
Hacker Barnaby Jack has died - cyanbane
http://www.reuters.com/article/2013/07/26/us-hacker-death-idUSBRE96P0K120130726
======
tptacek
Barnaby Jack was part of the soul of the software security community. He had
so many friends. Please today remember that he was a real human being, and
that he had friends who might read HN.

~~~
mehmehshoe
Exactly. I mentioned on another submission, that got killed, that it would be
a great tribute to the man if one of his friends/associates that new his work
well could fill in and give his presentation at the conference. With so little
time, I now think that might be unreasonable. Maybe use the time slot to hand
out the slides, raise a toast and share some stories. The subject of his talk
is incredibly important and should be distributed.

After minor digging, here is his blog about medical device hacking vs. the
hollywood version:

[http://blog.ioactive.com/2013/02/broken-hearts-how-
plausible...](http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-
was.html)

Interesting tidbit from the blog-The CEO's father has a pacemaker.

~~~
mehmehshoe
Blackhat will leave his slot open to commemorate.

[https://www.blackhat.com/latestintel/07262013-remembering-
ba...](https://www.blackhat.com/latestintel/07262013-remembering-barnaby-
jack.html)

------
dbloom
Barnaby Jack "jackpotting" an ATM at BlackHat USA 2010:
[http://www.youtube.com/watch?v=v-dS4UFomv0&t=5m47s](http://www.youtube.com/watch?v=v-dS4UFomv0&t=5m47s)

~~~
tptacek
In the last couple years he'd become (justifiably) famous for stunt hacks like
this, but I think it's important to remember that the guy was the genuine
article, genuinely talented, old school in the truest sense. Here's I think a
better starting point for his work. Read it on the mailing list, like we all
did:

[http://marc.info/?l=vuln-dev&m=106331197530352&w=2](http://marc.info/?l=vuln-
dev&m=106331197530352&w=2)

~~~
lawnchair_larry
[http://www.phrack.org/issues.html?issue=55&id=15](http://www.phrack.org/issues.html?issue=55&id=15)

------
lawnchair_larry
Please do not make comments about conspiracy theories. This event is not
suspicious.

~~~
mililani
Until there is a cause of death from a thorough autopsy, I think it's too
early to say whether this is suspicious or not. I can't believe you are being
upvoted for saying this.

~~~
marshray
Russia Today certainly knows how to state it for maximum effect:

"Hacker dies days before he was to reveal how to remotely kill pacemaker
patients"

[http://rt.com/usa/hacker-pacemaker-barnaby-
jack-639/](http://rt.com/usa/hacker-pacemaker-barnaby-jack-639/)

Edit: It seems very relevant to keep in mind that this is not the first time
someone (or even Jack in particular) had demoed remote kill switch
functionality for human beings.
[http://www.bloomberg.com/news/2012-02-29/mcafee-hacker-
says-...](http://www.bloomberg.com/news/2012-02-29/mcafee-hacker-says-
medtronic-insulin-pumps-vulnerable-to-attack.html)

~~~
GigabyteCoin
The kind of thing they're referring to is commonplace in Russia,
unfortunately, so you can't exactly blame them for thinking that:
[http://en.wikipedia.org/wiki/List_of_journalists_killed_in_R...](http://en.wikipedia.org/wiki/List_of_journalists_killed_in_Russia)

------
anthonyarroyo
As someone who has a defibrillator with remote-access capabilities, I'm
thankful that Jack was trying to bring this vulnerability to light.

------
kayoone
But why ? Didnt know anything about him but he looks like 35 years old. An
Accident ? Something else ?

All these young tech people dieing lately is a bit unsettling.

~~~
GigabyteCoin
Life is fragile.

I had a friend of mine drop dead of a heart attack at the ripe old age of 27.

~~~
nikster
A friend of mine died from pneumonia at 30. He went to bed not feeling well
and never woke up.

------
hfsktr
The original link isn't working for me but this appears to be the same:
[http://www.reuters.com/article/2013/07/26/net-us-hacker-
deat...](http://www.reuters.com/article/2013/07/26/net-us-hacker-death-
idUSBRE96P0K120130726)

~~~
rdudekul
Try this one: [http://www.bloomberg.com/news/2013-07-26/barnaby-jack-
comput...](http://www.bloomberg.com/news/2013-07-26/barnaby-jack-computer-
hacker-dead-at-36.html)

~~~
hfsktr
I thought the comments on the link I gave were bad but those are just as bad.

I mean the 'omg hacker means evil and he deserved it!' stuff...at least the
tinfoil hats make a bit of sense.

------
vxxzy
Isn't it sad that since the NSA revelations anything is really "on the table"
for our imaginations? Nothing seems too far-fetched these days...

~~~
codex
The U.S. mortality rate is 0.008 per year. That means that in any gathering of
100 people (roughly the number of speakers at Black Hat), there is a 55%
chance that at least one will die in the year before the event and a 6.5%
chance they would die one month before the event. Over ten years of
conferences, the odds that someone would die within one month of speaking is
49%. The under-40 crowd doesn't really appreciate this since death
predominantly affects older people.

~~~
conroe64
That doesn't consider that the age and economic status of conference speakers
isn't representative of the U.S. as a whole. Not that it's impossible for it
to be an accident, but the odds are certainly less than 49%, given that the
crowd is mostly urban professionals.

~~~
codex
Sorry, I should be clearer: I was calculating based on the general mortality
rate. The accident rate is much lower (0.000391). I agree that either measure
is skewed, though; this is just a rough calculation. The annual death rate for
35-44 from all causes (see
[http://www.data360.org/dsg.aspx?Data_Set_Group_Id=587](http://www.data360.org/dsg.aspx?Data_Set_Group_Id=587))
is 0.002, which puts the odds of a speaker death within one month of the
conference at 15% over ten years. Poorer, but then again, this is for only one
specific security conference. If you assume five security conferences a year
of all sorts, it's back to 50% over ten years. I think it's a bit higher as
these speakers live sedentary lifestyles, even for the U.S.

~~~
conroe64
Makes sense.

Another thought: Barnaby Jack was one of the top speakers and was to speak on
a very controversial subject. I would guess that out of the 5000 speeches that
were presented in your scenario only a few of them, maybe 2%, would contain
information controversial enough that foul play would appear as a reasonable
scenario to an outside observer (and this is being generous).

    
    
      Let F = foul play occurred in order to disrupt a conference,
        D = death of speaker one month before conference
    
      Let P(D) = (.02 deaths per year for 25-35 y.o) / (12 months in a year) = 0.0017
      Let P(F|D) = .001 (assuming 1 in 1000 chance foul play was involved given a death of a speaker at a conference)
        P(F) = P(F|^D) * P(^D) + P(F|D) * P(D) 
             = 0 * 0.98 + 0.001 * .02
             = 0.00002
      Let P(D|F) = 1 (chance of death if foul play is involved, assumed 100%)
    
      So Bayes theorem gives us:
    
      P(F|D) = P(D|F)*P(F)/P(D)
           = 1 * 0.00002 / 0.0017 
           = 0.018 (chance of foul play for a single speech given the speaker died 1 month before)
    
      Let P(C) = 0.02 (probability of a controversial speech)
      P(D) = .0017 (from above)
    
      Let P(C&D|F) = .5 (assuming there is a 50% chance the speech was controversial given foul play did occur, and death always occurs from foul play)
      P(C&D) = .02 * 0.0017 = 0.000034
      P(F) = 0.00002 (from above)
    
      P(F|C&D) = P(C&D|F) * P(F) / P(C&D)
             = 0.5 * 0.00002 / .000034
             = around a 30% foul play was involved in Barnaby Jack's death
    

There are a lot of assumptions here that could adjust the final figure up or
down, but if I did my math right, foul play does seem a reasonable scenario,
(but not a foregone conclusion).

edit: removed line "P(F|D) = 0.00058 (from above)" as pointed out by user
0003. End result didn't change, though.

~~~
0003

      P(F|D) = 0.00058 (from above)
    

Can you explain this line?

~~~
conroe64
Sorry, that line was erroneous, but didn't affect the rest of the calculation
as far as I can tell. I have removed it.

------
benackles
The correct link to the Reuters article is
[http://www.reuters.com/article/2013/07/26/net-us-hacker-
deat...](http://www.reuters.com/article/2013/07/26/net-us-hacker-death-
idUSBRE96P0K120130726)

------
JonSkeptic
I find the title of this article to be unsettling. The title almost makes it
sound like he died to avoid going to the conference.

While I guess that feeds into the much beloved past time of conspiracy theory,
I can't help but think it could have been worded significantly better.

~~~
cyanbane
When I originally saw this I posted it with the title as it was on the
article. The article itself has been updated with a lot more information than
was originally on there and also the title has changed.

------
hendler
Corrected Link [http://www.reuters.com/article/2013/07/27/hacker-death-
idUSL...](http://www.reuters.com/article/2013/07/27/hacker-death-
idUSL1N0FW0HW20130727)

------
tareqak
BBC article here:
[http://www.bbc.co.uk/news/technology-23467411](http://www.bbc.co.uk/news/technology-23467411)

------
mwally
To many researchers are turning up dead lately.

~~~
weego
Too many? How many have turned up dead?

~~~
pyre
One is too many?

~~~
PhasmaFelis
One is not "researchers."

------
anateus
I had only met him in person once, but he was clearly a great human being.
I'll remember the drinks we shared.

------
ferdo
The article is 404?

~~~
GigabyteCoin
Not anymore it's not.

Reuters just does that from time to time.

I think it's similar to reddit's "uh oh you broke reddit" response, just a bit
less user friendly.

------
ferdo
[http://en.wikipedia.org/wiki/Karen_Silkwood](http://en.wikipedia.org/wiki/Karen_Silkwood)

~~~
deadfall
This is indeed an interesting story. Thanks for sharing.

