Famed hacker Barnaby Jack dies a week before hacking convention
Monday, 29 July 2013 00:00
REUTERS: Barnaby Jack, a celebrated computer hacker who forced bank ATMs to spit out cash and sparked safety improvements in medical devices, died in San Francisco, a week before he was due to make a high-profile presentation at a hacking conference.
The New Zealand-born Jack, 35, was found dead on Thursday evening by “a loved one” at an apartment in San Francisco’s Nob Hill neighborhood, according to a police spokesman. He would not say what caused Jack’s death but said police had ruled out foul play.
The San Francisco Medical Examiner’s Office said it was conducting an autopsy, although it could be a month before the cause of death is determined.
Jack was one of the world’s most prominent “white hat” hackers - those who use their technical skills to find security holes before criminals can exploit them.
His genius was finding bugs in the tiny computers embedded in equipment, such as medical devices and cash machines. He often received standing ovations at conferences for his creativity and showmanship while his research forced equipment makers to fix bugs in their software.
Jack had planned to demonstrate his techniques to hack into pacemakers and implanted defibrillators at the Black Hat hackers convention in Las Vegas next Thursday. He told Reuters last week that he could kill a man from 30 feet (9 meters) away by attacking an implanted heart device.
“He was passionate about finding security bugs before the bad guys,” said longtime security industry executive Stuart McClure, who gave Jack one of his first jobs and also had worked with him at Intel Corp’s McAfee, a computer security company.
“He was one of those people who was put on this earth to find vulnerabilities that can be exploited in a malicious way to hurt people,” McClure said. Jack became one of the world’s most famous hackers after a 2010 demonstration of “Jackpotting” - getting ATMs to spew out bills.
Two years ago, Jack turned his attention to medical devices, while working on a team at McAfee that engineered methods for attacking insulin pumps. Their research prompted medical device maker Medtronic Inc to revamp the way it designs its products. The U.S. government also noticed Jack’s work. “The work that Barnaby Jack and others have done to highlight some of these vulnerabilities has contributed importantly to progress in the field,” said William Maisel, deputy director for science at the Food and Drug Administration’s Center for Devices and Radiological Health.
Jack’s passion for hacking sometimes got him into trouble.
In 2010, he connected his laptop to a gold bullion dispensing machine at a casino in Abu Dhabi, according to fellow hacker Tiffany Strauchs Rad. She said Jack had permission from a hotel manager to hack the machine but security intervened.
It turned out the hotel did not actually own the gold machine and the American Embassy had to be called in to help resolve the misunderstanding, Rad said.
“He would hack everything he touched,” she said.
Jack’s most recent employer, the cybersecurity consulting firm IOActive Inc, said on its Twitter account: “Lost but never forgotten our beloved pirate, Barnaby Jack has passed.”
Jack, who was known as Barnes to his friends, had been scheduled to present his research on heart devices at Black Hat on August 1. Last week, Jack told Reuters he had devised a way to hack into a wireless communications system that linked implanted pacemakers and defibrillators with bedside monitors that gather information about their operations.
“I’m sure there could be lethal consequences,” Jack said in a phone interview.
He declined to name the manufacturer of the device but said he was working with that company to figure out how to prevent malicious attacks on heart patients.
Jack’s sudden death drew responses from the hacking community reminiscent of those that followed the suicide of hacker activist Aaron Swartz in January.
Dan Kaminsky, a well-known hacker, described the death as a tragedy. “Barnaby was one of the most creative, energetic, diverse researchers in our field,” he said.
“You’ll be missed, bro,” tweeted another well-known hacker Dino Dai Zovi.
Jack’s sister, Amberleigh Jack, who lives in New Zealand, told Reuters her brother was 35 years old. She declined to comment further, saying she needed time to grieve.
Some of his friends pitched in to help the family with expenses. They collected $4,345 from 37 people over 13 hours through a crowdfunding website: here
Black Hat said that it will not replace Jack’s session at the conference, saying the hour would be left vacant for conference attendees to commemorate his life and work.