Interview with the keystroke caperist

Bugged bosses' PC to 'expose improper practices'

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

A former claims adjuster for a US insurance company is the first to be charged under federal wiretap law for the covert use of a hardware keystroke logger, after he was caught using the device while secretly helping consumer attorneys gather information to use against his own company.

Larry Ropp, 46, was indicted Tuesday by a federal grand jury in Los Angeles on a single count of endeavouring to intercept electronic communications. Ropp is accused of installing a "KEYKatcher" keystroke logger on the PC of a secretary to a vice president at the Bristol West Insurance Group where he worked. The KEYKatcher attaches inline with a keyboard connector, and stores every keystroke in an internal memory for later retrieval.

In an interview with SecurityFocus, Ropp admitted to using the device, which he says he ordered off the Internet. But he defended his office skullduggery as a necessary evil to expose improper anti-consumer practices at the company. "The FBI themselves use key loggers quite a bit," he said. "Here, I'm a whistleblower, and I'm getting the shaft."

Ropp was working at Bristol West's Anaheim, California office last year when a state appeals court ruled that the company had been illegally cancelling the policies of customers who were a single day late with their payments. Under California law, an insurance company must give 10 days notice before cancelling a delinquent customer's automobile liability policy. Bristol West had been circumventing that requirement by issuing "cancellation notices" with every bill, before payment was due, so that by the due date the 10 days had already passed.

"If it was due Tuesday, and you had an accident on Wednesday, you didn't have any insurance," says Ropp. "It was out-and-out a wrongful, illegal denial."

A California appellate court ruled against Bristol West in January, in a lawsuit filed by a customer, Curtis Mackey, who'd been involved in an auto accident two weeks after missing a payment, and was consequently denied a claim. Without admitting wrongdoing, the company subsequently agreed to pay six million dollars to settle a separate class action lawsuit filed on behalf of customers whose policy was cancelled without proper notice.

Office Intrigue

As he tells it, the affair left Ropp with a bad taste in his mouth, and ultimately turned him against his employer. "I just felt there were a lot of people getting screwed," he says. By his account, which meshes with an affidavit filed by an FBI agent in his case, Ropp began secretly copying internal company documents about the cancelled policies, then passing them on to two lawyers representing plaintiffs in the lawsuit.

Then, late last year, Ropp, the attorneys, another Bristol employee and a private investigator all met with investigators with California's Department of Insurance, which is charged with enforcing insurance laws in the state. There, Ropp offered what the FBI describes as "information concerning Bristol's handling of certain claims".

What happened next depends on who you ask. Ropp says the Department was interested, and wanted Ropp get more documentation. "They told us to gather all the information we can," he recalls. The Department remembers it differently. "It's a very strange situation," says spokesperson Carrie Beckstein. The meeting took place at Ropp's request, Beckstein said, and the investigators were not persuaded to probe Bristol's practices. "The only information that we wanted was, what, exactly [Ropp] was up to... We have not requested his services. We did not ask him to go out and elicit information."

Regardless, Ropp says he set his sights on a company database of every customer who might qualify as a member of the class in the lawsuit. "What I was trying to do is get the current list of those claims, and what they did or didn't do with them, and I wanted to get that for the Department of Insurance," says Ropp.

That's where the FBI and federal prosecutors say Ropp crossed the line. The database was password protected, and Ropp decided to crack the system. After some Googling, he settled on the KEYKatcher as the best tool for the job. "Basically all it does its capture every stroke that you type into the computer, like passwords and stuff." He ordered it online, and secretly installed it on the secretary's machine.

The plan began to unravel on 3 September, when the company fired Ropp for, as the FBI puts it, "not adhering to its time-keeping policies." (Ropp says he failed to report the time he spent in the office secretly gathering documents). Suddenly barred from the building, Ropp phoned former co-worker Karen Kaiser the next day, and asked her to discreetly retrieve the KEYKatcher from the bugged computer - he suggested she pretend to tie her shoe next to the secretary's desk, then unplug the keyboard cable from the PC and remove the device. Instead, Kaiser snitched on Ropp, and the company brought in forensic investigators who recovered the device and found files of intercepted keystrokes on Ropp's old office computer, demonstrating that he'd already harvested the KEYKatcher at least once.

"If I had never called, they would have never known," he says.

The company called in the FBI, and Ropp quickly admitted the caper. But he told agents that he'd been working for the Department of Insurance. The Department distanced itself from Ropp's adventuring, assuring the FBI that it "had never directed Ropp to collect any evidence that he would not be able to obtain in the normal course of business," according to the affidavit. For his part, Ropp admits the Department never told him to crack passwords or tap keystrokes, but he claims he was under the impression that he had their blessing to investigate his employer. Today, he says he feels burned. "All of a sudden when everything blew up, I'm out there hanging by myself," he says.

The US Attorney's office in Los Angeles says Ropp is the first defendant in the U.S. to be charged for illegally using a hardware keystroke logger. The indictment charges a violation of the federal wiretap statute, which criminalizes the covert interception of electronic communication - in this case several e-mail messages that had been typed in by the tapped secretary, and were therefore stored in the device.

Citing the ongoing nature of the case, Craig Eisenacher, spokesman for Bristol West, declined to comment on Ropp's indictment, or on Ropp's claim that he was working to expose company wrongdoing. Ropp is free on a $15,000 signature bond, and is scheduled to be arraigned on 5 April.

Copyright © 2004, 0

Related story

Disgruntled ex-employee arrested for keystroke caper

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.