January 2, 2014
Did Cyber Thieves Possibly Murder White Hat Hacker?
Thieves in Europe have targeted cash machines by using USB drives, the BBC reported. According to the story, the thieves cut holes in the fascia to access a USB port and then uploaded the ATMs with malware, and were able to basically steal the money.
The malicious code provided the thieves with detailed information on the amount of currency in the machines and even the amount in each of the denominations. This enabled the thieves to take the big bills first to expatiate their crime.
While reporting on this story for redOrbit, this reporter came across another story that could be related. Back in 2010, Barnaby Jack, director of security research for IOActive Inc., developed software that could give a hacker access to an ATM’s computer. Jack disclosed his findings at the 2010 Black Hat conference in Las Vegas.
Now here is where the story gets interesting. While the BBC disclosed the hacking of the ATMs only this week, the actual crimes had apparently taken place last summer. This is notable because Jack died last June at the age of 35.
At the time of his death he had reportedly discovered a way to hack into the wireless communications systems that linked implanted pacemakers and defibrillators with bedside monitors.
Now, perhaps I’m connecting dots that aren’t there, but I’m a bit of a conspiracy buff. This is not to say I believe in most conspiracy theories – in fact I don’t. I, for one, don’t think FDR knew Pearl Harbor was going to be attacked, or that the CIA killed JFK. Yet it is telling that Jack died in June and this crime wave occurred last summer.
A possible theory could be that hackers had stolen Jack’s code, or perhaps he was tracking someone who might use the code. With Jack out of the way it would be harder to determine who was behind this crime.
Does that sound ominous? Maybe, or maybe someone just read Tom Clancy’s Threat Vector, which came out in December of 2012. It actually foreshadowed cyber attacks made by China against America and other international interests. Clancy – who passed away in October of 2013 – always had a vision that was almost akin to a crystal ball. He had a character that flew a plane into the Capitol Building and had a Spec Ops team basically capture a Bin Laden-type character. Both events occurred before anything similar happened in real life.
What makes Threat Vector interesting is that in addition to dealing with the Chinese cyber attacks, the hackers actually clear the way. They kill several security experts, including characters that seem a lot like Barnaby Jack – and some characters (spoilers) are even taken out at the Black Hat conference!
Conspiracies, of course, are possible when the dots that make sense are connected and those that aren’t are overlooked. In the case of Barnaby Jack and the ATMs, we have to understand that most ATMs run on software and hacking these isn’t all that difficult.
The hackers in the European crimes used a combination of malware and brute force. They had to physically breach the machine to access the USB port to load the malware. Jack’s method was apparently different, but it is something he didn’t disclose… or did he?
The truth is that cyber crime isn’t really all that complex or complicated. Hackers don’t need master’s degrees to write malicious code at the level used to break into a computer in an ATM.
This is very different than the software that was used in the cyber attacks that took down the computers used in Iran’s nuclear program. So if anyone killed Jack, maybe we should look elsewhere.
And finally, for the record… talking about international conspiracies, Showtime’s Homeland had a whole plotline (spoilers) that involved an assassination conducted via a hacked pacemaker, so sometimes fiction and fact seem all the more similar.
Image Credit: Thinkstock