Famed hacker Barnaby Jack dies a week before hacking convention

Sat Jul 27, 2013 12:28am EDT

Barnaby Jack, 35, is pictured in this undated handout photo. Jack, a celebrated computer hacker who forced bank ATMs to spit out cash and sparked safety improvements in medical devices, died in San Francisco, July 25, 2013, a week before he was due to make a high-profile presentation at a hacking conference. REUTERS/Hep Svadja/Handout

Barnaby Jack, 35, is pictured in this undated handout photo. Jack, a celebrated computer hacker who forced bank ATMs to spit out cash and sparked safety improvements in medical devices, died in San Francisco, July 25, 2013, a week before he was due to make a high-profile presentation at a hacking conference.

Credit: Reuters/Hep Svadja/Handout

Related Topics

(Reuters) - Barnaby Jack, a celebrated computer hacker who forced bank ATMs to spit out cash and sparked safety improvements in medical devices, died in San Francisco, a week before he was due to make a high-profile presentation at a hacking conference.

The New Zealand-born Jack, 35, was found dead on Thursday evening by "a loved one" at an apartment in San Francisco's Nob Hill neighborhood, according to a police spokesman. He would not say what caused Jack's death but said police had ruled out foul play.

The San Francisco Medical Examiner's Office said it was conducting an autopsy, although it could be a month before the cause of death is determined.

Jack was one of the world's most prominent "white hat" hackers - those who use their technical skills to find security holes before criminals can exploit them.

His genius was finding bugs in the tiny computers embedded in equipment, such as medical devices and cash machines. He often received standing ovations at conferences for his creativity and showmanship while his research forced equipment makers to fix bugs in their software.

Jack had planned to demonstrate his techniques to hack into pacemakers and implanted defibrillators at the Black Hat hackers convention in Las Vegas next Thursday. He told Reuters last week that he could kill a man from 30 feet away by attacking an implanted heart device.

"He was passionate about finding security bugs before the bad guys," said longtime security industry executive Stuart McClure, who gave Jack one of his first jobs and also had worked with him at Intel Corp's McAfee, a computer security company.

"He was one of those people who was put on this earth to find vulnerabilities that can be exploited in a malicious way to hurt people," McClure said.

Jack became one of the world's most famous hackers after a 2010 demonstration of "Jackpotting" - getting ATMs to spew out bills. A clip of his presentation has been viewed more than 2.6 million times on YouTube.

Two years ago, Jack turned his attention to medical devices, while working on a team at McAfee that engineered methods for attacking insulin pumps. Their research prompted medical device maker Medtronic Inc to revamp the way it designs its products.

The U.S. government also noticed Jack's work.

"The work that Barnaby Jack and others have done to highlight some of these vulnerabilities has contributed importantly to progress in the field," said William Maisel, deputy director for science at the Food and Drug Administration's Center for Devices and Radiological Health.

Jack's passion for hacking sometimes got him into trouble.

In 2010, he connected his laptop to a gold bullion dispensing machine at a casino in Abu Dhabi, according to fellow hacker Tiffany Strauchs Rad. She said Jack had permission from a hotel manager to hack the machine but security intervened.

It turned out the hotel did not actually own the gold machine and the American Embassy had to be called in to help resolve the misunderstanding, Rad said.

"He would hack everything he touched," she said.

'BELOVED PIRATE'

Jack's most recent employer, the cybersecurity consulting firm IOActive Inc, said on its Twitter account: "Lost but never forgotten our beloved pirate, Barnaby Jack has passed."

Jack, who was known as Barnes to his friends, had been scheduled to present his research on heart devices at Black Hat on August 1. Last week, Jack told Reuters he had devised a way to hack into a wireless communications system that linked implanted pacemakers and defibrillators with bedside monitors that gather information about their operations.

"I'm sure there could be lethal consequences," Jack said in a phone interview.

He declined to name the manufacturer of the device but said he was working with that company to figure out how to prevent malicious attacks on heart patients.

Jack's sudden death drew responses from the hacking community reminiscent of those that followed the suicide of hacker activist Aaron Swartz in January.

Dan Kaminsky, a well-known hacker, described the death as a tragedy. "Barnaby was one of the most creative, energetic, diverse researchers in our field," he said.

"You'll be missed, bro," tweeted another well-known hacker Dino Dai Zovi.

Jack's sister, Amberleigh Jack, who lives in New Zealand, told Reuters her brother was 35 years old. She declined to comment further, saying she needed time to grieve.

Some of his friends pitched in to help the family with expenses. They collected $4,345 from 37 people over 13 hours through a crowdfunding website: here

Black Hat said that it will not replace Jack's session at the conference, saying the hour would be left vacant for conference attendees to commemorate his life and work.

(Reporting by Jim Finkle in Boston; Editing by Tiffany Wu, Vicki Allen, Bill Trott and Lisa Shumaker)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
Mike91163 wrote:
A sad day for the modern world…white hats like Jack literally make the world a safer place.

It’s downright criminal that the white hat community / pen testers (pen=penetration) is thought of by the MSM and the masses as somehow “shady” or the weird relative we shy away from. Judging by our reliance on technology, and the explosive growth of wireless devices, I’d say their work is vital!

But here’s the rub: I cannot find any information regarding Jack’s educational background…which does not surprise me-I’d wager that he is entirely self-taught, and didn’t spend a day in any sort of college, university, or form of higher education. Why, you ask? Well, extremely intelligent people like him, who have a “hyperfocus” on a particular subject, just cannot tolerate the rigid structure of our worldwide educational system. For example, in order to graduate with any degree from virtually every university, one MUST take courses that have absolutely NOTHING to do with one’s chosen profession-e.g. being obligated to take xx credits in courses like Biology or Literature. Therefore, the vast majority of potential employers will simply ignore his resume because it doesn’t meet the company’s silly requirement of a degree…nevermind that he could spend 5 minutes at their business and pwn their network with his eyes closed!

When companies and nations large and small wake up and realize the incredible good these white hats can do for them, perhaps we can rest easier, not worrying about rogues and criminals destroying our cyberstructure.

Godspeed to you, Jack…

Jul 27, 2013 5:18am EDT  --  Report as abuse
BuffaloGirl wrote:
God Bless you Barnes. You will always be a great Kiwi Icon. Aroha Nui.

Jul 27, 2013 6:18am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.