Barnaby jack biography of css

Barnaby Jack

New Zealand hacker, programmer and computer security professional

Barnaby Jack

Born

Barnaby Michael Douglas Jack


()22 November

Auckland, New Zealand

Died25 July () (aged&#;35)

San Francisco, California, U.S.

Occupation(s)hacker, computer security professional and programmer
Known&#;forATM jackpot hit at Black Hat

Barnaby Michael Douglas Jack (22 November – 25 July ) was a New Zealand hacker, programmer and computer security expert.[1] He was known for his presentation at the Black Hatcomputer security conference in , during which he exploited two ATMs and made them dispense fake paper currency on the stage.[2] Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.[3]

Jack was known among industry experts for his influence in the medical and financial security fields.[4] In his testimony led the United States Food And Drug Administration to change regulations regarding wireless medical devices.[4] At the time of his death, Jack was Director of Embedded Device Security at IOActive.[5][6]

"Jackpotting" ATMs

At a Black Hatconference in , Jack gave a presentation on "jackpotting", or causing automated teller machines to dispense cash without withdrawing it from a bank account using a bank card.[7][8] The scenario was first described in fiction in the cult movie Hackers. Jack gave demonstrations of different kinds of attacks involving both physical access to the machines and completely automated remote attacks. In both cases, malware was injected into the operating system of the machines, causing them to dispense currency fraudulently on the attacker's command. During the physical attack on an automated teller machine (ATM) as demonstrated by Jack, the attacker takes advantage of their physical access to the target machine and uses a flash drive loaded with malware to gain unauthorised access to the machines allowing control over their currency dispensing mechanism.[9] During the remote attack, malware is installed onto the target system via exploited vulnerabilities in the remote management system, most notably the use of default passwords and remote management TCP ports. The attacker then executes the malware, causing the target ATM to dispense currency.

Insulin pumps

At the McAfee FOCUS 11 conference in October in Las Vegas, while working for McAfee Security, Jack first demonstrated the wireless hacking of insulin pumps, one worn by a diabetic friend and another of the same model on a bench set up for demonstration. Interfacing with the pumps with a high-gain antenna, he obtained complete control of the pumps without any prior knowledge of their serial numbers, up to being able to cause the demonstration pump to repeatedly deliver its maximum dose of 25 units until its entire reservoir of units was depleted, amounting to many times a lethal dose if delivered to a typical patient.[10]

At the RSA Security Conference in San Francisco in February , using a transparent mannequin he demonstrated that he could wirelessly hack the insulin pump from a distance of up to 90 metres using the high-gain antenna.[11]

Pacemakers

In Jack demonstrated the ability to assassinate a victim by hacking their pacemaker. Jack demonstrated delivering such a deadly electric shock live at the BreakPoint security conference in Melbourne.[4]

Heart implants

Jack died a week before he was to give a presentation on hacking heart implants at the Black Hat conference scheduled to be held in Las Vegas. In a June interview with Vice, Jack outlined his presentation:[3]

Barnaby Jack, the director of embedded device security for computer security firm IOActive, developed software that allowed him to remotely send an electric shock to anyone wearing a pacemaker within a foot radius. He also came up with a system that scans for any insulin pumps that communicate wirelessly within feet, allows you to hack into them without needing to know the identification numbers and then sets them to dish out more or less insulin than necessary, sending patients into hypoglycemic shock quickly if excessive insulin was dispensed or ketoacidosis if not enough insulin was dispensed over a period of time.[3]

In his presentation, Jack was set to outline vulnerabilities in various medical devices, as well as give safe demonstrations of attacks with which there is "certainly a potential health risk".[3]

Death

Jack was found dead in a San Francisco apartment on 25 July by his girlfriend. According to the coroner's report, Jack died of an overdose of heroin, cocaine, Benadryl and Xanax. He was 35 years old.[12][13][14] At the time of his death, he was due to attend a Black Hat Briefings hacking conference in Las Vegas.[15][16] Black Hat general manager Trey Ford, said "Everyone would agree that the life and work of Barnaby Jack are legendary and irreplaceable", and announced his spot would not be replaced at the conference.[13]

In popular culture

Barnaby Jack's "Jackpotting" technique of an ATM and multiple ATMs being hacked and forced to spit out any amount of cash triggered by a number of events all described in Jack's Black Hat presentation, was used as the plot line in the 20th of December episode of series 2 of the CBS crime drama CSI: Cyber. Apart from showing the hack in use and explaining how it works, the episode also included other nods to Barnaby Jack and his work including naming the hacked bank "Barnaby Bank". The CSI spinoff focused on a team of FBI agents and ex-blackhat hackers working to stop various cyber threats across the US.

“Jackpotting” is featured in episode 1, season 2 of the BBC World Service’s podcast “Lazarus Heist”, broadcast in March This series describes the work of the Lazarus Group. In this episode, the jackpotting technique is used to extract millions of dollars from ATMs in 28 countries - in just over two hours on 11th August , nearly $14 million, all from accounts of The Cosmos Bank in India. An army of money mules is used to take the cash from the machines. [17]

References

  1. ^"Barnaby Jack". The Daily Telegraph. 28 July Retrieved 29 July
  2. ^McMillan, Robert (28 July ). "Barnaby Jack hits ATM jackpot at Black Hat". Computerworld. Archived from the original on 29 September Retrieved 7 August
  3. ^ abcdWilliam, Alexander (July ). "Barnaby Jack Could Hack Your Pacemaker and Make Your Heart Explode". Vice. Retrieved 7 August
  4. ^ abcZadrozny, Brandy (26 July ). "The Good Hacker: Barnaby Jack Dies". The Daily Beast. Retrieved 7 August
  5. ^"IOActive Appoints Industry Expert Barnaby Jack as Director of Embedded Device Security". IOActive. 8 October Archived from the original on 1 August Retrieved 7 August
  6. ^"About IOActive". IOActive. Archived from the original on 6 August Retrieved 7 August
  7. ^Goodin, Dan (28 July ). "Armed with exploits, ATM hacker hits the jackpot". The Register. Retrieved 7 August
  8. ^Franzen, Carl (29 July ). "Barnaby Jack Ingeniously Hacks ATMs at Black Hat [VIDEO]". Aol News. Archived from the original on 1 August Retrieved 7 August
  9. ^Schwarz, Henry. "Black Hatted".
  10. ^Stilgherrian (21 October ). "Lethal medical device hack taken to next level". CSO Online (Australia). Retrieved 2 August
  11. ^Parmar, Arundhati (1 March ). "Hacker shows off vulnerabilities of wireless insulin pumps". MedCity News. Retrieved 7 August
  12. ^Finkle, Jim (26 July ). "Famed hacker Barnaby Jack dies a week before hacking convention". Reuters. Retrieved 7 August
  13. ^ abHolpuch, Amanda. "Hacker Barnaby Jack dies in San Francisco aged 35". The Guardian. Retrieved 7 August
  14. ^Robertson, Jordan (26 July ). "Barnaby Jack, Computer Hacker, Dead at 36". Bloomberg. Retrieved 7 August
  15. ^"NZ hacker found dead". Radio New Zealand. 27 July Retrieved 7 August
  16. ^Hillen, Brittany (26 July ). "Barnaby Jack, renown hacker, dies at 35". SlashGear. Retrieved 7 August
  17. ^"BBC World Service - The Lazarus Heist - Available now". BBC. Retrieved 1 May