LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 08-05-2013, 01:16 PM   #1
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,875

Rep: Reputation: 62
Barnaby Jack, psycho hacker


I wonder if anyone here mourns this deceased programmer named Barnaby Jack, as Black Hat conventioneers in Las Vegas hackers reportedly do, or whether LQ members who have an opinion are glad he's gone.

I had never heard of him, but I would not have wanted to know a man who was interested in whether one could kill people by hacking into their pacemakers or other medical devices. He was apparently about to announce his findings on the subject. In which case, his death may temporarily leave the world safer--until someone else like him takes up the question.

I didn't know what "Black Hat" was either, so I looked it up and found that it's the subtype of hacker who criminally hacks for fun. Probably nobody would admit to liking Jack or being his type of hacker.
 
Old 08-05-2013, 01:23 PM   #2
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,377

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
I'd rather somebody bring these things out into the open and force companies to hacker-proof things like ATMs and pacemakers.
You may want to live in ignorance in a world where only criminals intent on murder or money jack but I'd rather live in one where information is free.
 
Old 08-05-2013, 01:35 PM   #3
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,875

Original Poster
Rep: Reputation: 62
I feel that my apprehension at the prospect of pacemakers being hacked doesn't warrant suggesting I want to live in ignorance. I definitely would not like to see this information disseminated because it would pressure the device designers to hack-proof them--that's a rationalization. Especially because if there even is such as thing as hacker-proofing, it's strictly temporary. Skilled hackers defeat the proofing in an endless cycle.
 
Old 08-05-2013, 01:39 PM   #4
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,377

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Somebody out there is hacking these things. Either you hear about it at Black Hat because somebody like Barnaby Jack tells you or you don't hear about it and people die because their pacemakers stop mysteriously and nobody is allowed to tell you why.
If Barnaby Jack wanted to kill people or steal from ATMs he would have been doing that and you wouldn't know about it. Would that really have made you feel safer?
 
Old 08-05-2013, 01:51 PM   #5
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Quote:
Originally Posted by newbiesforever View Post
I didn't know what "Black Hat" was either, so I looked it up and found that it's the subtype of hacker who criminally hacks for fun. Probably nobody would admit to liking Jack or being his type of hacker.
Sorry, that is in my opinion wrong. You'll get lots of different definitions of what a 'white hat', 'grey hat' and 'black hat' hacker really means, but 'white' is 'good', 'black' is 'bad' and grey is between white and black.

You can think of it in terms of old westerns- the 'black hat' is the bad guy and 'white hat' is the good guy. Black hat hacking is doing it for personal gain or maliciousness.

https://en.wikipedia.org/wiki/Black_...king#Black_hat

Hacking for fun is something that pretty much all the 'hats' do. As far as software exploits go, the difference is what the intended goals are, and what is done with any vulnerabilities exposed.

*edit- and if you look around, you will find refernces to Barnaby Jack being a white hatter-

Quote:
Barnaby Jack could kill a man by computer from 30 feet away, but he never would.

The renowned 35-year-old hacker, who revolutionized bank and medical device security, died on Thursday in San Francisco. According to the San Francisco Police, officers responded to a call that evening after his body was discovered by a loved one. The San Francisco medical examiner has not determined a cause of death.

The New Zealand native was the best kind of hacker, a “white hat” whose mission to identify vulnerabilities in systems wasn’t meant to wreak havoc, but to effect change in technology safety and security.
http://www.thedailybeast.com/article...jack-dies.html

Reality isnt black and white, neither are poeple.

I would not be suprised if the whole 'Barnaby Jack = black hatter' is mostly due to his going to black hat hacking conferences. With an added dash of 'OMG he was doing what with medical equipement?' From what I've seen of major corporations, sometimes just telling the company(ies) involved that there is a security issue in a quiet and discrete way means nothing changes. Maybe thats just my cynicism comign out.....

Last edited by cascade9; 08-05-2013 at 02:01 PM.
 
Old 08-05-2013, 02:36 PM   #6
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,875

Original Poster
Rep: Reputation: 62
Quote:
Originally Posted by 273 View Post
Somebody out there is hacking these things. Either you hear about it at Black Hat because somebody like Barnaby Jack tells you or you don't hear about it and people die because their pacemakers stop mysteriously and nobody is allowed to tell you why.
If Barnaby Jack wanted to kill people or steal from ATMs he would have been doing that and you wouldn't know about it. Would that really have made you feel safer?
People not knowing why the pacemakers stopped is one thing, but if people found out, why would they not be allowed to report why?
 
Old 08-05-2013, 02:42 PM   #7
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,377

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by newbiesforever View Post
People not knowing why the pacemakers stopped is one thing, but if people found out, why would they not be allowed to report why?
Because then it could be repeated. Otherwise why not let the information out now rather than letting somebody die before doing so?
Or, more likely, because either nobody will know or those that do will use it against others or, if they work for a medical company, bury it in fear of shareholder value falling.
 
Old 08-05-2013, 03:06 PM   #8
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,875

Original Poster
Rep: Reputation: 62
Quote:
Originally Posted by cascade9 View Post
Sorry, that is in my opinion wrong. You'll get lots of different definitions of what a 'white hat', 'grey hat' and 'black hat' hacker really means, but 'white' is 'good', 'black' is 'bad' and grey is between white and black.

You can think of it in terms of old westerns- the 'black hat' is the bad guy and 'white hat' is the good guy. Black hat hacking is doing it for personal gain or maliciousness.

https://en.wikipedia.org/wiki/Black_...king#Black_hat

Hacking for fun is something that pretty much all the 'hats' do. As far as software exploits go, the difference is what the intended goals are, and what is done with any vulnerabilities exposed.

*edit- and if you look around, you will find refernces to Barnaby Jack being a white hatter-



http://www.thedailybeast.com/article...jack-dies.html

Reality isnt black and white, neither are poeple.

I would not be suprised if the whole 'Barnaby Jack = black hatter' is mostly due to his going to black hat hacking conferences. With an added dash of 'OMG he was doing what with medical equipement?' From what I've seen of major corporations, sometimes just telling the company(ies) involved that there is a security issue in a quiet and discrete way means nothing changes. Maybe thats just my cynicism comign out.....
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.
 
Old 08-05-2013, 03:08 PM   #9
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,875

Original Poster
Rep: Reputation: 62
Quote:
Originally Posted by cascade9 View Post
Sorry, that is in my opinion wrong. You'll get lots of different definitions of what a 'white hat', 'grey hat' and 'black hat' hacker really means, but 'white' is 'good', 'black' is 'bad' and grey is between white and black.

You can think of it in terms of old westerns- the 'black hat' is the bad guy and 'white hat' is the good guy. Black hat hacking is doing it for personal gain or maliciousness.

https://en.wikipedia.org/wiki/Black_...king#Black_hat

Hacking for fun is something that pretty much all the 'hats' do. As far as software exploits go, the difference is what the intended goals are, and what is done with any vulnerabilities exposed.

*edit- and if you look around, you will find refernces to Barnaby Jack being a white hatter-



http://www.thedailybeast.com/article...jack-dies.html

Reality isnt black and white, neither are poeple.

I would not be suprised if the whole 'Barnaby Jack = black hatter' is mostly due to his going to black hat hacking conferences. With an added dash of 'OMG he was doing what with medical equipement?' From what I've seen of major corporations, sometimes just telling the company(ies) involved that there is a security issue in a quiet and discrete way means nothing changes. Maybe thats just my cynicism comign out.....
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.

I know moral issues are usually complex. There are surely no good guys here. Certainly not the black hatters. (Say, I wonder whyy it's not "black hackers.") Tell me most hackers won't get drunk on a sense of power.

Last edited by newbiesforever; 08-05-2013 at 03:09 PM.
 
Old 08-05-2013, 03:11 PM   #10
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Quote:
Originally Posted by newbiesforever View Post
People not knowing why the pacemakers stopped is one thing, but if people found out, why would they not be allowed to report why?
He wasnt stopping pacemarkers, he demonstrated using them to deliever fairly high voltage shocks.

That would not be what I would do if I wanted to kill someone..it would be far better to use it at a normal voltage level but change the pattern so that it caused a heart attack. That would look like some sort of failure rather than something underhanded.

Provided that the hacker cleaned out any connection logs (and I have no idea if pacemarkers would even have them) it would be very difficult to impossible for a ME to even know what caused the problem, let alone report the cause.

If some dodgy pacemarker (or other medical hacking method) murder method was used, as far as I know the only thing that could stop it being reported would be pressure from the medical companies.
 
Old 08-05-2013, 03:24 PM   #11
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,377

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by newbiesforever View Post
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.
So you'd rather vulnerabilities were hidden until used by an attacker?
No corporation will bother to fix something not cutting into their bottom line. The scenario in Fight Club where automotive companies calculate the cost of repair of a defect and the cost of the law suits if they don't may be a little contrived but it's not far off the mark.
The criminals here are the corporations allowing equipment like pacemakers and insulin pumps to be sold with no protection whatsoever. That, right there, is criminal negligence in my book and there is no way in hell they would admit it without a push.
 
Old 08-05-2013, 03:40 PM   #12
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Quote:
Originally Posted by newbiesforever View Post
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.
I didnt post a link to the WP (washingtonpost) but to thedailybeast.com

Reportedly? We dont know..and never will know..exactly what he was going to tell people in his presentation. All we know for sure it that he was schedlued to make a presentation "in which he would demonstrate shortcomings in medical devices like pacemakers and defibrillators."

Considering this-

Quote:
In a 2012 speech to at the BreakPoint security conference in Melbourne, Jack actually demonstrated this type of “anonymous assassination” by reverse-engineering a pacemaker transmitter that could deliver deadly electric shocks. A video of the demonstration isn’t available because Jack didn’t want to reveal the name of the manufacturer and put anyone in danger
http://www.thedailybeast.com/article...jack-dies.html

I doubt he was going to create a step by step 'this is how you kill with a pacemarker' wiki page.

Quote:
Originally Posted by newbiesforever View Post
There are surely no good guys here. Certainly not the black hatters. (Say, I wonder whyy it's not "black hackers.") Tell me most hackers won't get drunk on a sense of power.
There are good guys.

Its debateable if Barnaby Jack was a 'good guy' or not, but to make a blanket statement that the are 'no good guys' either shows a lack of knowledge, or a biased position.

After all, a large proportion (I'd say almost everyone) who is involved with coding linux, BSD and FOSS software has been called a hacker at some point.....

Quote:
Originally Posted by 273 View Post
No corporation will bother to fix something not cutting into their bottom line. The scenario in Fight Club where automotive companies calculate the cost of repair of a defect and the cost of the law suits if they don't may be a little contrived but it's not far off the mark.
Ford Pinto.

Quote:
Ford knows the Pinto is a firetrap, yet it has paid out millions to settle damage suits out of court, and it is prepared to spend millions more lobbying against safety standards. With a half million cars rolling off the assembly lines each year, Pinto is the biggest-selling subcompact in America, and the company's operating profit on the car is fantastic. Finally, in 1977, new Pinto models have incorporated a few minor alterations necessary to meet that federal standard Ford managed to hold off for eight years. Why did the company delay so long in making these minimal, inexpensive improvements?
Ford waited eight years because its internal "cost-benefit analysis," which places a dollar value on human life, said it wasn't profitable to make the changes sooner.
http://www.motherjones.com/politics/.../pinto-madness

Quote:
The Pinto Memo was a short document which included a cost-benefit analysis weighing the cost of an $11 per car fix against the cost of settling cases where the flaw caused death or injury.

Benefit:
Burn Deaths Burn Injuries Burn Vehicles
Savings 180 180 2100
Unit Cost $200,000 $67,000 $700
Sub-Totals $36,000,000 $12,060,000 $1,470,000
Total Cost $49 million

Risks:
Car Sales Light Truck Sales
Sales 11,000,000 15,000,000
Unit Cost $11 $11
Sub-Totals $121,000,000 $16,500,000
Total Cost $137 million
http://en.wikibooks.org/wiki/Profess...nk_Controversy
 
Old 08-05-2013, 03:45 PM   #13
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,875

Original Poster
Rep: Reputation: 62
I'm not offended, but think that between you quasi-insulting me (have we even met?) and your rage toward corporations (they merely annoy me), I should duck out of this thread or at least not post anymore. Goodbye.
 
Old 08-05-2013, 03:48 PM   #14
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,377

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by cascade9 View Post
Ford Pinto.
Thanks for the info -- I'd heard about that but not realised it really was that criminally negligent. I'd thought it was just not very good and exaggerated in anecdotes for effect.
 
Old 08-05-2013, 03:53 PM   #15
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,377

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by newbiesforever View Post
I'm not offended, but think that between you quasi-insulting me (have we even met?) and your rage toward corporations (they merely annoy me), I should duck out of this thread or at least not post anymore. Goodbye.
Did you read about the Pinto? I find it hard not to be appalled at such things and, rest assured, it is a legal mandate that corporations behave in that way.
This isn't rage -- this is an understanding that corporations are set up to be psychopaths. It's a pretty well-accepted view.
I don't hate corporations, personally (I work for a huge one), but I don't trust them at all and think law and independent researchers, whistle blowers and the like are needed to keep them in check.

I don't like criminal hackers either but actual criminal hackers tend to keep quiet about their results.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: InfoSec community mourns the loss of well-known hacker Barnaby Jack LXer Syndicated Linux News 0 07-30-2013 12:10 AM
Elite hacker Barnaby Jack dies ahead of Black Hat event Jeebizz Linux - News 1 07-28-2013 06:48 PM
Freespire Psycho-pinger... revmyo Linspire/Freespire 1 09-28-2006 02:00 PM
My mouse has gone psycho, plus other problems infamous41md Linux - Hardware 5 07-25-2005 01:28 AM
psycho is spying me help :/ Ateos Linux - Security 5 04-23-2005 02:42 AM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration