Barnaby Jack: Ethical hacker and expert on security for computers
Tuesday 30 July 2013
Barnaby Jack, who has died aged 35, was an ethical hacker who had achieved renown for finding, exploiting and exposing flaws in computer security systems. At a conference in 2010 he famously demonstrated his attack on an automated teller machine (ATM), causing the cashpoint to spew out bank notes on demand. His method became known as "Jackpotting". As a "white hat" hacker he sought to publicly discuss and show defects in computer security so that they could be rectified before other, less unscrupulous, individuals took advantage of them. "Sometimes you have to demonstrate the darker side," he said of his rationale.
Jack was born in Auckland, New Zealand, and grew up with a fascination for computers of all kinds. At the age of 21 he emigrated to the US and joined the company Network Associates, specialising in computer security issues. He subsequently joined Juniper Networks, a manufacturer of networking hardware, in 2006.
In recent years he had developed a specific interest in what is known as "embedded" technology, the hardware and software which are built in to everyday objects around us, such as cars, banking systems, home appliances and medical devices. It was at the Black Hat security conference in July 2010 that he showed his best known hacking feat, after having experimented with two ATM machines he had bought online and installed at home. He recalled of the event: "I demonstrated two different attacks. One was a walk-up attack, where I would literally walk up to an ATM... Within about two minutes it would just start spitting out its entire dispenser. Of course you had to be at the ATM for that one to work."
Of the second presentation he said: "The other attack was completely remote, so I could do it from a laptop in a hotel room or your bedroom... But I also had it harvesting people's credit cards and PIN numbers, which I could then retrieve remotely as well. It was 100 per cent anonymous, and bypassing all authentication."
The following year, while working at McAfee, the virus protection and internet security company, he discovered a fault in computerised insulin pumps that could lead to them releasing lethal overdoses, with the potential to kill diabetics. "My purpose was not to allow anyone to be harmed by this because it is not easy to reproduce," he said in an interview last year, "but hopefully it will promote some change in these companies and get some meaningful security in these devices." The manufacturer promptly announced modifications to the devices to eliminate this potential risk.
Last October he became Director of Embedded Device Security at the company IOActive. It was in this new role that he had been due to present another dramatic attack, which would show flaws in the security of embedded heart pacemaker equipment. The idea had already been anticipated in fiction, in the television series Homeland, which had caused Jack to wonder whether it could be done in reality. He observed that "Malware will often slow down a computer, and when you slow down a medical device it no longer gives the integrity needed to perform as it should."
Jack's proposed technique would allow tampering with the pacemaker from a distance of up to nine metres, using wireless networking technology. He devised a method of logging on to the device without requiring any security and getting it to send a 830-volt jolt of electricity to the person in whom it is implanted. He had already warned of the possible consequences at a conference in Australia last year, saying "...the most obvious scenario would be a targeted attack against a high-profile individual."
He was found dead in a San Francisco apartment a week before the conference at which this technique would be demonstrated, where his talk was to have been entitled "Implantable Medical Devices: Hacking Humans". The initial reaction to his death from some was that this was a practical joke of some kind, organised by Jack himself. His former colleague Dan Kaminsky said via Twitter: "God, the stories. Nobody caused such hilarious trouble like @barnaby_jack"
The conference organisers said Barnaby's talk would not be replaced – "No one could possibly replace him, nor would we want them to. The community needs time to process this loss. The hour will be left vacant as a time to commemorate his life and work, and we welcome our attendees to come and share in what we hope to be a celebration of his life. Barnaby Jack meant so much to so many people, and we hope this forum will offer an opportunity for us all to recognise the legacy he leaves behind."
Barnaby Jack, computer security specialist: born Auckland, New Zealand 22 November 1977; partner to Layne Cross; died San Francisco 25 July 2013.
Exclusive: World’s most pristine waters are polluted by US Navy human waste
Missing Malaysia Airlines Flight MH370: Any terrorist seizure of the plane ‘would have required one hell of a piece of planning’
Croatia's second city to close 'worst zoo in the world' after reports of 'nightmare' conditions and 'depressed' animals
Missing Malaysia Airlines Flight MH370: Hijackers, pirates or suicide – the theories surrounding the mystery
Missing Malaysia Airlines Flight MH370 Q&A by Simon Calder: How far could it have travelled? Who was responsible and what would their plans be? And how can a plane just vanish?
Katie Hopkins continues campaign to become Britain's most hated talking head with poorly timed Bob Crow tweet
No EU referendum under Labour: Ed Miliband to reveal that vote on membership is ‘unlikely’ in next Parliament if party wins power
Grace Dent: Who cares if she spells it Barraco Barner? Gemma Worrall is more employable than some bookish arts graduate
The rise of Ukip: Study warns Labour that Eurosceptic party's electoral base now 'more working class than any of the main parties'
Europeans have ‘got whiter’ due to natural selection in past 5,000 years, scientists say
Fracking is turning the US into a bigger oil producer than Saudi Arabia
- 1 Is your name now 'banned' in Saudi Arabia?
- 2 Exclusive: World’s most pristine waters are polluted by US Navy human waste
- 3 Nemanja Matic interview: My family were in tears when we left Lisbon
- 4 Missing Malaysia Airlines Flight MH370: Jet ‘hijacking’ began soon after take-off
- 5 'Missing Malaysia Airlines Flight MH370 plane found in Bermuda Triangle!' Facebook links are profiting hackers
£50000 - £60000 per annum: Charter Selection: This well respected and exciting...
£40000 - £50000 per annum: Charter Selection: This exciting company and market...
£40000 - £60000 per annum + EXCELLENT SALARY: Austen Lloyd: Senior Private Cli...
£25,000 to £35,000: IT Connections Ltd: Signal Processing Engineer / Acoustics...