight.
The first time I heard about Kim Dotcom he hadn’t turned his name into a brand and his interactions with the FBI were rather different. The Kim Schmitz I spoke to at the end of 2001 was a computer hacker turned flamboyant businessman, busy freestyling his way towards a response to the September 11 terror attacks. And he was keen to boast of how he was, in effect, an FBI informant.
At that time he went by the nickname Kimble, which had been the ‘handle’ he’d used during website defacements and other hack attacks he’d carried out as a younger man. He’d followed what was already a fairly well-worn, poacher-to-gamekeeper path, parlaying a claimed expertise at systems penetration into a career in computer network security. He’d run a company called DataProtect, though by 2001 he’d sold it and it had gone out of business. Schmitz had turned his attentions to other endeavours, such as a venture capital concern, Kimvestor, and Megacar, a company that was trying to sell Mercedes vehicles kitted out with broadband internet connections.
When the planes hit the twin towers, and two of his friends who worked for the accountancy giant Price Waterhouse were killed, Schmitz turned to his connections in the hacker underground, and tried to do what he considered his duty. He founded a group he called YIHAT — a play on the word “jihad”, but an acronym that stood for Young Intelligent Hackers Against Terrorism. Their plan? Hack into banks used by the 9/11 plotters, follow the money, and turn over any evidence they uncovered to the FBI. It was controversial, but controversy seemed as necessary to Kimble as oxygen is for the rest of us.
“I have a lot of enemies,” he told me, “because one day I decided to use my hacking knowledge and commercialise it. I started a data security business, and the German hacker community did not really like that, because what actually happened is that I used the exploits of the hacker scene to secure companies and computer networks. And what also happened is, once or twice, if you actually work for those companies, you have to trace or chase hackers cracking those companies.”
The then-27-year-old wasn’t shy about any of it. He had a website —kimble.org — that featured a quite ridiculous image gallery. Here’s Kimble on a yacht with scantily clad babes. Here’s Kimble with some ridiculously oversized guns on a shooting range. Here’s Kimble stepping off his private jet, dressed in black, grinning. There was even an animated cartoon series, featuring a Kimble caricature going round the world as a kind of cyber Bond, getting into scrapes, flirting with disaster, but always riding off, clever and victorious, into the sunset.
Going after terrorists, hacking for the Feds… it was very worthy, but it didn’t add up. Not only did the cartoon Kimble seem like a fiction (rumours abounded, no doubt spread by those disgruntled former hacker contemporaries, that the jets and the boats and the guns in the photos were, just like the women, hired), the Kim Schmitz who spoke of tracking terrorist money trails and passing intel over to the FBI was a character, too — just from a very different movie.
“If you look at my website, you’ll see I live a very crazy and documented lifestyle,” he said. “And people say I’m doing this to get PR and media attention, but that’s not the case. There’s a lot of jealousy involved as well.”
Already, barely a month after the attacks, he’d taken YIHAT underground. The big plans — to launch online training to give novice hackers some tutorials to help turn them into YIHAT operatives ready to join a core team Kimble reckoned to number around 40 people — was binned. The group’s website, kill.org, had already been forced offline by high traffic and some pretty amateurish defacement attacks from other hackers, which Kimble said had caused problems with his web-hosting service, but admitted had also been embarrassing. There were reasoned explanations for each move, but they all added up to the same thing.
“Our decision to go underground makes it clear that we don’t want to be that public anymore,” he said. “I also want to work against the claim that this is all one big PR gaggle. We will work on [our] missions, and we will deliver informations wherever we can find them to the authorities, to make sure we try to do something that leads to arrests or to the freezing of terrorist money. We want to send a signal that we will not accept terrorists to kill innocent people and terrorists to infiltrate our free society.”
The idea of collaborating with the Feds was strange to Kimble even then. It wasn’t as if he’d been acting as an official informant — the FBI had invited the public to submit information via their website, and the data YIHAT found were just funnelled in there along with everyone else’s stuff. It made you wonder what difference it was all going to make: the Bureau reckoned it had received over 134,000 leads from the public within six weeks of the attacks. They had never heard of Schmitz, or YIHAT, when I contacted them on October 23, 2001, but said they were “looking at every viable tip” and would like to “encourage anyone who has information that can assist with the investigation [into the 9/11 attacks] to send those tips to the internet tipline or to the toll-free hotline”. YIHAT were only doing what the FBI had asked, but you could imagine why they wouldn’t be keen to validate Kimble’s group by dint of such tenuous association.
“For them it’s illegal, I think,” Schmitz admitted. “They probably don’t like what we are doing. But I have no response from them, so I don’t know. In the US, for example, hackers are equal to terrorists for them. I can understand why they don’t respond to anything. We would give out a press release saying we were in contact with them, and they would legitimise us, and this is not what they want at all. But I know one thing for sure: if you deliver a hard fact — if you deliver something that could lead to the arrest of a potential terrorist — this information will be used, wherever it comes from. And we are confident we can support the authorities with such information. We would love to work with them openly, and that’s why, in one of my letters to the government, I offered that we are searching for a government that is allowing us to legalise our activities and protect what our teams are doing.”
Reading these words again, 11 years on, it’s striking how Kimble prefigured a number of themes that were peripheral back then, but are increasingly mainstream today. As society has become more network-dependent, hackers have become more numerous, and the ‘white-hat’ route — penetration testing, security research, finding vulnerabilities then telling the vendor so it can be patched — has become a viable career path for talented computer system crackers. But the growth of that community has been paralleled by the increase both in numeric strength and socio-political impact of their ‘black-hat’ contemporaries.
It is one of the many delicately calibrated ironies of the Kim Dotcom story that hackers claiming the mantle of Anonymous should be among those who leapt to his online defence this year, defacing entertainment industry and law-enforcement agency websites to protest the Megaupload arrests — despite Schmitz’s confessed status as a former white-hat who had played a part in the arrests of hackers. It could well be that the determination with which the FBI pursued Kim Dotcom may be connected to their antipathy towards the hacker community, who have long used Megaupload and similar online file-sharing/dropbox/e-locker sites to distribute the massive files of data acquired during attacks on businesses and agencies targeted for political reasons. He is as unlikely a hacker poster-child as he is an FBI informant, but he’s always identified himself more closely with the outlaws than the lawmen.
For Kimble, self-imposed exile from America was the result of his pre-millionaire hacking spree — and it’s there, in the murky depths of the back-story, that the myth and the reality first become indistinguishable.
One of the hacks Schmitz bragged about was skimming fractions of a penny from every Citibank account and depositing the proceeds — some $20m — with Greenpeace. But the eco-campaigners denied ever receiving the cash, pointing out that that kind of sum would have been half of their annual budget, so they might have been expected to notice had it appeared unexpectedly. The fact that the same scam was used in the Robert Redford film Sneakers makes it perhaps the perfect story for a hacker to lay claim to — so iconic it inspired a movie! Yet, 11 years on, the websites that most thoroughly exposed the truth are no longer online; neither are Kimble’s original claims. Even in this epoch of information saturation, myth proves more pervasive than reality.
Schmitz had also controversially said he was behind the penetration of several US government networks. German hacking collective the Chaos Computer Club were among those to rubbish his claims; some members even suggested that Schmitz had received a suspended sentence in the 1990s on phonecard fraud charges rather than serve jail time because he had supplied information to German authorities on the real perpetrators of hacks that had actually taken place. But whatever his skills at systems infiltration, Kimble was certainly adept at spinning the raw threads of disinformation into the gaudy cloth of controversy — and he was aggressively keen to wear these new garments as he stepped onto the world stage.
YIHAT fizzled, and Schmitz’s brand of cyber warfare subsequently turned to cyber crime — or just plain old-fashioned fraud. Remember Kimvestor, his VC firm? It appeared early in 2001, as if out of nowhere — Kimble again as caped-crusader figure — to rescue the Dutch ecommerce site Letsbuyit.com with a promised $40m cash injection. But the white knight turned out to have darker motives.
Early in 2002, Kimble removed all the James Bond-style photos from his website and replaced them with a countdown clock and a tombstone, apparently predicting his death on Monday January 21, his 28th birthday. The publicity-seeking story-spinner appeared to be following in GG Allin’s footsteps, preparing to commit suicide in front of his ‘fans’. Instead, the “crossing to a new world” he spoke of turned out to be a rather more corporeal one. He had fled Germany for Thailand, presumably aware that his Letsbuyit chickens were about to come home to roost. The British-based tech website The Register, which was among the very few outlets to reliably and critically keep tabs on the big German and his activities, reported the news with the subhead “Auf Wiedersehen Prat”.
Schmitz was arrested in Bangkok on the 18th, and quickly deported to Germany. He amended his website to include an email address for people to contact him while in prison, and claimed to have changed his name to King Kimble The First — Ruler Of The Kimpire.
By the end of May, ‘King’ Kimble had pulled off another escape act. He pleaded guilty to insider trading charges — he had bought Letsbuyit shares, announced the huge investment which he had no funds to make happen, and sold the shares days later after the price had risen following reports of the takeover that would never take place. There was the small matter of a 100,000 euro fine, but the sentence was again suspended: the grand tour was back on.
One of Kimble’s biggest assets is his nationality. Compared to the number of people who don’t have English as an official language in their country but who can nevertheless speak and read it, non-native German readers are pretty rare. Kimble’s reputation in Germany had taken a battering, but that still left vast swathes of the nations of the world where anyone investigating his claims would come up against a language barrier. And how many people, when confronted with a story they want to believe, will go so far as getting a translation commissioned if they want to check it out?
So while it took him a year, by 2003, the convicted fraudster was set up in Hong Kong, where his latest wheeze was Trendax — purportedly a computer algorithm that used Artificial Intelligence to help make millions on the stock market for its clients, and many millions more for anyone who wished to invest in it. The company’s website, which has survived online thanks to the pride of its designers, is a masterpiece of techno-gobbledegook and pretty graphics. Anyone who watches Hustle will recognise the combination of front-end flash and lure-the-gullible copywriting. While Schmitz doubtless didn’t intend it, through Trendax he added another colourful archetype to his wardrobe of costumed villains: the 21st century snake-oil salesman. Whatever else it may or may not have been, Trendax was certainly more glam than phone fraud and insider trading.
Hong Kong became a happy hunting ground. According to a piece by Ian Wishart published by the New Zealand magazine Investigate in April 2010, Kimble claimed to be living in a hotel penthouse in the city-island, but the address on his company letterheads, on the domain registries that dealt with his websites, and even the fax number he listed on official communications, all belonged to Regus, a company that rents office and conference facilities by the hour. In the same article, Wishart revealed that Kimble was going by a plethora of different identities, including the apparent Finnish national Kim Tim Jim Vestor, who claimed to have no connection to the coincidentally-named Kimvestor, or to Megaupload, which Schmitz appears to have founded in the mid-2000s but seems to have been keen to dissociate himself from… until his appearance in ‘The Mega Song’.
The pattern was established, so what happened last year was only surprising because it hadn’t taken place earlier. Presumably aware that the net was closing on him, Kimble dropped the subterfuge and went with what he knew best: the big, brash publicity stunt. ‘The Mega Song’ worked, largely because of the inept reporting that helped take the insipid piece of promotional flam global, and by predictable responses from the record industry which played right into Schmitz’s hands.
The video was widely reported to be an actual song, in which the bevy of stars appeared as guests. The takedown notice served on YouTube for hosting it was the icing on the cake for Megaupload: it allowed them to turn what was a rather dull piece of corporate promo into a cause célèbre.
The artist contributions are not ‘guest appearances’ in the conventional sense (with the exception of that by Macy Gray, who does seem to be singing). Clearly, each celebrity was recording what they believed to be a ‘drop’, of a kind routinely given to websites, TV and radio shows: the celeb pledges their love and respect for the media outlet into the appropriate recording device, the radio station/TV show/website airs it as an interstitial which gives publicity to the artist and presumably helps convince the outlet’s users they’re ‘in’ with the big stars. So when lawyers acting for Will.i.am apparently challenged the legality of their client’s appearance — presumably reasoning that as he is signed to Interscope as a recording artist he cannot legally appear as a guest on another company’s product without appropriate signed paperwork to permit it — the trap was sprung.
Somehow, a copy of Will.i.am’s contract with Megaupload found its way online. The contract will be instantly recognisable to anyone who’s come across the standard ‘media release’ forms TV stations routinely require on-screen ‘talent’ to sign. For all these documents’ ubiquity, they are reprehensible in their contents: the signee gives up all rights in their contribution, forever, assigning them to the contract’s issuer, and allowing the issuer to do with the contribution whatever they feel like — including edit it in any way, and change the context in which it is to be presented from that in which it was given. It makes the standard record company ‘deal with the devil’ contract many fans seem to believe exists look like something from Enid Blyton: but again, in our brave new world of routine indemnities and onerous ‘click here to agree’ end-user license agreements, most of us wouldn’t recognise the dangers until it was too late. It was another example of Kimble at his cunning, zeitgeist-surfing best — using the tools of today to his advantage, hiding his mischievous intent in plain sight.
It is not clear whether Will.i.am had his lawyer read this document before he signed it, but, as of this writing, the authenticity of his signature on it has not been questioned. Kimble had stitched them up like a kipper — every one of those artists, if they signed these releases, had given him and his company every legal right necessary to use their endorsements to promote his company. The document even gave him the right to rearrange the words they’d spoken if he’d wanted to, so the results could have been even more embarrassing. As it is, he had not only succeeded in getting a plethora of big-name stars to sing the praises of his site, even as the record industry continued to decry services like Megaupload as permitting piracy on an industrial scale, he’d used the takedown order and the threats of legal action to make sure the world knew about it. It was a consummate work of 21st century mythmaking, and it may be his last.
Back in 2001 he’d been sanguine about his prospects. “What I’m doing here is very risky,” he said then of YIHAT. Perhaps he was accidentally talking more broadly. “I’m not only risking my freedom, but also my life. When I began I was very realistic and I knew about those risks. I started YIHAT because at a certain level I could say I’ve reached my goals. I’ve had a happy life so far and I’ve made all these things I’ve dreamed of. I have no fears, and I believe very much in destiny. I have had everything that I really dreamed of, and I’m now 27 years old and I can say already that…? Fuck! I mean, I don’t have anything to lose.”
Whether or not this turns out to be the last significant act in the comedy-drama Kim Dotcom has spent a lifetime writing, or whether this slippery eel of the networked age will once again manage to wriggle free of his adversaries, remains unclear. But if it is to be the end, it is a fitting one: another example of Kim Schmitz, the fictional character, selling the world another fabulous, grand, larger-than-life story. But it’s a story that only works because the audience is so ready to be told it. We might think Kim Dotcom a hero, a villain, a Robin Hood or a monster — but whatever he is exists because we wanted to believe in it.