Kim Dotcom, Pirate King

Is Megaupload's founder a criminal mastermind, or the world's most entertaining scapegoat? A file-sharing wizard's ridiculous rise and fall

After renting an $18 million estate in the emerald hills of Coatesville, New Zealand, Kim Dotcom e-mailed his neighbors. The mastermind of Megaupload, one of the world’s most popular file-sharing sites, introduced himself as a convicted computer hacker and insider trader and listed some of the perks of having a “criminal” down the block. “Our newly opened local money laundering facility can help you with your tax fraud optimization,” Dotcom wrote in the Apr. 21, 2010, e-mail. “Our network of international insiders can provide you with valuable stock tips.” Also, Dotcom wrote, his acquaintance with “far worse” crooks “can help you whenever you have to deal with a nasty Neighbor.” Then he added “in all seriousness” that he and his family loved New Zealand and had “come in peace.” He invited the neighbors to stop by for coffee, adding, “Don’t forget to bring the cocaine (joke).”

At around the same time, the U.S. Justice Dept., acting on a complaint by the Motion Picture Association of America, had begun an investigation of whether Megaupload had profited from the illegal distribution of copyrighted films, songs, and other digital material. U.S. authorities worked on the case for close to two years with counterparts in New Zealand, Australia, Germany, Hong Kong, Canada, Britain, the Netherlands, and the Philippines.

Four weeks ago, two helicopters landed on Dotcom’s vast lawn, near the garden labyrinth and giraffe sculptures. Local police scrambled out bearing Bushmaster M4 rifles, Glock pistols, sledgehammers, and saws. While three FBI agents advised from a nearby police station, the cops arrested Dotcom—aka Kim Schmitz, Kimble, and Kim Tim Jim Vestor—after breaking into a panic room where he’d sealed himself. They found him sitting cross-legged near a safe from which they confiscated a loaded pistol-grip shotgun. Police also seized three passports under different names, 25 credit cards, a bulletproof wristwatch, and an actual-size statue of the creature from the Predator movies. Tow trucks hauled away a pink 1959 Cadillac and other vehicles worth a combined $5 million. Some of the license plates read GUILTY, HACKER, MAFIA, and GOD. No cocaine was found.

Later that day, Dotcom stood in an Auckland courtroom, facing 20 or more years in prison on charges of copyright infringement, conspiracy, racketeering, and money laundering for running a business that allegedly grossed $175 million over seven years from stolen digital content. His New Zealand lawyer said he was innocent and that Megaupload was no different than YouTube. Dotcom, a pear-shaped man the size of a refrigerator, towered over a glass enclosure in a black zip-up vest, mugging for the gallery. He told the judge he didn’t mind people taking photos “because we’ve got nothing to hide.” Dotcom turned 38 in jail and awaits possible extradition to the U.S.


Until authorities shut it down in January, Megaupload was ranked among the 100 most popular websites in the world by Alexa Internet, a Web-traffic analysis service. Megaupload says it had 150 million registered users and averaged 50 million daily visitors. Dotcom and his lawyers describe the company as a cloud-storage site, or “cyberlocker,” used to store music, video, photo, and data files too big for e-mail. A bride in Chicago wanting to share a high-definition wedding video with a cousin in Bangkok could put it up on Megaupload, where the cousin could then download it for viewing. Or a São Paulo drummer could record a track and upload it for a bandmate in Montreal. Megaupload offered these services free of charge. For a fee, “premium” users could get faster, unlimited access. Premium customers could also earn cash and rewards tied to how much material they supplied and how often it was downloaded. In a 72-page indictment, the Justice Dept. said the bonuses encouraged the funneling of pirated content costing copyright holders more than $500 million.

Sites such as Megaupload are the bane of Hollywood and the music industry, which contend that infringement takes money out of their pockets, costs jobs, and reduces the incentive for artists to create. Cary Sherman, chairman and chief executive officer of the Recording Industry Association of America, says the Megaupload prosecution sends a “powerful message” to infringers: Steal and risk jail time.

Internet libertarians, already battling the RIAA and MPAA over copyright legislation in Washington, reacted with outrage. The hacking underground launched attacks on U.S. government websites. The online privacy group Pirate Parties International began recruiting Megaupload users for a possible class action against the FBI. Critics of the shutdown say it unfairly punishes people who made legitimate use of the site. Lawyer Michael Weinberg of the consumer advocacy group Public Knowledge says he uploaded a video of a congressional hearing to Megaupload, but when he tried downloading later, the site was gone along with his video. (According to Ira Rothken, Dotcom’s attorney in the U.S., Megaupload’s Web-hosting partners have agreed not to permanently delete files through February.)

The years-long tension between online freedom and the rights of intellectual property holders has pitted MP3-swapping geeks against the record industry, and Google (GOOG) against Rupert Murdoch. Megaupload, a company of just 30 employees, had less revenue in seven years, $175 million, than the animated film Rango grossed worldwide in 2011. “You really wouldn’t have any reason to hear of Megaupload,” says Kevin Suh, the MPAA’s chief of Internet content protection. “Many of my friends said they never heard of this site before. But this is at the tip of the piracy pyramid—one of, if not the largest, infringers in the world.”


Dotcom didn’t look like a criminal genius. With his ginger hair, chubby cheeks, and odd fashion sense—he often wore black suits and white-on-black wingtip shoes—he looked like he should be setting up a magic table. Rothken declined to make Dotcom available for an interview but calls his client “a really smart version of John Candy—an articulate, good-natured person.” Keiwan Mir Heidari, a friend of Dotcom who manages the bar at a Munich disco, says he often asked Dotcom about the legality of Megaupload. Mir Heidari recalls him saying, “There’s nothing illegal about what I do, not at all. Unfortunately it may not be legally sanctioned either, since it’s a gray zone. You know I’m not stupid, these things are all cleared with attorneys.”

Dotcom was born Kim Schmitz in 1974 and grew up in Kiel, a port city in northern Germany. In a 2001 interview with London’s Telegraph newspaper, he said he was the third of three children of a cruise ship captain and a cook. He said he had his first PC by the age of nine and later sold copies of computer games to friends. “I have a huge ego, I know that,” he told the Telegraph. “Do I worry about it? No, I think it’s cool. I have a lot of fun.”

Schmitz attended the Heinrich-Harms vocational school in Plön, Germany, for about two years, leaving without a high school diploma, says Gabriele Killig, a former principal of the school. “He was an intelligent student; he just didn’t apply that intelligence in the right places. He wasn’t very interested in companionship. Sure, he got along with other students because he was a jokester, but he didn’t really do anything for the community and rather incited mischief.” When he got caught, Killig says, “he was friendly and polite, and he could sell himself and talk himself out of trouble extremely well.”

When he was 18 he appeared as “Kimble”—a name he borrowed from the protagonist of the film The Fugitive—in a Forbes magazine article about hackers. Forbes said he led a global hacker group called Dope, had appeared in disguise on German television, and had hacked into hundreds of company phone systems, none of them named. Within a few years, Schmitz was claiming he’d hacked into computers at the Pentagon and Citibank (C). If he did, nobody owned up to catching him—or even noticing that anything was amiss. But German authorities did nab him profiting from a run-of-the-mill stolen-phone-card scam. In 1998 he was convicted of fraud and received a suspended two-year jail sentence. In interviews, he’s said that helped him land jobs as a computer security consultant, including with the German airline Lufthansa (LHA:GR). A Lufthansa spokesman said the company has no record of any business relationship with Schmitz.

It’s not clear how much money he was earning back then, as his companies—DataProtect and KimVestor—were privately held. Schmitz has claimed over the years that his business interests were worth as much as €200 million ($262.4 million in today’s exchange rates). In 2000 he sold an 80 percent stake in DataProtect’s consulting business to German engineering services provider TÜV Rheinland. The deal didn’t go well. Less than two years later, the consulting business filed for insolvency, touching off litigation between TÜV and Schmitz.

His legend spread as he began appearing as Kimble in online photos and videos years before many people had realized their viral potential. Shotguns, sports cars, private jets, and helicopters were frequent props—with little clarity as to whether Schmitz actually owned them—along with Gitta Saxx, a dark-haired Playboy centerfold. An online cartoon showed a gun-toting James Bond-like character driving a “megacar” and “megaboat” to Microsoft (MSFT) headquarters, where he confronts a petrified Bill Gates. Gates urinates in his pants while “Kimble Special Agent” blasts bullet holes in a wall, spelling “LINUX.” Then came a pair of videos of Schmitz and pals on a junket to Monaco involving a party on a yacht and an impromptu chat in a disco with Richard Branson. Speeding through the countryside in a black Mercedes, Schmitz sings along to the R&B hit Rescue Me and laughs in a high-pitched cackle.

Mir Heidari, who went on that Monaco trip, describes Schmitz as someone who loves to have fun with friends, saying he is “sometimes like a little boy who’s stuck in the body of an adult.” Comparing him to the late Steve Jobs, Mir Heidari says Schmitz “doesn’t really care about money” and “manages like few others to mesmerize others with his ideas.”

In 2001, the year he won the Gumball 3000 international road rally, Schmitz invested several hundred thousand dollars in LetsBuyIt.com, a struggling e-tail site. He declared publicly that he was ready to plow in more, the stock surged—and Schmitz sold his stake at a profit. In 2002 he was convicted of insider trading, receiving another suspended sentence.

Schmitz then went relatively dark. Sometime in the 2000s he legally changed his name to Kim Dotcom and shifted his operations to Hong Kong. Records there list him as a director of 10 companies, including Megaupload. A photo released recently by Hong Kong’s Customs and Excise Dept. shows Megaupload’s office there with a glass wall entrance emblazoned with big blue and black letters spelling “MEGA.”


Megaupload went live in 2005, according to court documents. The site was one of several file-sharing services started in the early 2000s, including Pirate Bay and TorrentSpy. Megaupload made a splash in September 2005 with the announcement of its “Uploader Rewards” program, offering money and cash prizes to people who uploaded content to the site. “This makes Megaupload the first and only site on the Internet paying you for hosting your files,” Megaupload said at the time. “You deliver popular content and successful files. We provide a power hosting and downloading service. Let’s team up!”

These premium users first had to pay Megaupload a subscription fee ranging from a few dollars a day to $260 for lifetime membership. To earn rewards, users had to put up files—and the material had to be popular enough to generate at least 50,000 downloads within three months. Megaupload initially offered cash bonuses of up to $5,000 for uploaders who generated the most downloads, later increasing it to $10,000. One uploader made $55,000, the indictment says.

People wishing to download material wouldn’t find it at the Megaupload site. It wasn’t that obvious. When a customer uploaded, say, the movie Taken, Megaupload assigned the file an Internet address. The company then encouraged the uploader to distribute that URL to friends and post it to third-party linking sites such as thepiratecity.org. If someone did a Google search for Taken, they’d find one of those third-party sites. There the user could access a Megaupload download page where the movie was ready. Downloaders could grab stuff for free but were encouraged to buy premium memberships for faster service. The U.S. government says the system was “expressly designed” to encourage copyright infringement.

From 2005 to 2012, according to the indictment, the company collected more than $150 million in paid subscriptions and more than $25 million from ads placed on the main Megaupload site and download pages. Dotcom himself made more than $42 million in 2010. His attorney, Rothken, says Megaupload’s true competitive advantage was making “a robust cloud-storage infrastructure available to the masses for free or low cost, which gave enormous productivity to consumers and small businesses.” Megaupload was “copyright agnostic,” he says, and “not in the position to be the arbiters of whether other people are using it for good or bad reasons.” In New Zealand court filings, Dotcom says Megaupload explicitly prohibited uploading of stolen content and provided a tool for copyright holders to remove such material. After movie and music companies complained, more than 15 million files were deleted—some taken down by copyright owners, some by Megaupload itself. The company discontinued the uploader rewards program last year.

In early 2010, the U.S. Justice Dept. created an intellectual property task force to ramp up enforcement. On June 24 of that year the government informed Megaupload that investigators armed with a search warrant had found 39 copies of allegedly purloined movies on servers the company leased in Virginia. Six days later, the feds shut down NinjaVideo.net—a linking site used by Megaupload—and eight other sites for allegedly distributing pirated movies and television shows. On July 8, Dotcom e-mailed two Megaupload associates about the government crackdown. “This is a serious threat to our business,” he wrote. “Please look into this and see how we can protect ourselfs [sic].”


The Dotcom mansion sprawls across a bluff in a semi-rural area north of Auckland. A stone wall runs along the perimeter of the property, and security cameras perched high on poles scan entrances. Those who approach the main gate are greeted by a guard clad in black who politely turns visitors away. All he will say of life inside is that “it’s still pretty normal.”

Dotcom wanted to buy the mansion outright, but nonresidents need government permission. To speed the process, he applied for a special visa for people making large investments in the country and bought $8 million in government bonds, according to court documents. “I might be one of the most flamboyant characters New Zealand has ever seen, but my intentions are good, and I would like to see New Zealand flourish,” he told the New Zealand Herald last June. He was denied permission to buy, partly because officials decided he didn’t meet the country’s “good character” test. Instead he rented the mansion and moved in with his pregnant wife and three children.

New Zealanders who’ve met Dotcom say he’s different from the character cavorting on YouTube. “He was a relatively shy sort of person,” says David Henderson, a real estate developer who lent Dotcom his apartment atop an Auckland hotel for a party to watch a holiday fireworks display last year. David Blackmore, another developer who shares Dotcom’s love of fast cars, says Dotcom invited him to lunch at the mansion and later lent him $1 million. “He said, ‘Do you want some money? I’ve got some,’ ” Blackmore recalls. He describes Dotcom as “very engaging and witty” and suggests his public image has been skewed by his looks. “He might be obese, but he’s certainly no fool.”

In December, Dotcom posted a YouTube video of the Mega Song, a catchy, four-minute paean to Megaupload performed by Sean “Diddy” Combs, Alicia Keys, Jamie Foxx, will.i.am, and Dotcom himself. “M-E-G-A, upload to me today, send me a file … Megaupload,” went the chorus. Universal Music Group (VIV:FP), which represents some of the participating artists, had the video taken down. Dotcom sued, claiming he had releases from the artists. The video reappeared. In an interview with website TorrentFreak, Dotcom said Universal was reacting to Megaupload’s plan to introduce MegaBox, a service that would let artists sell songs direct to consumers and keep 90 percent of earnings. (Universal did not respond to requests for comment.) At the time, the Stop Online Piracy Act was winding through Congress, and a worldwide backlash was gathering steam. Dotcom chimed in, telling TorrentFreak that the music and movie businesses “want to censor the Internet and bring innovation to a standstill by having their rip-off monopoly protected by Washington.” 

The legislation died on Capitol Hill the third week of January. It was early morning on Jan. 20 in New Zealand when more than 70 local officers raided 10 properties, arresting Dotcom and three other Megaupload employees (two of whom had appeared in the Monaco videos). Another suspect was arrested in the Netherlands; two others remain at large. Officials in Hong Kong froze accounts with around $40 million in assets. The next day, by coincidence, a federal court in Virginia sentenced a co-founder of NinjaVideo.net to 14 months in prison for conspiracy and criminal copyright infringement.

Does a similar fate await Dotcom? The answer probably lies in the Justice Dept.’s ability to prove that he and his co-defendants willfully sought to profit from pilfered digital goods. The indictment, which uses the phrase “Mega Conspiracy” 154 times, cites internal company e-mails that suggest Dotcom and his deputies knew they were doing something illegal. In a July 9, 2008, exchange between two employees, one joked: “We have a funny business … modern days [sic] pirates :).” The other replied: “We’re not pirates, we’re just providing shipping services to pirates :).”

Copyright laws are explicit about primary infringement: Knowingly copying and distributing protected property is illegal, says Christopher Sprigman, a law professor at the University of Virginia. The laws say nothing about “secondary infringement”: someone inducing another party to abuse a copyright. That issue has arisen in previous cases involving online copyright violations, notably MGM Studios Inc. v. Grokster Ltd., where the U.S. Supreme Court concluded the file-sharing site was liable for secondary infringement.

That was a civil case, though. Dotcom attorney Rothken and other experts have stressed that criminal copyright laws don’t recognize secondary infringement. “The core of all the government’s claims is based upon a concocted theory,” Rothken says. “Using helicopters and knocking down doors, this appears to be more politically driven than substantively driven.” In addition, the Megaupload defendants are likely to argue that they did what they could in their “agnostic” way to deter infringers. And no one doubts Dotcom can afford good attorneys.

Should he be extradited, a U.S. trial of Dotcom could take months, even years. But the arrests are already having an impact. Other file-sharing sites such as Uploadbox and FileSonic have shut down or altered the way they operate. Less clear is what that proves: Has the case discouraged infringement or innovation? Media companies have hardly led the charge to develop convenient ways for the tech-savvy masses to watch movies and listen to music whenever and wherever they want. Attorney Julie Samuels of the Electronic Frontier Foundation, a nonprofit that advocates for digital rights, says content producers want to “stem the growth of new business models instead of using their time and energy to compete. They’re working to harm innovation and consumers and artists who are trying to find new ways to connect with those fans.”

Dotcom is in a New Zealand prison awaiting a hearing scheduled for Feb. 22. He has been denied bail, partly because if he fled to Germany, he’d be safe from extradition to the U.S. His friend Mir Heidari says: “You could offload Kim naked in the Sahara desert, and a year later you’d hear that he’s taken the president suite on the top floor of a Dubai luxury hotel and is making deals. He’ll always get back up. He’s simply too clever.”

Dotcom, whose wife, Mona, is expecting twins in the spring, has gotten some sympathy in New Zealand. In a Jan. 29 editorial, the Herald questioned the aggressiveness of his arrest, saying he was “entitled to our protection against unreasonable harassment by foreign jurisdictions.” Meantime, a columnist has asked readers to suggest who should play Dotcom in the inevitable made-for-TV movie. Candidates mentioned include Jonah Hill and Jack Black.

With Bruce Einhorn and Karin Matussek

Gruley is a reporter-at-large for Bloomberg News in Chicago. Fickling is a reporter for Bloomberg News in Sydney. Rahn is a reporter for Bloomberg News in Frankfurt.