Jack’s final hack
Celebrated ‘white hat’ used computer skills to force security improvements
Barnaby Jack, a celebrated computer hacker who forced bank ATMs to spit out cash and sparked safety improvements in medical devices, died in San Francisco last Thursday, a week before he was due to make a highprofile presentation at a hacking conference.
New Zealand-born Jack, 35, was found dead by ‘‘a loved one’’ at an apartment in San Francisco’s Nob Hill neighbourhood, according to a police spokesman. He would not say what caused Jack’s death but said police had ruled out foul play.
Jack was one of the world’s most prominent ‘‘white hat’’ hackers — those who use their technical skills to find security holes before criminals can exploit them.
His genius was finding bugs in the tiny computers embedded in equipment, such as medical devices and cash machines. He often received standing ovations at conferences for his creativity and showmanship while his research forced equipment makers to fix bugs in their software.
Jack had planned to demonstrate his techniques to hack into pacemakers and implanted defibrillators at the Black Hat hackers convention in Las Vegas tomorrow. He said last week that he could kill a man from 9m away by attacking an implanted heart device.
‘‘He was passionate about finding security bugs before the bad guys,’’ said long-time security industry executive Stuart McClure, who gave Jack one of his first jobs and also had worked with him at Intel’s McAfee, the computer security company.
‘‘He was one of those people who was put on this Earth to find vulnerabilities that can be exploited in a malicious way to hurt people,’’ McClure said.
Jack became one of the world’s most famous hackers after a 2010 demonstration of ‘‘Jackpotting’’ — getting ATMs to spew out bills.
A clip of his presentation has been viewed more than 2.6 million times on YouTube.
Two years ago, Jack turned his attention to medical devices, while working on a team at McAfee that engineered methods for attacking insulin pumps. Their research prompted medical device maker Medtronic Inc to revamp the way it designs its products.
The US government also noticed Jack’s work.
‘‘The work that Barnaby Jack and others have done to highlight some of these vulnerabilities has contributed importantly to progress in the field,’’ said William Maisel, deputy director for science at the Food and Drug Administration’s Center for Devices and Radiological Health.
Jack’s passion for hacking sometimes got him into trouble.
Last year, he connected his laptop to a gold bullion dispensing machine at a casino in Abu Dhabi, according to fellow hacker Tiffany Strauchs Rad. She said Jack had permission from a hotel manager to hack the machine but security intervened.
He became famous after a demonstration of ‘Jackpotting’ — getting ATMs to spew out bills
It turned out the hotel did not actually own the gold machine and the American embassy had to be called in to help resolve the misunderstanding, Rad said.
‘‘He would hack everything he touched,’’ she said.
Jack’s most recent employer, the cyber security consulting firm IOActive Inc, said on its Twitter account: ‘‘Lost but never forgotten our beloved pirate, Barnaby Jack has passed.’’ Jack had been scheduled to present his research on heart devices at Black Hat tomorrow. Last week, Jack revealed that he had devised a way to hack into a wireless communications system that linked implanted pacemakers and defibrillators with bedside monitors that gather information about their operations.
‘‘I’m sure there could be lethal consequences,’’ Jack said in a phone interview.
He declined to name the manufacturer of the device but said he was working with that company to figure out how to prevent malicious attacks on heart patients.
Jack’s sudden death drew responses from the hacking community reminiscent of those that followed the suicide of hacker activist Aaron Swartz in January. Dan Kaminsky, a well-known hacker, described the death as a tragedy.
‘‘Barnaby was one of the most creative, energetic, diverse researchers in our field,’’ he said.
‘‘You’ll be missed, bro,’’ tweeted another well-known hacker Dino Dai Zovi.
Jack’s sister, Amberleigh Jack, who lives in New Zealand, confirmed her brother’s age but declined to comment further, saying she needed time to grieve.
Black Hat said that it will not replace Jack’s session at the conference, saying the hour would be left vacant for conference attendees to commemorate his life and work.