I'd just bought Barnaby Jack a pint of Harp when it hit me: Shouldn't he be buying my beer? Jack, as you might know, is the good-guy hacker who figured out a way to digitally hijack ATMs and command them to spit out $20 bills. Not that he would ever do that to buy a columnist a beer -- or for any other reason, for that matter.
"I suppose I'm on the good side of the fence," said Jack, 32. "I couldn't really bring myself into a criminal life. Besides, my mom wouldn't like it if I was in jail."
Jack was back home in San Jose between trips in a summer of trips, including one in July to the Black Hat computer security conference in Las Vegas. That's where he achieved rock star status by demonstrating how he hacked two different models of ATMs and turned them into cash-spewing wonders.
The idea is not to rob banks blind, but to let the machine manufacturers know what bad guys could do if they worked at it as hard as Jack did. To that end, Jack experimented on two machines he bought online and shared his findings with the ATM manufacturers before he shared them with the world. Both manufacturers instituted fixes before Jack's presentation.
But it was still a pretty neat trick. And so, I'd come to meet Jack at O'Flaherty's Irish Pub to ask him one simple question: Why?
"Just to impress your peers in the industry, I suppose," said Jack, who has a computer security job with IOActive of Seattle, but who worked on the ATM project largely on his own. "We always have this continual battle of who can come up with the coolest research."
It's an interesting subculture, the good-guy hackers. By and large, they are a crew of technical maestros who find a thrill in going where people aren't supposed to go, digitally speaking. Unlike cybercriminals, they turn their talents to the good, often landing jobs in which they point out vulnerabilities in software so those who depend on that software can fix the flaws before they lead to trouble.
The hackers bring with them a certain air of mischievous mystery. Jack, slim with closely cropped hair and a two-day beard, fits the bill. When I met him, he was sitting outside, dressed in black, smoking Camel cigarettes. He's from New Zealand originally, so he comes with a distinctive accent that is perfect for the part. Even his name -- Barnaby Jack -- seems right out of central casting.
"In the security scene, the hacker scene, people think that it's a made-up handle," Jack said. It's not. He tells me he's been interested in cracking code since he was a kid in New Zealand, puzzling over ways to get around software copy protection. It was something about understanding how things work, getting a look under the hood.
As for ATMs, remember "Terminator 2: Judgment Day"? Sure you do. Young John Connor using his Atari Portfolio to take over a cash machine in broad daylight, etc.
"I always thought that was kind of cool," Jack said. So, a couple of years ago, after moving to California for a series of security jobs, Jack finally decided to give it a try. He bought two popular machines ("You can buy anything on the Internet.") for about $2,000 each and had them delivered to his San Jose apartment.
"So the guy, he wheels in this ATM, and he's like, 'Why on earth do you need an ATM in your house?' And I'm like, 'Oh, I just don't like the transaction fees, mate.' "
Jack came up with two different ways to bypass the ATMs' security and rewrite their software. After Jack demonstrated his hacks in Las Vegas, he became something of a media darling here and in New Zealand, which was especially nice. Not because he's a publicity hound, but because of the last reason he worked so hard to hijack the ATMs.
"Some of it is I just want to make my family proud," Jack said, meaning his sister, Amberleigh, 29, and his mother, Sammi. They're both in Auckland reveling in his fame. (Jack's father died in 2003.)
"He's my brother and I'd stick up for him no matter what," Amberleigh Jack says. "But I always had a faith that some day the world was going to see just how good he is."
And now, it seems, it has.
Explore further: Using video games to model real life outbreaks