Gerard Janssen – Hackers: The Freedom Fighters of the Internet
Underground passageways In the mausoleum of the Pantheon in Paris there hangs a clock that dates back to 1850, a mechanical work of art with cogs of varying sizes. For more than a century the clock kept time well. Every day a French attendant wound up the timepiece by hand. This was a hellish task. It was so tiresome that one day an attendant decided to sabotage the clock. A broken clock doesn’t need winding up, so that saved a load of work each day. The clock has therefore stood still since the 1960s.
But over Christmas 2006 to everyone’s surprise the clock sounded again. No one knew how it was possible, but from one day to the next the hands began to turn again.
The story of this mysterious repair begins in the 1980s. Six teenagers set off on an adventure. They lifted up a manhole cover, not far from the Eiffel Tower, lowered a ladder into the hole and, armed with torches, they climbed down. They found themselves in an underground tunnel. On the ground was a cable. They followed the cable, which led to a passageway shut off with horizontal bars. But the skinny teenagers were able to wriggle between them. This brought them to a new room, where they found keys. The keys fitted a door to another chamber, where they found a cabinet. In a drawer they found maps of the secret and forbidden system of passages beneath Paris.
Since then various groups have moved in the passageways under the city. They furnished underground rooms as cinemas, cafés and secret chambers. The Mouse House is a club consisting exclusively of women, La Mexicaine de Perforation organises film showings, and Untergunther consists of urban explorers who enjoy restoring old rooms.
One of the underground tunnels led to a cellar under the Pantheon. From there the adventurers succeeded in surfacing via a stairway. In the attic of the building, where the mausoleum was situated, the group La Mexicaine de Perforation set up a secret club house. Hidden behind a wall of wooden crates they built a lounge, a library and even a bar.
The club house also contained the mechanics of the clock. One of the Untergunther members was the professional clockmaker Jean-Baptiste Viot. He saw that the clock had rusted. But it was not yet too late to clean and restore it. The repair work took a year. Other members of Untergunther assisted with simple tasks, such as polishing the cogs. Finally the clock was working again and could be linked up to the mechanism that made it chime. A member of Untergunther proudly contacted the Centre des Monuments Nationaux (CMN), the department responsible for the Pantheon, to let them know that the clock had been repaired.
The authorities, however, were not pleased with the illegal restoration and all the work that a repaired clock would bring with it. They broke the clock again, and began legal proceedings against the clockmaker and other members of Untergunther, charging them with forcing a lock. But the judge acquitted Untergunther, because it could not be proven that the lock had previously been intact.
The underground passageways connecting government buildings and museums are the perfect metaphor for the internet. Just as urban explorers know the way in the tunnels below Paris, hackers find their way along the fibre optic cables which lie like tunnels beneath our world. They sometimes do things that are not permitted, but most of the time there are no ill intentions.
It was at this time that I stumbled across the story of Barnaby Jack. It’s 26 July 2013, the day after his death, when I first hear about him. Online I come across articles with titles such as:
‘Famed hacker Barnaby Jack dies a week before hacking convention.’ ‘Hacker Barnaby Jack’s cause of death could remain unknown for months: Celebrated hacker who infiltrated implanted medical devices and ATMs was found dead Thursday in San Francisco.’
A guy who hacks cash machines and has died in mysterious circumstances? That sounds like a good story to me. On the internet I search for all the information I can find.
Barnaby Jack turns out to be a hacker from New Zealand. As a child he couldn’t focus his attention, he wasn’t getting anywhere at school, but in his bedroom he dismantled electronic appliances and found inner peace in exploring the early internet on his computer. His sister Amberleigh remembers once asking as a joke if he could erase her student debt. She recounts how Barnaby became genuinely nervous at the question. A worried look came into his eyes and replied that he could do it, but then he’d have to delete thousands of other student debts too, otherwise he’d be caught.
Using bulletin boards – computers on which messages are left, and which therefore serve as digital pin boards – using his nickname Dark Spyrit, Barnaby kept in touch with other hackers, such as the American computer child prodigy Marc Maiffret, who at the age of sixteen hacked into the American government’s computers. Maiffret had woken up one morning with an FBI pistol to his temple. It gave him the idea of starting up a legal company: eEye Digital Security, in Aliso Viejo, California. Around the turn of the millennium, Maiffret tried to persuade Barnaby to help him in his new company, but Jack kept his distance at that point. In 1999 the twenty-two-year-old Jack made a name for himself discovering vulnerabilities in servers using the Microsoft Windows operating system. In the legendary hackers’ magazine Phrack he describes how he used what is known as a buffer overflow for the purpose. The article in Phrack is a patchwork of profound quotes, level-headed texts and incomprehensible technical jargon. Magic spells, in a manner of speaking, which lend the article a mysterious aura of freemasonry. Not only does it raise the subject of taking over Microsoft computers, but also of protecting the internet, which is characterised as the last great bastion of freedom of thought, ideas and expression.
In Jack’s view the internet was at risk because it was increasingly controlled by companies and governments. Governments are interested in control. Large businesses are interested in money. They will always choose new functionality over security.
Hackers are the freedom fighters who should stand guard over the internet. They research the secret software of large businesses and governments, investigating precisely what the software does, with the aim of protecting the internet. Like a kind of digital samurai.
In 2003, when his father dies at the age of fifty-nine of prostate cancer, Jack gets onto a plane to San Jose to go to work for Maiffret’s company eEye after all. Later Jack moves to the company ioActive, specialised in the security of the Windows operating system. There he starts work on a special project. Something he has been dreaming of ever since he saw the film Terminator 2, where the young John Connor hacks a cash machine with a credit card linked to an Atari computer. The image has remained in Jack’s mind.
Hacking cash machines
On 28 July 2010 he is the sensation of the Black Hat annual hackers’ conference in Las Vegas. The clip of this conference can still be viewed on YouTube. When Jack comes onto the stage, there’s cheering from the room, as there would be for a stand-up comedian. He’s sporting a buzz cut and wearing a black shirt. There’s something of the actor Colin Farrell about him, perhaps the actor’s nicer, kinder brother, his lively eyes emanating a mixture of shyness and cheekiness.
Speaking with a strong New Zealand accent, Jack explains how you can simply rent ATMs: ‘Add to cart.’ He recounts how a man with a hand truck delivered the machines to his house. What on earth do you need an ATM in your house for?’ the man asked.
‘Oh, I don’t like the transaction fees, mate,’ said Jack.
Loud laughter form the auditorium.
In the clip Jack also recounts the eight-hour drive to Las Vegas, and the fear of being stopped by the police. With two ATMs and six thousand notes of novelty currency in the boot. ‘The whole time I’m thinking “Please don’t get pulled over, please don’t get pulled over”,’ he says.
After a bit of Googling, Jack finds a web shop selling a universal key for a couple of dollars with which you can open the cabinet. He orders the key. When it arrives in the post, he opens the window in the ATM and gains access to a small computer with a USB port. Using a USB cable he connects the computer in the cash machine with his laptop. He investigates how cash machine software works. For days on end he presses the buttons on the little keyboard, and looks at the signals the computer sends back. As if defusing a bomb. When he inserts his card into the machine, it sends a different signal along the cable from when he presses the twenty-dollar button. He plays with it until he understands how the computer processor controls the cash machine. In the end the firmware – the machine’s operating system – no longer holds any secrets for him. He also finds a way of making wireless contact and circumventing the passwords it requests. This way he can ‘update’ an ATM without opening it with a key.
In Jack’s view, the ATM problem generalises to society as a whole. The cash is stored in a bulky safe. But the computer’s motherboard, which controls the computer, is easy to get your hands on. Once you have control of the computer, you have control of the safe. Then the money is no longer secure in the safe. It’s that simple.
The highlight of the presentation is the moment when one of the ATMs begins to play an 8- bit Nintendo tune and spews out all the banknotes one by one. At the end of his talk he receives a standing ovation from the entire room, apart from two men. They are the original programmers of the cash machines (who later became good friends with Jack). ‘The goal definitely isn’t to give a cookbook recipe on how to hack ATMs,’ says Jack with a twinkle in his eye, it’s ‘to design better and safer products in the future.’ The hackers in the room laugh.
Everything about the story fascinates me. It’s funny, but it’s also about real things, such as good stand-up comedy. Coming up with the idea of renting a cash machine online and ordering the universal key from the internet. Having the technical knowledge to adapt the computer’s software. To me it’s a form of art. I watch more clips of Jack.
A year after hacking the cash machine, Barnaby Jack shows how he can manipulate pacemakers and ICDs (implantable cardioverter-defibrillators) remotely using radio waves. In the case of a defibrillator he is able to make the device deliver a shock of 830 volts, using the same radio waves you use to unlock your car doors remotely. Handy for a patient, who doesn’t require an operation every time the settings of an internal medical device need adjusting, but dangerous if you’re the vice president of America and an evil genius is capable of giving you a shock of more than 800 volts.
On 2 December 2012 the TV series Homeland reveals how an Al Qaida hacker sitting in front of two computer screens types in incomprehensible code at lightning speed.
In the next scene we see an office with hardcover books on the shelves and expensive paintings on the wall. An elderly man in a suit clutches at his chest and collapses.
Messages crop up online immediately after the show. Is this possible? Can a hacker get into the vice president’s pacemaker by a wireless connection and give him a shock of a couple of hundred volts? Of course not, say doctors. Homeland is fiction. In reality this is absolutely impossible! But never tell a hacker something is impossible.
Within a couple of weeks Jack has succeeded in taking control of an ICD from a distance of thirty metres and loading it with a charge of more than 800 volts, enough to deliver a fatal electric shock. Jack is genuinely curious as to where the makers of Homeland got the idea. The answer seems simple. The scriptwriters probably spoke to (former) staff of the American intelligence services, as this scenario really was planned for.
Dick Cheney – vice president under George Bush from 2001 to 2009 – had an ICD in his chest. A 2013 interview for the CBS programme 60 Minutes revealed that his doctors had switched off the wireless function in 2007, fearing a possible attack.
Barnaby Jack jokes that the defibrillator scene in Homeland is ridiculous, because ‘You don’t need a serial number!’
Hacking is easier in the real world than in fiction. Jack immediately realises that it’s not only defibrillators that are vulnerable, but other medical devices too.
In 2013 Barnaby Jack is back on the Black Hat programme. This time to demonstrate that you can hack into insulin pumps wirelessly and give someone a fatal shot of insulin from a distance. In theory it’s even possible to commit a terrorist attack. With a strong antenna you can attack all insulin pumps within a radius of half a kilometre. In a busy place like a station, or on Brooklyn Bridge, you could hit dozens, perhaps even hundreds of victims.
‘Implantable Medical Devices. Hacking Humans’, is the title of his talk. But shortly before the conference his girlfriend Layne Cross finds him dead in his apartment in Nob Hill, San Francisco. He’s lying in bed, surrounded by beer and champagne bottles.
Jack’s sudden death gave rise to conspiracy theories. On the ‘conspiro’ subreddit, a digital community focused on conspiracy theories (‘meta-conspiracy with intelligent discussion’), various scenarios do the rounds. Jack was murdered because vulnerabilities in the medical devices had to be kept secret, so that the CIA could continue to use them to murder people. Others believe his death was staged, and that Jack is now secretly working for the CIA. A third theory links Jack with the death of Michael Hastings, a journalist who died a month earlier in a car accident on a long straight road involving no other vehicles. Barnaby Jack’s last Tweet is about the work of two colleagues who showed how you can remotely take over control of a car. Hastings was working on a story about CIA director John Brennan. Five months after Jack’s passing comes the official cause of death. According to the forensic investigation he probably died from a combination of heroin, cocaine, Benadryl and Xanax.
I read everything I can find about it. What happened to Barnaby Jack? And all that hacking of cash machines and insulin pumps, how did he do that?
When I write a story about Barnaby Jack for the Dutch magazine Vrij Nederland, the editor compliments me on it. But he also tells me that the editor-in-chief would like to know exactly where I sourced all the details. I suspect he’s afraid I’ve made up parts of the story, so I send him a list of my sources; articles from the New Zealand press, YouTube clips, and so on.
I realise that the hacker stories are more fantastic than people can imagine. At the same time I’m aware that my story is nothing other than a collection of established facts. It would have been great if I’d been there in Las Vegas. If I’d been on the road with Barnaby Jack. If I’d watched over his shoulder as he hacked a cash machine. I’d have liked to interview him. It would have been amazing to follow him for a while. But sadly that’s no longer possible. I decide to go in search of today’s Barnaby Jacks.
Translated by Anna Asbury