Hacker to the Rescue

Morgan O'Rourke


September 1, 2013


For most people, the word “hacker” usually conjures up images of malicious computer geeks, with fingers flying over their keyboards, gleefully stealing your personal information, sabotaging your business’ IT infrastructure and bringing down websites around the globe. Hackers are the reason why we have 57 different passwords that we need to change every other day and why IT departments have to spend thousands of dollars and countless hours every year on security enhancements to keep our private records private and our systems functioning like they should. Basically in risk management terms, “hacker” is usually a four-letter word.

But not all hackers are evil. In fact, hackers come in two basic flavors. On one side are the black hats, the bad guys. But on the other side, serving as the yang to the black hats’ yin, are the white hats. These are the altruistic hackers, the ethical ones that only expose system vulnerabilities as a means to show how they can be fixed.

As you might expect, hackers of either stripe usually prefer to remain anonymous. It probably goes with the territory. After all, if you’re trying to break into somewhere you don’t belong, it doesn’t make sense to announce yourself beforehand. So they often use codenames and their true identities are only exposed when they do something particularly noteworthy or, more likely, when they get arrested.
But Barnaby Jack was not one to fit the usual hacker stereotype. Maybe it was because he had a name that made him sound like a movie detective or a secret agent  or maybe it was because from certain angles he looked a little like actor Elijah Wood of Lord of the Rings fame, but Jack certainly had a flair for the dramatic.

Born in New Zealand, Jack was a white hat hacker who gained notoriety when he remotely hacked an ATM, causing it to spit out twenties while flashing “Jackpot” on the stage at the 2010 Black Hat computer security conference in Las Vegas. He then switched his focus to embedded devices and at various conferences, hacked wireless insulin pumps in clear, fluid-filled dummies from up to 300 feet away, causing them to dispense potentially fatal doses of the drug. Most recently, he proved that truth could be stranger than fiction when, in a move that mirrored a fictional terrorist plot from the television show Homeland, he devised a way to hack a pacemaker to deliver a lethal electric shock to the wearer.

In July, Jack was scheduled to deliver a presentation at the 2013 Black Hat conference to demonstrate how to hack implanted medical devices and discuss ways companies could improve their security. One week before the event, however, he was found dead in his San Francisco home. The cause of death remains unknown. He was 35.

The news of Jack’s untimely death inspired some conflicting reactions. Many mourned the loss of a talented and respected friend. Organizers of the Back Hat conference left his presentation time slot open and devoted the hour to a remembrance of his life. Meanwhile, on social media and internet comment boards—which never met a conspiracy theory they didn’t like—commenters suggested thatJack was the victim of a government assassination plot. At press time, the only word from police was that foul play had been ruled out.

Conspiracy theories aside, Jack’s ability and desire to point out the flaws in the devices that we usually take for granted will hopefully inspire other ethical hackers to follow in his footsteps while companies take a closer look at the safety issues of the products they produce. In an era where everything from cars to refrigerators to picture frames is expected to have Wi-Fi or Bluetooth connectivity, it helps to be reminded that the increased internet access that makes a product so appealing can also be a liability if a malicious hacker decides to exploit it.

At the recent Black Hat and DefCon security conferences, hackers demonstrated their ability to create wide-ranging chaos. From taking remote control of your car and turning your smartphone or television into a clandestine spying device to controlling the smart devices in your home and even hacking into entire industrial facilities to cause equipment shutdowns or power outages, few technologies are safe from a dedicated hacker.

The sobering reality is that most security fixes are obsolete almost from the moment they are installed. If we want to stay one step ahead of disaster and make sure that the good guys win more often than they lose, we will need more people like Barnaby Jack.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)

Related Articles

The Digital Threat

October 1, 2011