36-Year Old Hacker Who Made ATMs Spit Out Cash Dies in San Francisco (Michael Hastings Death Connection?)
A prominent hacker who discovered a way to have ATMs spit out cash and was set to deliver a talk about hacking pacemakers and other wireless implantable medical devices has died in San Francisco, authorities and his employer said.
Barnaby Jack died at his home in San Francisco Thursday, although the cause of death is still under investigation, San Francisco Deputy Coroner Kris Barbrich said.[...]
Jennifer Steffens, the CEO of computer security firm IOActive, Inc., where Jack worked, called Jack one of the most accomplished security researchers.
He was only 36-years old.
Here is what is really spooky about this death. Vanity Fair wrote this about Jack in December of last year (my bold):
Last October at Melbourne’s grand Intercontinental Hotel scores of technophiles watched a researcher for IOActive, a Seattle-based computer-security firm, demonstrate an ingenious new way to kill someone—a method that one can imagine providing a sensational plot twist in an episode of Homeland.
The IOActive researcher, a man named Barnaby Jack, was so worried about the implications of his work that he intentionally obscured many of the details in his presentation. As a further precaution, he asked the attendees not to take any pictures—a tough request in a crowd full of smartphones and laptops.
Jack’s work concerned pacemakers and implantable cardioverter-defibrillators (I.C.D.’s). More than three million American heart patients carry around these small, computerized devices, which monitor their heartbeat and deliver jolts of electricity to stabilize it when needed. To check and adjust these devices, many doctors use wand-like wireless programmers that they wave a few inches above patients’ chests—a straightforward and seemingly safe procedure. But now, with a custom-built transmitter, Jack had discovered how to signal an I.C.D. from 30 feet away. It reacted as if the signal were in fact coming from the manufacturer’s official I.C.D. programmer. Instructed by the counterfeit signal, the I.C.D. suddenly spat out 830 volts—an instantly lethal zap. Had the device been connected to an actual human heart, the fatal episode would likely have been blamed on a malfunction.
Let’s face it: Barnaby Jack is a man who is quite literally looking for trouble. This is a guy who had demonstrated the year before how he could wirelessly direct an implantable insulin pump to deliver a lethal dose. The year before that, he hacked an ATM to make it spray out bills like a slot machine. But trouble-making is what he’s paid to do at IOActive, and in that role he has developed a particular respect for the looming power of smartphones. Terrorists have already used cell phones to kill people in the crudest possible way: detonating explosives in Iraq and Afghanistan. But smartphones bring a new elegance to the endeavor and will bring new possibilities for mayhem into the most mundane areas of life.
Got that a very skilled hacker working with remote control devices to kill? What about the firm he was working for, IOActive?
The video post I put up on Thursday, MUST VIEW VIDEO: Digital Carjackers Show Forbes How Michael Hasting's Car Could Have Been Remotely Carjacked, included two specialists who demonstrated how to takeover a car remotely. One of the specialists worked for IOActive.
The last tweet by Barnaby Jack, before he died, was to feature an IOActive tweet about the video:
Great car hacking research from @nudehaberdasher & @0xcharlie (via @a_greenberg & @Forbes) http://t.co/lA5N2NDLoV #infosec #defcon
— IOActive, Inc (@IOActive) July 24, 2013
He didn't tweet often. Prior to the car hacking tweet, he hadn't tweeted anything in two months. The car hacking video was special to him. Now, he is dead.
His official title at IOActive was Director of Embedded Device Security
This is how IOActive announced his role in a 2012 press release:
From consumer electronics to medical devices and critical infrastructure, the increased popularity of embedded systems is driving a whole new wave of threats that traditional security methods do not detect or protect against. In his new role, Jack will be spearheading the research and services division, with a strong focus on developing the tools and methodology to access these often overlooked devices.
Was Barnaby Jack the hack who knew too much?