Hacker breaks into ATMs for good, not evil

Sep 16, 2010 By Mike Cassidy

I'd just bought Barnaby Jack a pint of Harp when it hit me: Shouldn't he be buying my beer? Jack, as you might know, is the good-guy hacker who figured out a way to digitally hijack ATMs and command them to spit out $20 bills. Not that he would ever do that to buy a columnist a beer -- or for any other reason, for that matter.

"I suppose I'm on the good side of the fence," said Jack, 32. "I couldn't really bring myself into a criminal life. Besides, my mom wouldn't like it if I was in jail."

Jack was back home in San Jose between trips in a summer of trips, including one in July to the computer security conference in Las Vegas. That's where he achieved rock star status by demonstrating how he hacked two different models of ATMs and turned them into cash-spewing wonders.

The idea is not to rob banks blind, but to let the machine manufacturers know what bad guys could do if they worked at it as hard as Jack did. To that end, Jack experimented on two machines he bought online and shared his findings with the ATM manufacturers before he shared them with the world. Both manufacturers instituted fixes before Jack's presentation.

But it was still a pretty neat trick. And so, I'd come to meet Jack at O'Flaherty's Irish Pub to ask him one simple question: Why?

"Just to impress your peers in the industry, I suppose," said Jack, who has a computer security job with IOActive of Seattle, but who worked on the ATM project largely on his own. "We always have this continual battle of who can come up with the coolest research."

It's an interesting subculture, the good-guy hackers. By and large, they are a crew of technical maestros who find a thrill in going where people aren't supposed to go, digitally speaking. Unlike cybercriminals, they turn their talents to the good, often landing jobs in which they point out vulnerabilities in software so those who depend on that software can fix the flaws before they lead to trouble.

The hackers bring with them a certain air of mischievous mystery. Jack, slim with closely cropped hair and a two-day beard, fits the bill. When I met him, he was sitting outside, dressed in black, smoking Camel cigarettes. He's from New Zealand originally, so he comes with a distinctive accent that is perfect for the part. Even his name -- Barnaby Jack -- seems right out of central casting.

"In the security scene, the scene, people think that it's a made-up handle," Jack said. It's not. He tells me he's been interested in cracking code since he was a kid in New Zealand, puzzling over ways to get around software copy protection. It was something about understanding how things work, getting a look under the hood.

As for ATMs, remember "Terminator 2: Judgment Day"? Sure you do. Young John Connor using his Atari Portfolio to take over a cash machine in broad daylight, etc.

"I always thought that was kind of cool," Jack said. So, a couple of years ago, after moving to California for a series of security jobs, Jack finally decided to give it a try. He bought two popular machines ("You can buy anything on the Internet.") for about $2,000 each and had them delivered to his San Jose apartment.

"So the guy, he wheels in this ATM, and he's like, 'Why on earth do you need an ATM in your house?' And I'm like, 'Oh, I just don't like the transaction fees, mate.' "

Jack came up with two different ways to bypass the ATMs' security and rewrite their software. After Jack demonstrated his hacks in Las Vegas, he became something of a media darling here and in New Zealand, which was especially nice. Not because he's a publicity hound, but because of the last reason he worked so hard to hijack the ATMs.

"Some of it is I just want to make my family proud," Jack said, meaning his sister, Amberleigh, 29, and his mother, Sammi. They're both in Auckland reveling in his fame. (Jack's father died in 2003.)

"He's my brother and I'd stick up for him no matter what," Amberleigh Jack says. "But I always had a faith that some day the world was going to see just how good he is."

And now, it seems, it has.

Explore further: US agency threatens to act against air bag maker

4.7 /5 (3 votes)
add to favorites email to friend print save as pdf

Related Stories

Proper flower and leaf development tied to the same gene

Jan 12, 2010

(PhysOrg.com) -- A group of Dartmouth researchers have discovered a new role for an important plant gene. Dartmouth Biology Professor Tom Jack and his colleagues have learned that a gene regulator called miR319a (micro RNA ...

Device helps physically disabled turn on computer

Jul 17, 2007

More than 14 million Americans under age 64 have a physical disability, according to the 2005 American Community Survey by the U.S. Census Bureau. A large percentage of these persons have little or no use of their hands to ...

Ornamentals to Brighten the Fall Garden Palette

Oct 02, 2009

(PhysOrg.com) -- With “trick-or-treaters” coming soon, imagine two spirited new pepper varieties making an appearance in your neighborhood as well. The new pepper cultivars have been released by the Agricultural ...

Recommended for you

GoGlove wearable aims to control life's soundtracks

1 hour ago

Technology creatives are seeing the key attraction in wearables as being in solutions that save the user from fumbling around with the phone to make app adjustments or changes, or from repeatedly taking it ...

Amazon cuts Fire phone price to ignite sales

1 hour ago

Amazon on Wednesday slashed the price of Fire mobile phones that stalled after launch early this year, becoming a drag on the US online retail titan's bottom line.

Thanksgiving travel woes? There's an app for that

2 hours ago

Traveling by plane, train or automobile can be a headache. Mixing in Thanksgiving can make it a throbbing migraine. Technology provides some pain relief in the form of apps to let you know which roads are ...

US agency threatens to act against air bag maker

2 hours ago

A dispute between U.S. safety regulators and air bag maker Takata Corp. escalated Wednesday when the government threatened fines and legal action if the company fails to admit that driver's side air bag inflators ...

Netflix sues Yahoo CIO for alleged kickbacks

3 hours ago

Netflix is suing a former company vice president who is now chief information officer at Yahoo, accusing him of receiving money from vendors he hired to work with the video streaming company.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

gunslingor1
not rated yet Sep 16, 2010
GOOD JOB Barnaby!!! Major props, I've seen your work, very impressive.

I presented at DEFCON this year, check it out:
http://www.defcon...tml#Polk

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.