Interview with the keystroke caperist

Bugged bosses' PC to 'expose improper practices'

  • alert
  • submit to reddit

Security for virtualized datacentres

A former claims adjuster for a US insurance company is the first to be charged under federal wiretap law for the covert use of a hardware keystroke logger, after he was caught using the device while secretly helping consumer attorneys gather information to use against his own company.

Larry Ropp, 46, was indicted Tuesday by a federal grand jury in Los Angeles on a single count of endeavouring to intercept electronic communications. Ropp is accused of installing a "KEYKatcher" keystroke logger on the PC of a secretary to a vice president at the Bristol West Insurance Group where he worked. The KEYKatcher attaches inline with a keyboard connector, and stores every keystroke in an internal memory for later retrieval.

In an interview with SecurityFocus, Ropp admitted to using the device, which he says he ordered off the Internet. But he defended his office skullduggery as a necessary evil to expose improper anti-consumer practices at the company. "The FBI themselves use key loggers quite a bit," he said. "Here, I'm a whistleblower, and I'm getting the shaft."

Ropp was working at Bristol West's Anaheim, California office last year when a state appeals court ruled that the company had been illegally cancelling the policies of customers who were a single day late with their payments. Under California law, an insurance company must give 10 days notice before cancelling a delinquent customer's automobile liability policy. Bristol West had been circumventing that requirement by issuing "cancellation notices" with every bill, before payment was due, so that by the due date the 10 days had already passed.

"If it was due Tuesday, and you had an accident on Wednesday, you didn't have any insurance," says Ropp. "It was out-and-out a wrongful, illegal denial."

A California appellate court ruled against Bristol West in January, in a lawsuit filed by a customer, Curtis Mackey, who'd been involved in an auto accident two weeks after missing a payment, and was consequently denied a claim. Without admitting wrongdoing, the company subsequently agreed to pay six million dollars to settle a separate class action lawsuit filed on behalf of customers whose policy was cancelled without proper notice.

Office Intrigue

As he tells it, the affair left Ropp with a bad taste in his mouth, and ultimately turned him against his employer. "I just felt there were a lot of people getting screwed," he says. By his account, which meshes with an affidavit filed by an FBI agent in his case, Ropp began secretly copying internal company documents about the cancelled policies, then passing them on to two lawyers representing plaintiffs in the lawsuit.

Then, late last year, Ropp, the attorneys, another Bristol employee and a private investigator all met with investigators with California's Department of Insurance, which is charged with enforcing insurance laws in the state. There, Ropp offered what the FBI describes as "information concerning Bristol's handling of certain claims".

What happened next depends on who you ask. Ropp says the Department was interested, and wanted Ropp get more documentation. "They told us to gather all the information we can," he recalls. The Department remembers it differently. "It's a very strange situation," says spokesperson Carrie Beckstein. The meeting took place at Ropp's request, Beckstein said, and the investigators were not persuaded to probe Bristol's practices. "The only information that we wanted was, what, exactly [Ropp] was up to... We have not requested his services. We did not ask him to go out and elicit information."

Regardless, Ropp says he set his sights on a company database of every customer who might qualify as a member of the class in the lawsuit. "What I was trying to do is get the current list of those claims, and what they did or didn't do with them, and I wanted to get that for the Department of Insurance," says Ropp.

That's where the FBI and federal prosecutors say Ropp crossed the line. The database was password protected, and Ropp decided to crack the system. After some Googling, he settled on the KEYKatcher as the best tool for the job. "Basically all it does its capture every stroke that you type into the computer, like passwords and stuff." He ordered it online, and secretly installed it on the secretary's machine.

The plan began to unravel on 3 September, when the company fired Ropp for, as the FBI puts it, "not adhering to its time-keeping policies." (Ropp says he failed to report the time he spent in the office secretly gathering documents). Suddenly barred from the building, Ropp phoned former co-worker Karen Kaiser the next day, and asked her to discreetly retrieve the KEYKatcher from the bugged computer - he suggested she pretend to tie her shoe next to the secretary's desk, then unplug the keyboard cable from the PC and remove the device. Instead, Kaiser snitched on Ropp, and the company brought in forensic investigators who recovered the device and found files of intercepted keystrokes on Ropp's old office computer, demonstrating that he'd already harvested the KEYKatcher at least once.

"If I had never called, they would have never known," he says.

The company called in the FBI, and Ropp quickly admitted the caper. But he told agents that he'd been working for the Department of Insurance. The Department distanced itself from Ropp's adventuring, assuring the FBI that it "had never directed Ropp to collect any evidence that he would not be able to obtain in the normal course of business," according to the affidavit. For his part, Ropp admits the Department never told him to crack passwords or tap keystrokes, but he claims he was under the impression that he had their blessing to investigate his employer. Today, he says he feels burned. "All of a sudden when everything blew up, I'm out there hanging by myself," he says.

The US Attorney's office in Los Angeles says Ropp is the first defendant in the U.S. to be charged for illegally using a hardware keystroke logger. The indictment charges a violation of the federal wiretap statute, which criminalizes the covert interception of electronic communication - in this case several e-mail messages that had been typed in by the tapped secretary, and were therefore stored in the device.

Citing the ongoing nature of the case, Craig Eisenacher, spokesman for Bristol West, declined to comment on Ropp's indictment, or on Ropp's claim that he was working to expose company wrongdoing. Ropp is free on a $15,000 signature bond, and is scheduled to be arraigned on 5 April.

Copyright © 2004, 0

Related story

Disgruntled ex-employee arrested for keystroke caper

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story


Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.