The VICE Channels

    Barnaby Jack, Hacker of ATMs and Pacemakers, Died From an Overdose

    Written by

    Daniel Stuckey


    The celebrated hacker Barnaby Jack, who spectacularly demonstrated his ability to cause ATMs to spit out cash and pacemakers to crash, died from a drug overdose, San Francisco police revealed, months after his death at his home at the age of 36.

    "It is mannered an accident," a spokeswoman from the San Francisco Medical Examiner's office explained by phone. The cause of death was a mixed overdose of heroin, cocaine, diphenhydramine (Benadryl) and alprazolam (Xanax).

    The news comes nearly six months after the New Zealander was found dead in his San Francisco home, on July 25th. Jack was scheduled to give a talk just days later at the Black Hat convention in Vegas, and it was the most widely anticipated of the hacker summit's events. Titled “Implantable Medical Devices: Hacking Humans," his presentation was going to demonstrate that pacemakers could be hacked, a prospect that seriously worried Dick Cheney, among others. 

    Given the sensitivity of Jack's work—and since it happened six weeks after the car wreck that killed investigative reporter Michael Hastings and sparked dozens of online conspiracy theories—speculation that Jack was the victim of foul play surrounded his untimely death.

    Earlier the day he died, his girlfriend said he had seemed fine on the phone, and made dinner plans. When she returned home in the evening, he was lying unresponsive in bed, surrounded by beer and champagne bottles, and according to the investigator, "multiple rolled up papers with white powder residue," and e-cigarettes with "multiple canisters of vapor fluids." His girlfriend told police she had never known Jack to go to the hospital, but that he had had a history of abuse of opiates, cocaine, and Xanax. 

    Previously a researcher for security firm IOActive, Jack became known for his magician-like security exploits, capable of wowing even expert hackers in Vegas with tricks made of code. He demonstrated a security flaw in an insulin pump, making it dispense the hormone from 300 feet away (he also worked with the U.S. Food and Drug Administration and medical-device makers to close the security holes he found). At Black Hat in 2010, he famously "jackpotted," or, exploited ATMs to dispense bills, remotely and on command, with typical showman's flair, but not without a serious message about security.

    "It does take a specialised skill," he told Vice's William Alexander a month before his death, "but with more and more security researchers concentrating on embedded devices, the skill set required is becoming more common."

    In his Black Hat demo, he said he intended to override the software running on a pacemaker remotely, and send high-voltage shocks that would short out its circuitry. To figure that out, he said, "It probably took me around six months, from reverse engineering and finding the flaws through to developing software to exploit the vulnerabilities."

    Last summer, in a conference room at the Rio Hotel during Def Con, America's other large hacker conference, tears flowed at a makeshift memorial service. And at Black Hat, a few days earlier, before introducing a keynote by NSA director Gen. Keith Alexander, conference organizer Trey Ford asked attendees to honor Jack with a moment of silence. 


    Courtesy of the San Francisco Medical Examiner's Office
    Photo of Barnaby Jack courtesy of IOActive