Celebrated hacker Barnaby Jack dies

Police rule out foul play in death of famed hacker

Barnaby Jack, a computer-security professional with a showman’s flair for demonstrating technical weaknesses in ATMs and medical devices, has died. He was 36. Photograph: David Paul Morris/Bloomberg

Barnaby Jack, a computer-security professional with a showman’s flair for demonstrating technical weaknesses in ATMs and medical devices, has died. He was 36. Photograph: David Paul Morris/Bloomberg

Sun, Jul 28, 2013, 16:48

Barnaby Jack, a top computer hacker who exposed vulnerabilities in bank ATMs and sparked safety improvements in medical devices, has died in San Francisco, a week before he was due to make a high-profile presentation at a hacking conference.

The New Zealand-born Jack (35) was found dead on Thursday evening by “a loved one” at an apartment in San Francisco’s Nob Hill neighborhood, according to a police spokesman. He would not say what caused Jack’s death but said police had ruled out foul play.

The San Francisco Medical Examiner’s Office said it was conducting an autopsy, although it could be a month before the cause of death is determined.

Mr Jack was one of the world’s most prominent “white hat” hackers - those who use their technical skills to find security holes before criminals can exploit them.

His genius was finding bugs in the tiny computers embedded in equipment, such as medical devices and cash machines. He often received standing ovations at conferences for his creativity and showmanship while his research forced equipment makers to fix bugs in their software.

Mr Jack had planned to demonstrate his techniques to hack into pacemakers and implanted defibrillators at the Black Hat hackers convention in Las Vegas next Thursday. He told Reuters last week that he could kill a man from 30 feet (9 metres) away by attacking an implanted heart device.

“He was passionate about finding security bugs before the bad guys,” said longtime security industry executive Stuart McClure, who gave Mr Jack one of his first jobs and also had worked with him at Intel Corp’s McAfee, a computer security company.

“He was one of those people who was put on this earth to find vulnerabilities that can be exploited in a malicious way to hurt people,” Mr McClure said.

Mr Jack became one of the world’s most famous hackers after a 2010 demonstration of “Jackpotting” - getting ATMs to spew out bills.

A clip of his presentation has been viewed more than 2.6 million times on YouTube.

Two years ago, Mr Jack turned his attention to medical devices, while working on a team at McAfee that engineered methods for attacking insulin pumps. Their research prompted medical device maker Medtronic Inc to revamp the way it designs its products.

The US government also noticed Mr Jack’s work.

“The work that Barnaby Jack and others have done to highlight some of these vulnerabilities has contributed importantly to progress in the field,” said William Maisel, deputy director for science at the Food and Drug Administration’s Center for Devices and Radiological Health.

Mr Jack’s passion for hacking sometimes got him into trouble.

In 2010, he connected his laptop to a gold bullion dispensing machine at a casino in Abu Dhabi, according to fellow hacker Tiffany Strauchs Rad. She said Mr Jack had permission from a hotel manager to hack the machine but security intervened.

It turned out the hotel did not actually own the gold machine and the American Embassy had to be called in to help resolve the misunderstanding, Rad said.

“He would hack everything he touched,” she said.

Beloved pirate

Mr Jack’s most recent employer, the cybersecurity consulting firm IOActive, said on its Twitter account: “Lost but never forgotten our beloved pirate, Barnaby Jack has passed.”

Mr Jack, who was known as Barnes to his friends, had been scheduled to present his research on heart devices at Black Hat on August 1st. He revealed last week that he had devised a way to hack into a wireless communications system that linked implanted pacemakers and defibrillators with bedside monitors that gather information about their operations.

“I’m sure there could be lethal consequences,” Mr Jack said in a phone interview.

He declined to name the manufacturer of the device but said he was working with that company to figure out how to prevent malicious attacks on heart patients.

Mr Jack’s sudden death drew responses from the hacking community reminiscent of those that followed the suicide of hacker activist Aaron Swartz in January.

Dan Kaminsky, a well-known hacker, described the death as a tragedy. “Barnaby was one of the most creative, energetic, diverse researchers in our field,” he said.

“You’ll be missed, bro,” tweeted another well-known hacker Dino Dai Zovi.

Black Hat said that it will not replace Mr Jack’s session at the conference, saying the hour would be left vacant for conference attendees to commemorate his life and work.