September 26, 2006 12:01 PM PDT
Out of the shadows, a pretexter's tale
- Related Stories
HP chairman resigns, CEO confirms knowledge of probeSeptember 22, 2006
HP probe dug deep on CNET reporter, familySeptember 21, 2006
Bring back the HP Way, Mr. HurdSeptember 21, 2006
Rapp, a self-described data broker, bored deep into people's private lives largely by duping employees at banks, hospitals and phone companies into giving him information, a practice known as "pretexting." Before the federal government forced him to shut down his business in 2000, Rapp spared no one--detectives from the Los Angeles Police Department, Monica Lewinsky, some of the slain victims of the Columbine High School massacre: Rapp snagged information on them all.
"You give me any address, and I could get you every phone number going into that address," said Rapp, who once owned a data-brokerage firm called Dirty Deeds Done Dirt Cheap. "Didn't matter if it was an unlisted number, cell phone, anything...people don't realize how simple it is."
Such a realization is not lost on those targeted by Hewlett-Packard as part of the company's efforts to uncover media leaks. HP, one of Silicon Valley's bellwether companies, has admitted to hiring private investigators who used false pretenses, or pretexting, to obtain phone records of board directors, two employees, nine journalists (including three from CNET News.com) and an undetermined number of others.
Besides attracting national media attention, the HP case has cast light on the shadowy ranks of data brokers who employ pretexting tactics to obtain and sell information. A pretexter is typically someone who misleads employees of a business or organization, such as a bank or hospital, into believing they are a certain individual to trick them into divulging private data. Techies call this kind of deceit "social engineering." The practice is popular, easy to perform and highly profitable, Rapp said. Trafficking in this kind of information generated $1 million a year for his company during the mid-1990s.
"Anyone can impersonate anyone else if they sincerely make an effort," Rapp told the U.S. House of Representatives Oversight and Investigations subcommittee during a hearing on pretexting in June. "The person or customer service representative on the other end of the line truly wants to help, so I use that to my advantage and convince them that they need to give me certain specific data."
The committee will hear new testimony on pretexting this Thursday, when HP executives and the investigators the company hired to do the snooping are expected to appear.
Rapp's history in pretexting offers insight into the methods now popular with hundreds of data brokers around the country. And while Rapp, who declines to say what he's done for a living since leaving data brokering, is not believed to have had anything directly to do with the HP spying, he is closely linked to some of those involved.
Rapp, 47, was once a close business associate of Joe DePante, one of the private investigators reportedly subcontracted by HP's investigators. Sources have also said that the California attorney general's office is trying to learn whether Rapp's nephew, Brian Wagoner of Omaha, played a role in providing phone records as part of the HP investigation.
Neither Wagoner nor DePante could be reached for comment.
Rapp learned his former trade while in prison in Colorado for auto theft. It was there that the then-18-year-old Rapp learned he had a knack for conning customer service people into giving him information, he said. Other inmates would ask him to locate ex-girlfriends or wives who had split while their men were locked up. Working from the prison pay phone, Rapp would call a phone company's 800-number and start lying.
If he needed to find a woman's new address, he would get on the phone with a phone company employee and cite the woman's former address to gain credibility and create confusion.
"The person on the other end of the line would feel either sympathy or pressure," Rapp said in his testimony. "Whatever it took for them to release to me the information that I needed."
The halcyon years for pretexting came in the mid-1990s, according to Rapp. That was when the tabloid press, hungry for dirt on central figures in high-profile crimes or scandals, practically threw money at him. At the same time, Rapp's services were in big demand by companies eager to gain intelligence on competitors. To train employees and to possibly turn his methods into a trade, Rapp wrote a pretext manual.
3 commentsJoin the conversation! Add your comment