BOSTON (Reuters) – Barnaby Jack, a celebrated computer hacker who forced ATMs to spit cash and triggered security improvements to medical equipment, died in San Francisco a week before he was due to make a high profile presentation at a hacking conference.
New Zealand-born Jack, 35, was found dead by “a loved one” in an apartment in San Francisco’s Nob Hill neighborhood on Thursday night, according to a police spokesman. He didn’t want to say what caused Jack’s death, but said the police had ruled out foul play.
The San Francisco Medical Examiner’s Office said it was performing an autopsy, although it could take a month to determine the cause of death.
Jack was one of the most famous white hat hackers in the world – the ones who use their technical skills to find security holes before criminals can exploit them.
His genius was to find bugs in the tiny computers built into devices like medical devices and ATMs. He often received standing ovations at conferences for his creativity and demeanor, while his research forced device manufacturers to fix bugs in their software.
Jack planned to demonstrate his pacemaker and implanted defibrillator hacking techniques at the Black Hat Hackers Convention in Las Vegas next Thursday. He told Reuters last week that he could kill a man from 9 meters away by attacking an implanted heart device.
“He was passionate about finding security holes from the bad guys,” said Stuart McClure, longtime security industry manager who gave Jack one of his earliest jobs and worked with him at McAfee, Intel Inc.’s computer security company.
“He was one of the people who were sent to earth to find vulnerabilities that could be maliciously exploited to harm people,” said McClure.
Jack became one of the most famous hackers in the world after demonstrating “jackpotting” in 2010 – tricking ATMs into dispensing bills. (reut.rs/gIGXVq) A clip of his presentation was viewed more than 2.6 million times on YouTube.
Two years ago, Jack turned to medical devices while on a team at McAfee developing methods to attack insulin pumps. Their research led medical device maker Medtronic Inc to revamp the way it designs its products. (reut.rs/sM9mTE)
The US government also noticed Jack’s work.
“The work Barnaby Jack and others have done to identify some of these vulnerabilities has been instrumental in advancing this area,” said William Maisel, assistant director of science at the Food and Drug Administration’s Center for Devices and Radiological Health.
Jack’s passion for hacking got him into trouble at times.
In 2012, he connected his laptop to a bullion machine in an Abu Dhabi casino, according to hacker colleague Tiffany Strauchs Rad. She said Jack had permission from a hotel manager to hack the machine, but security forces intervened.
It turned out that the gold machine did not belong to the hotel, and the American embassy had to be called in to clear up the misunderstanding, Rad said.
“He would hack anything he touched,” she said.
Jack’s youngest employer, cybersecurity consultancy IOActive Inc, said on his Twitter account: “Our beloved pirate Barnaby Jack is lost but never forgotten.”
Jack was due to present his research on cardiac devices at Black Hat on August 1st. Last week, Jack told Reuters he had found a way to hack into a wireless communication system that connected implanted pacemakers and defibrillators to bedside monitors showing information about their operations.
“I’m sure it could be fatal,” Jack said in a telephone interview.
He declined to name the manufacturer of the device, but said he was working with that company to find out how to prevent malicious attacks on heart patients.
Jack’s sudden death drew reactions from the hacking community reminiscent of those who followed the suicide of hacker activist Aaron Swartz in January.
Dan Kaminsky, a well-known hacker, called the death a tragedy. “Barnaby was one of the most creative, energetic and diverse researchers in our field,” he said.
“You are missing, brother,” tweeted another well-known hacker Dino Dai Zovi.
Jack’s sister Amberleigh Jack, who lives in New Zealand, told Reuters that her brother was 35 years old. She declined to comment, saying she needed time to grieve.
Black Hat said it will not replace Jack’s session at the conference and said the hour will be left free for conference attendees to commemorate his life and work.
Reporting by Jim Finkle; Editing by Tiffany Wu, Vicki Allen, and Bill Trott