The Fast, Fabulous, Allegedly Fraudulent Life of Megaupload’s Kim Dotcom

Image: Photo illustration by Aurich Lawson (After Pen & Pixel)

Since the shutdown of Megaupload, stories have erupted about the life and exploits of the company’s founder, a self-styled “Dr. Evil” of file sharing. Kim Dotcom’s opulent digs, high-end cars, fondness for models and other Bond-villain-esque behaviors have been splashed across websites and have confused evening newscasts for the last week.

The man once known as Kim Schmitz (and as Kimble, and as Kim Tim Jim Vestor, and finally as Kim Dotcom), now awaiting extradition from New Zealand to face charges of conspiracy, money laundering and copyright crimes in the US, has enveloped his actual life in a cloud of hype and bluster that echo the worst of the dot-com bubble from which he took his new surname. In 2001, the Telegraph called Schmitz “a PR man’s nightmare and a journalist’s dream.”


Schmitz wrote recently that all that’s behind him a now; a family man, he’s even happy to meet the neighbors for coffee. But when New Zealand police arrived at his mansion outside Auckland last week with helicopters, they cut their way through various locks and then into the home’s safe room, where Dotcom was reportedly standing close to a sawed-off shotgun, and they took him into custody. The worldwide raids, in which hundreds of servers were also seized in the U.S. and in which 100 officers raided homes and offices in Hong Kong, have just added another layer to the legend Dotcom has been building since he was a teenager: god of hackers, Midas-touch Internet investor, Modern Warfare 3 multiplayer champion.

Dotcom has gone out of his way since the early 1990s to put himself at the center of media attention. He’s certainly got it now. But who, really, is this guy?

The rise of Kimble

Born in Kiel, Germany to a Finnish mother (the source of his dual citizenship), Schmitz has made a career out of being larger than life, which seems appropriate for a six foot, six inch man (give or take an inch—his height seems to change with every report) who can fill a room with his 300+ pound presence.

In the early 1990s, Schmitz used a little hacker cred and the growing paranoia over the powers of computer hackers and phreakers to launch a media-powered cybersecurity career. He got his first shot at media stardom in 1992, when he was interviewed by the German press and then featured in a December Forbes article on the “computer hacker crime wave.” Schmitz took advantage of the complete lack of technical credibility of reporters and the growing “hacker mystique” to create a sexier, more dangerous version of himself—if not James Bond, then Dr. No.

Giving his hacker handle “Kimble” (which he later claimed was taken from the name of the main character in the film The Fugitive), and claiming to be the leader of an international hacker group called Dope, Schmitz said he had hacked hundreds of US companies’ PBX systems and was selling the access codes at $200 a pop, bragging that “every PBX is an open door to me.” He also claimed to have developed an encrypted phone that could not be tapped, and to have sold a hundred of them.

In his 2001 interview with the Telegraph, he also claimed to have hacked Citibank and transferred $20 million to Greenpeace, a claim refuted by Greenpeace, which had a total operating budget of just twice that in the mid-1990s. (While Citi was hacked in 1996, it was by a group of Russian hackers—and they certainly didn’t donate the money to charity.) He also claimed to have hacked NASA and said that he had accessed Pentagon systems to read top-secret information on Saddam Hussein during the Gulf War.

There’s no record to substantiate most of this; perhaps some of it is true. What he did do was steal phone calling card codes and conduct a premium number fraud similar to the recent rash of Filipino phreaking frauds. He bought stolen phone card account information from American hackers. After setting up premium toll chat lines in Hong Kong and in the Caribbean, he used a “war dialer” program to call the lines using the stolen card numbers—ringing up €61,000 in ill-gained profits.

Schmitz was also playing pirate in other ways. Andreas Bogk, a member of the Chaos Computer Club, recently told the Wall Street Journal that Schmitz set up a computer system for the uploading and downloading of pirated PC software, charging people for access. (Schmitz exposed the scheme in an interview with a German television news program, and it was subsequently shut down by Deutsche Telekom.)

Schmitz’s efforts to branch into the “legit” world of security consulting with his security company Data Protect initially backfired by exposing his real identity—and by allowing it to be connected to his hacker credentials. In March of 1994, he was arrested by police for trafficking in stolen phone calling card numbers. He was held in custody for a month, then arrested again on additional hacking charges shortly afterward — and again released. In 1998, he was convicted of 11 counts of computer fraud, 10 counts of data espionage, and an assortment of other charges. He received a two-year suspended sentence—because, at just 20, he was declared “under age” at the time the crimes were committed.

But Schmitz used the notoriety to boost his security business. He soon landed a security contract for Data Protect with the airline Lufthansa by demonstrating an apparent security vulnerability—though according to claims by others in the German hacking community, his connection to the airline was thanks to collaboration with an insider there, and to the hacking skills of an accomplice.

The influx of cash began to fuel Schmitz’s fantasy fulfillment engine, funding his love of fast cars and outrageous antics. He promoted his new bad-boy rich hacker genius image through a bizarre Flash movie called Kimble, Special Agent, in which his cartoon alter-ego drives a “Megacar” and then a “Megaboat” before breaking into Bill Gates’ compound and riddling the wall behind Gates with a machine gun (spelling out “Linux” with bullet holes). The cartoon was the first public demonstration of Schmitz’s obsession with all things Mega.

Rags to riches

A year after the slap on the wrist, Schmitz shifted his focus from phone fraud to Internet start-ups. Almost from the beginning, he made an effort to portray himself as someone who was Germany’s answer to Silicon Valley — even if he was closer to than to Yahoo.

His first effort tied together two of the great loves of his life: the Internet and expensive cars. Schmitz and Data Protect led the development of a real Megacar, an Internet-connected luxury car system with its own Pentium III Windows NT on-board computer, router, multi-camera video conferencing system, and 17-inch display. To get the broadband bandwidth required, the car had 16 multiplexed GSM cellular connections.The sticker price started at $90,000.

Scenes from "Kimble Goes Monaco," Schmitz's self-financed documentary of a lavish trip to the Monaco Grand Prix.

While it went nowhere, the press it received helped raise the profile of Data Protect—and of Schmitz. Schmitz was also making other efforts to create his persona. In 1999, according to New Zealand’s Investigate magazine (PDF), he was spotted at the airport in Munich getting his picture taken inside parked airplanes, which he then used to suggest that he owned them.

In 2000, Schmitz sold an 80 percent stake in Data Protect to the German conglomerate TÜV Rheinland, which bought the company for its “in-depth network expertise.” Schmitz held the remaining stake through his new holding company, Kimvestor.

Flush with at least some cash, Schmitz was quick to burn some of it by waving his own particular brand of freak flag. He hired a German centerfold, a collection of other actors, a film crew, and fast car aficionados for a self-produced film called Kimble Goes Monaco — a road movie about a lavish trip to Monaco, including a cruise on a rented yacht. The movie was punctuated with Schmitz playing with expensive toys, and featured a bizarre Bill-Gates-is-spying-on-me subplot.

The image Schmitz was selling was embraced by the press, as a 2001 Guardian report on his “rags to riches” tale shows:

The 6’4″, 18-stone giant has since divided his time between growing Kimvestor – which he values at 200m euros – and spending his money on top models, fast cars and expensive boats. He now owns a Challenger jet, a helicopter, several sports cars and a yacht. Last May he spent $1m (£684,000) chartering a 240-foot luxury yacht for a week, mooring it in Monte Carlo harbour for the Monaco Formula One Grand Prix and throwing lavish parties for guests including Prince Ranier of Monaco.

A closer look

While Schmitz reveled in the attention, it wasn’t long before TÜV was wondering what, exactly, it had bought. First, there was, a failing Internet retail site. In January 2001, as the dot-com crash was starting to gain momentum, LetsBuyIt was close to bankruptcy. Schmitz bought 375,000 euros in the company’s shares — and then announced he was preparing to invest an additional 50 million Euros. “I’m completely convinced LetsBuyIt can reach profitability despite its current problems,” he told the Guardian.

The news hit the market, and the stock price of LetsBuyIt surged. Schmitz cashed out, making a profit of €1.5 million. Perhaps Schmitz was just ignorant of the legal ramifications of what he had done— insider trading wasn’t even a crime in Germany until 1995.

Regardless, he didn’t waste time rolling the money into building his persona — part of the profit was burned buying his Mercedes Brabus EV12 Megacar that April, in which he finished first in the 2001 Gumball 3000 road rally.

But as an investigation began into Schmitz’s shady investment strategy, another pet project was getting ready to crater. Schmitz had launched Monkey AG and Monkeybank, an e-payment company with venture capital from German private equity company BMP (which held a 35 percent stake). Monkey also shared the address, and most of the employees, of Data Protect—which was owned by TÜV.

By June of 2001, BMP and TÜV went into damage control mode, cutting Schmitz’s management involvement in Monkey and the rest of the companies. “Everything that has grown up around Mr. Schmitz is, to say the least, somewhat dubious,” TÜV spokesman Tobias Kerchoff told the German business site And there was plenty of reason for that dubiousness: somewhere in the confusion, Schmitz got €280,000 in the form of an unsecured loan to Kimvestor. He would later claim to have been “dazzled,” unaware that he would be unable to repay the loan.

In the meantime, Schmitz was busy trying to brush up on his hacker cred to improve his Dr. Evil image. In the wake of the September 11, attacks, he claimed to be launching a group called Young Intelligent Hackers Against Terrorism (YIHAT), and to have hacked Sudanese bank accounts belonging to Osama Bin Laden. (He also offered a $10 million reward for information leading to Osama’s capture on his now-defunct site.)

But the pressure was mounting. In September of 2001, he claimed his net worth was $100 million. By November, his companies were all circling the drain. The hacker community had turned on him—one hacker, with the moniker of Fluffy Bunny, had defaced his site and the site of YIHAT.

With insider trading charges pending over LetsBuyIt, Schmitz decided it was time to lay low (by his standards); “in fear for his life,” he fled to Thailand in January of 2002. On his website, he hinted at possible suicide, saying he would be crossing “to a new world,” Hale-Bopp cult style. But instead of offing himself, he declared that he wanted to be known as “King Kimble the First, Ruler of the Kimpire” — a label he would apply to his future projects. (It’s listed as his title on LinkedIn.)

As it turned out, Thailand wasn’t happy to see him. He was promptly arrested and fast-track deported to Germany to stand trial. However, the few nights in a Thai jail turned out to be the worst of it, as fears of prison in Germany were unfounded—he was sentenced to 20 months probation and slapped with a €100,000 fine. In 2003, he pleaded guilty to embezzlement charges over the Monkey “loan” and received another two years of probation.

After the law’s repeated lashes with a wet noodle, Schmitz left Germany and moved to Hong Kong to start the next level of Mega-insanity.

Mission Kimpossible

Once free of the innovation-squelching German laws of finance and regulation, Schmitz set up a network of interlinked companies. He registered Kimpire Limited in December 2002, soon after moving to Hong Kong. The holding company’s first offspring was Trendax, “the money making machine” — an allegedly artificial intelligence-driven hedge fund that mostly got attention for its Flash-heavy homepage. For a $50,000 investment, the fund offered the promise of untold riches — an annual return of at least 25 percent on investments—generated through “a complex combination of sophisticated technical analysis, real-time content analysis of news feeds, multi-dimensional statistical analysis and advanced proprietary mathematical techniques.”

Schmitz apparently invested $250,000 into the company — much of it spent on the site design. Trendax’s registered address is The Lee Gardens, a “heaven of luxury” in Hong Kong with high-end retail establishments like Louis Vuitton and Hermés. However, the address given within Lee Gardens — the 45th floor — is occupied by Regus, a “virtual office” company. And as New Zealand’s Investigate Magazine discovered, the fax line given for the company was a shared one.

Trendax was registered as a business in Hong Kong in February 2003, but never registered with the SEC or with Hong Kong’s Securities and Futures Commission. Despite Schmitz’s claims that the AI had managed to increase the value of the fund by 130 percent from 2000 (before the company had even hired programmers) to 2003 — during a period when the Dow Jones dropped 25 percent—the company never was allowed to accept investments and conduct trades, at least legally.

At about the same time he was trying to get investors to bite on Trendax, Schmitz was building a virtual business empire by recycling his old company names in Hong Kong. In February of 2003, according to Hong Kong government company registry data obtained by Ars—at the same time he registered Trendax— he set up the business entity Data Protect Limited, the company that would later become Megaupload. He also registered Kimvestor Limited and in March registered Monkey Limited. Kimvestor and Monkey shared the same virtual address with Trendax; Data Protect (and later Megaupload) had a post-office box as a point of contact.

Whatever money was actually being made at this point is unclear, but Schmitz continued to live in grand style — or at least keep up the appearance of it. He kept adding to his collection of exotic and high-end cars, and also ran into trouble across Europe for his involvement in illegal street racing. He returned to race in the Gumball 3000 in 2003, pumping up his “Dr. Evil” image by bragging about bribing Moroccan police to stop a competitor — and then bumping that car when he discovered it was ahead of him.

During all these exploits, Schmitz was using his Web presence to attempt to recruit volunteers to power his new Kimpire, offering promises of future wealth to those who made it to his “Hall of Fame,” begging on his site for translation services, Web referrals, and even free Web hosting:

Every Kimpire profit will be shared between everybody who made it to the Hall of Fame. If you make substantial contributions to the Kimpire, your name will appear in the Hall of Fame. Earn respect, friendship, wisdom and money with your support for the Kimpire. The Kimpire can make you rich and the other way around. The Kimpire will rule the world, so better be a part of it ;-)… If you know cool words that include “KIM”, send them. Some examples: Kimpire, Kimply the Best, Kimasutra, Kimmercial, Kimpany, Kimvestor, Kim Kong, Mission Kimpossible, Kimsalabim, etc. The best words will make it to the upcoming release of the Kimpire Lexicon.

A “Kimpire” might sound ridiculous, but it was about to become a reality — thanks to file hosting.

Mega Millions

All this was prelude to what would become Schmitz’s biggest actual moneymaking scheme—the file-sharing business. To get the project rolling, Schmitz decided it was time to make a full break from his highly dubious reputation. In 2005, the name of Data Protect was changed to Megaupload, and Schmitz registered yet another company—Vestor Limited—as its owner.

That wasn’t the only obscuring going on. About the same time, Schmitz officially changed his legal name to Kim Dotcom—and used his Finnish heritage to register a passport under the name “Kim Tim Jim Vestor” as well, using the address of a step-sibling in Turku, Finland. The Vestor persona was used in the creation of Vestor Limited. It wasn’t until 2007 that Kim Dotcom was revealed to be connected in any way to Megaupload, and his role as founder wasn’t revealed until 2011 by the company.

But as Megaupload’s profits mounted—both from legitimate use and from the alleged piracy of content ranging from music to porn—Dotcom’s 68 percent share of the business finally made him the sort of money he had always acted like he had.

The US government, in its indictment against the “Mega Conspiracy,” said that the company had pulled in US $175 million since its inception, most coming from users who paid for premium download accounts. The money was spent lavishly. By the time of the raid on Megaupload, Hong Kong police said that Schmitz had been renting an actual office in a luxury Hong Kong hotel suite that went for US$12,800 — per day.

Kim Schmitz poses beside a car in Hong Kong. Photo: Handout

Married with three children, Dotcom eventually decided to move to New Zealand to better enjoy his wealth and toys. He attempted to purchase a US$24 million mansion outside Auckland and smooth his path to residency through a NZ$10 million investment in government bonds, putting him into the “high investment” category for immigration. He donated heavily to the Christchurch earthquake relief fund and even paid for a half-million dollar fireworks display on New Year’s Eve 2011 in Auckland.

While waiting for the paperwork to clear, Dotcom arranged a lease of the desired Coatsville mansion from a company set up by the mansion’s previous owner, the founder of the “Christmas hamper” layaway business Chrisco.

In the meantime, he erected a sign at the gate to the mansion’s property declaring it to be “Dotcom Mansion,” and started strewing the property with his toys — including cars with the now-infamous collection of vanity plates.

Kim Dotcom's Rolls, minus its vanity tag.

Kim Dotcom’s Rolls, minus its vanity tag. Photo: Handout

But the warmth of his welcome waned quickly once government ministers started to dig into his past. As Megaupload was fueling the entertainment industry’s push for SOPA and PIPA in the US, Dotcom was told he couldn’t actually buy the mansion he had leased because of his prior convictions in Germany and his deportation from Thailand. Dotcom called the decision by New Zealand finance minister Simon Power and land information minister Maurice Williams “small-minded and unreasonable,” considering that he had already been approved for residency.

Neighbors too were wary. The New Zealand Herald obtained an e-mail sent from Dotcom to his new neighbors in which he tries to reassure them about his past through humor. “First of all let me assure you that having a criminal Neighbor like me comes with benefits,” he writes. “Our newly opened local money laundering facility can help you with your tax fraud optimization. Our network of international insiders can provide you with valuable stock tips.”

But, Dotcom goes on to say, he is now a changed man. “In all seriousness: my wife, two kids and myself love New Zealand and ‘We come in peace.’ 15 years ago I was a hacker and 10 years ago I was convicted for insider trading. Hardly the kind of crimes you need to start a witch hunt for. Since then I have been a good boy, my criminal records have been cleared, and I created a successful Internet company that employs 100+ people. All the media has to report are old news. Why? Because I have chosen to avoid the media. Just look what the media did to this Neighborhood. Scary.”

The local change of mood apparently caused Dotcom’s wife Mona to return to Hong Kong to deliver another child—a move that probably turned out to be for the best, given the New Zealand police helicopters that were about to descend on the mansion.

Dotcom now awaits an extradition hearing in a New Zealand jail after being denied bail during an initial hearing. He strongly denies all allegations against him.