Monday, August 05, 2013

Was this computer nerd killed after discovering how to murder anyone with a pacemaker?


Was this computer nerd killed after discovering how to murder anyone with a pacemaker?



When the acclaimed television drama  series Homeland climaxed with a devious plot by terrorists to kill America’s vice-president by hacking into his electronic pacemaker, critics scoffed at the ludicrousness of the idea.

But the outrageous storyline was thought credible by many in the world of computer security.

Among those was the New Zealand-born computer hacker Barnaby Jack.

The 35-year-old — who, unlike many in the business, used his skills ‘ethically’ — had spent his career demonstrating the dangers posed by unscrupulous hackers combined with computer manufacturers’ failure to install proper safety devices on equipment.

Scroll down for video

Mr Jack spent his career demonstrating the dangers posed by unscrupulous hackers combined with computer manufacturers¿ failure to install proper safety devices on equipment
Mr Jack spent his career demonstrating the dangers posed by unscrupulous hackers combined with computer manufacturers¿ failure to install proper safety devices on equipment

Jack thought it highly plausible that a terrorist could hack into someone’s pacemaker and speed up their heartbeat until it killed them.

He also believed it was possible to infect the pacemaker companies’ servers with a bug that would spread through their systems like a virus.

    ‘We are potentially looking at a “worm” with the ability to commit mass murder,’ he said. ‘It’s kind of scary.’ Jack certainly knew what he was talking about — having become famous after demonstrating how he could sabotage cash machines and make them dispense large sums of money (a trick he called ‘Jackpotting’) by hacking into a bank’s computer system. 

    Watch full SecurityWeek video here


    Another stunt was to reveal how a diabetic’s insulin pump — which is designed to deliver insulin to the body day and night — could be hacked from 300ft away, so it could dispense a fatal dose. 

    Jack, who had been obsessed with computers since childhood, emigrated to the U.S. at the age of 21 and joined a firm specialising in computer security issues.

    In recent years, he had developed a specific interest in what is known as ‘embedded’ technology, the hardware and software built into everyday objects such as cars, banking systems, home appliances and medical devices.
    Jack thought it plausible that someone could hack into a pacemaker and speed up their heartbeat until it killed them
    Jack thought it plausible that someone could hack into a pacemaker and speed up their heartbeat until it killed them
    He was preparing to demonstrate his work two days ago at a major computer-hacking convention in Las Vegas. 

    In an address to the Black Hat convention titled ‘Implantable medical devices: hacking humans’, Jack was due to show an audience of hackers and cyber security experts at Caesar’s Palace how he could hack into devices such as pacemakers and defibrillators.

    He planned to show how, using a wireless transmitter, he could trigger a deadly power surge and kill someone from up to 50ft away. 

    A pacemaker is a small battery-powered device implanted in the chest, which regulates the beating of the heart by sending regular electrical pulses to the heart muscles. Modern versions are controlled from small  external computers.
    Famous pacemaker wearers include Sir Elton John, Sir David Attenborough, former U.S. 
    vice-president Dick Cheney and former German chancellor Helmut Schmidt.

    More than 500,000 have been fitted to patients in Britain, but it was in the U.S. — where nearly five million people use pacemakers and defibrillators — that Jack’s stunt was regarded as a potentially seismic revelation.

    However, he was never to give the demonstration. A week beforehand, Jack was found dead in his flat in the San Francisco neighbourhood of Nob Hill. His body was believed to have been found by his girlfriend, Layne Cross, a 31-year-old model. According to friends, he was found dead in bed.

    To say his sudden death  remains shrouded in mystery is putting it mildly. 

    Predictably, for someone who worked in such a shadowy world, there have been countless theories about how he was killed. Hackers are a suspicious bunch who have become even more paranoid since the U.S government’s efforts to silence whistleblowers such as ex-soldier Bradley Manning (who faces jail for leaking secret government cables to WikiLeaks).

    The absence of even the most basic details about Barnaby Jack’s untimely death has ignited a firestorm of speculation that foul play could be involved.

    The absence of even the most basic details about Barnaby Jack¿s untimely death has ignited a firestorm of speculation that foul play could be involved
    The absence of even the most basic details about Barnaby Jack's untimely death has ignited a firestorm of speculation that foul play could be involved

    This has been fuelled by the refusal of the coroner’s office to discuss the case other than to say that the autopsy results may not be available for ‘weeks, possibly months’.

    Indeed, a source at the local police station admitted that this silence was puzzling. 
    Jack’s former work colleagues at IOActive, which has headquarters in Seattle and London, said they knew of no medical condition that could have killed him. 

    Officially, San Francisco police will say only they have passed the case to the local coroner’s office — an indication, said a spokesman, that it had found no evidence of ‘foul play’.

    But on Twitter and the news-sharing site Reddit, commenters suspect the involvement of the U.S. government and the CIA.

    Some have suggested that government officials wanted to silence Jack before he could reveal how America’s enemies could hack into devices such as pacemakers.

    Perhaps, a poster on Reddit suggested, the American authorities wanted to harness the skills themselves and use them  on their enemies and ‘didn’t want the competition’.
    There have been other, even more outlandish, suggestions — such as that Jack is not actually dead but has been spirited away by the U.S. government to work on secret research projects.

    Others have linked the tragedy with the recent death of Michael Hastings, a young American journalist whose revelations about U.S. general Stanley McChrystal’s contempt for White House officials forced his resignation as Nato chief in Afghanistan. 

    Talented: Award-winning journalist Michael Hastings died in a car crash this week in Los Angeles
    The death has been linked to that of Michael Hastings, a young American journalist who died in a car crash 

    Hastings complained about the U.S. being a ‘surveillance state’ and his death in a car crash in Los Angeles in June was widely reported as suspicious.

    Then there is yet another theory about Jack’s death. Could the multi-million-dollar healthcare industry have silenced him?

    After all, he was about to expose a huge flaw in one of its most lucrative devices that could cost it untold millions, and cause a major public embarrassment. 

    It’s certainly true industries have not always appreciated hackers such as Jack publicly exposing their security weaknesses. 

    Dan Kaminsky, a security researcher and close friend, says Jack had recently had ‘uncomfortable meetings’ with cash machine manufacturers and makers of electronic medical devices. ‘I’m sure he made enemies,’ he adds. 

    Dan Kaminsky, a security researcher and close friend, says Jack had recently had 'uncomfortable meetings' and was sure he had enemies
    Dan Kaminsky, a security researcher and close friend, says Jack had recently had 'uncomfortable meetings' and was sure he had enemies
    But he explained that while Jack was a ‘pain in the butt’ for the companies whose products he hacked, he at least tried to keep them informed of what he was doing.

    There is universal concern in such businesses about the vulnerability to sabotage of devices that work wirelessly, via the internet.

    And David Marcus, an expert at the security technology company McAfee, says Jack was at the cutting edge of such research. Manufacturers of items such as cash machines and insulin pumps have been forced to alter their designs following Jack’s revelations about how easily they can be sabotaged.

    They are also deeply worried that the exploits of Barnaby Jack and other hackers will encourage less scrupulous people to try it for themselves. It’s certainly true that the speech he was due to give was greatly anticipated.

    Previous similar demonstrations attracted huge audiences. One in Melbourne, Australia, last year, saw Jack deliver an 830-jolt to a pacemaker by logging into it remotely. At the time, he warned of the possible consequences, saying ‘the most obvious scenario would be a targeted attack against a high-profile individual’.
    Countless medical devices now use wireless technology and Jack pointed out that their security authorisation — such as username and password — was designed to be circumvented easily, for it is often necessary for them to be cracked by any doctor needing to access them in an emergency. 
    One security consultant at the Black Hat convention on computer-hacking said: ‘Jack made a lot of waves, so you can understand why people are suspicious when he suddenly drops dead a few days before this convention.’
    ‘Sometimes you have to demonstrate the darker side,’ Barnaby Jack liked to say, as he sought to justify his skills at computer-hacking. How ironic if he became the victim of that ‘darker side’.


    Read more: http://www.dailymail.co.uk/news/article-2383908/Was-nerd-killed-discovering-murder-pacemaker.html#ixzz2b8fqmxXm
    Follow us: @MailOnline on Twitter | DailyMail on Facebook

    No comments:

    Post a Comment