Skip to Content
Uncategorized

Watch the ATM Hacker At Work

See hacker Barnaby Jack, who died last week, trick an ATM into spewing out all its cash
July 29, 2013

Hacker and computer security researcher Barnaby Jack died last week. I was lucky enough to meet him in 2010 to film footage for the video below explaining his most famous hack, which made ATMs spit out money like jackpotting slot machines. The demonstration took place in Jack’s home at the time, in San Jose. When he opened the door I saw the man himself, friendly and laid back, and the two ATMs he had installed in his kitchen.

See “How to Make an ATM Spew Out Money” for an interactive graphic explaining the ATM hack.

Jack was widely known and liked amongst hackers and security researchers as an impressive technical talent who also knew how to have a good time. Among the many online postings in Jack’s memory last Friday was a tweet from researcher Dan Kaminsky, showing Jack attempting to hack an ATM that dispenses gold bars in an Abu Dhabi hotel. Although the attempt was made with permission of the hotel’s owners, it was abruptly cancelled before he could extract any gold.

Jack’s ATM hack provides a good example of how “white hat” hackers like him operate and advance computer security, despite often being misunderstood. Jack may have relished testing and perhaps breaking rules, and enjoyed putting on showy demonstrations of hacks that could be used in very dangerous or criminal ways. But he was careful to cause no lasting damage worse than the acute embarrassment felt by the people and companies who had designed the technology he bent to his will.

This inside account of how Jack worked with one ATM company to fix its flaws before his headline-grabbing demonstration in 2010 gives an nice insight into the well-known side of his style of working. It’s clear that those at the company would have preferred for the demonstration to have not taken place, but they recognized their problem and welcomed Jack’s help to fix it. The ATM company’s engineer (who coined the term “jackpotting” that Jack adopted to describe money-spewing ATMs) sums it up like this:

“Barnaby got his 15 megabytes of fame, and we improved the security of our product, which I guess is how this ruthless Darwinian process is supposed to work.”

More recently, Jack had focused his attentions to medical devices, inspired by Kevin Fu, an academic researcher MIT Technology Review recognized as a TR35 in 2009 for work on implanted pacemakers and defibrillators. Jack showed in 2011 that a common insulin pump could be wirelessly made to deliver a lethal dose, and then himself turned to pacemakers and defibrillators. He was due to give demonstrations of hacks on heart implants at the Black Hat security conference in Las Vegas this week. Reuters reports that he was to show that one model of pacemaker could be made to deliver a lethal shock to the person it is implanted into from 30 feet away.

In February this year, Jack wrote a detailed analysis of an episode of the TV show Homeland in which the U.S. vice president is killed by an attack on his pacemaker. It was a twist some viewers found hard to believe, but Jack had no such trouble. “In my professional opinion,” he wrote, “the episode was not too far off the mark.”

Deep Dive

Uncategorized

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

stock art of market data
stock art of market data

Maximize business value with data-driven strategies

Every organization is now collecting data, but few are truly data driven. Here are five ways data can transform your business.

Cryptocurrency fuels new business opportunities

As adoption of digital assets accelerates, companies are investing in innovative products and services.

Mifiprex pill
Mifiprex pill

Where to get abortion pills and how to use them

New US restrictions could turn abortion into do-it-yourself medicine, but there might be legal risks.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.