September 26, 2006 12:01 PM PDT

Out of the shadows, a pretexter's tale

Tabloids, law firms and corporations during the 1990s used James Rapp as a sort of information power drill.

Rapp, a self-described data broker, bored deep into people's private lives largely by duping employees at banks, hospitals and phone companies into giving him information, a practice known as "pretexting." Before the federal government forced him to shut down his business in 2000, Rapp spared no one--detectives from the Los Angeles Police Department, Monica Lewinsky, some of the slain victims of the Columbine High School massacre: Rapp snagged information on them all.

"You give me any address, and I could get you every phone number going into that address," said Rapp, who once owned a data-brokerage firm called Dirty Deeds Done Dirt Cheap. "Didn't matter if it was an unlisted number, cell phone, anything...people don't realize how simple it is."

Such a realization is not lost on those targeted by Hewlett-Packard as part of the company's efforts to uncover media leaks. HP, one of Silicon Valley's bellwether companies, has admitted to hiring private investigators who used false pretenses, or pretexting, to obtain phone records of board directors, two employees, nine journalists (including three from CNET News.com) and an undetermined number of others.

Besides attracting national media attention, the HP case has cast light on the shadowy ranks of data brokers who employ pretexting tactics to obtain and sell information. A pretexter is typically someone who misleads employees of a business or organization, such as a bank or hospital, into believing they are a certain individual to trick them into divulging private data. Techies call this kind of deceit "social engineering." The practice is popular, easy to perform and highly profitable, Rapp said. Trafficking in this kind of information generated $1 million a year for his company during the mid-1990s.

"Anyone can impersonate anyone else if they sincerely make an effort," Rapp told the U.S. House of Representatives Oversight and Investigations subcommittee during a hearing on pretexting in June. "The person or customer service representative on the other end of the line truly wants to help, so I use that to my advantage and convince them that they need to give me certain specific data."

The committee will hear new testimony on pretexting this Thursday, when HP executives and the investigators the company hired to do the snooping are expected to appear.

Pretexting methods
Rapp's history in pretexting offers insight into the methods now popular with hundreds of data brokers around the country. And while Rapp, who declines to say what he's done for a living since leaving data brokering, is not believed to have had anything directly to do with the HP spying, he is closely linked to some of those involved.

Rapp, 47, was once a close business associate of Joe DePante, one of the private investigators reportedly subcontracted by HP's investigators. Sources have also said that the California attorney general's office is trying to learn whether Rapp's nephew, Brian Wagoner of Omaha, played a role in providing phone records as part of the HP investigation.

Neither Wagoner nor DePante could be reached for comment.

Rapp learned his former trade while in prison in Colorado for auto theft. It was there that the then-18-year-old Rapp learned he had a knack for conning customer service people into giving him information, he said. Other inmates would ask him to locate ex-girlfriends or wives who had split while their men were locked up. Working from the prison pay phone, Rapp would call a phone company's 800-number and start lying.

special coverage
HP's boardroom drama
Catch up on the complete coverage, including the latest news on HP's controversial effort to root out media leaks.

If he needed to find a woman's new address, he would get on the phone with a phone company employee and cite the woman's former address to gain credibility and create confusion.

"The person on the other end of the line would feel either sympathy or pressure," Rapp said in his testimony. "Whatever it took for them to release to me the information that I needed."

The halcyon years for pretexting came in the mid-1990s, according to Rapp. That was when the tabloid press, hungry for dirt on central figures in high-profile crimes or scandals, practically threw money at him. At the same time, Rapp's services were in big demand by companies eager to gain intelligence on competitors. To train employees and to possibly turn his methods into a trade, Rapp wrote a pretext manual.

See more CNET content tagged:
pretexting, HP, bank

3 comments

Join the conversation!
Add your comment
Keyworth Spying: Sweet Irony
It is ironic that George Keyworth was a victim of the very policies that his "neutral" think tank The Progress & Freedom Foundation (www.pff.org) advocates. PFF never met a government regulation it liked, and would surely not support more "burdensome" government regulation against pretexting. Indeed, it advocates for even more personal information consolidation by corporations who collect, consolidate, and datamine and then sell off YOUR personal info to the highest bidder. Read some of their studies in the Areas of Study Section. Yeah, they are really unbiased. PFF a think tank, that it rich. It is nothing more than a right-wing lobbyist group.
Posted by CancerMan2 (74 comments )
Reply Link Flag
Pretexting?
Ask "Susan Thunder" about "social engineering."
Posted by blw1540 (1 comment )
Reply Link Flag
Rapp aided destruction of suspect computer
According to today's WSJ, Rapp tipped off his nephew , a pretexter in the HP case. The nephew says he has destroyed the computer used.
Posted by J.G. (837 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.