The Digital Skeptic: Hacker Barnaby Jack Knew Dollar Value of the Truth
"I remember when I told Triton, one of the ATM outfits I'd analyzed, that, yeah, I could make their machines spit out cash," I was told a few years back by Jack, a so-called white hat security analyst at IOActive, a global information security research firm with an office in Seattle. "They actually took it in stride and said, 'OK, let's fix it.' That's not what often happens."
The native New Zealander, during a chance conversation at a San Francisco conference, explained to me patiently the intricacies of how with no inside knowledge of Triton's business he fooled a commercially available ATM into blowing money all over the floor.
"It's all public by now, so I can talk about it," he explained. "The machines aren't really that locked down. I could get a USB drive into one of 'em, upload some software. And that was that."Now comes the sad part: As much as I would love to get Jack's deep, investor-focused dive into what to look for as companies and governments handle the never-ending stream of digital age security blunders, I can't. Tragically, this 35-year-old security genius died last week, just before the Black Hat security conference in Las Vegas. "He was a compelling figure," Henry Schwarz told me on the phone -- which is about the last thing I would expect this man to say. See, Schwarz was the software project director for the Mississippi-based ATM maker, with more than 200,000 machines worldwide, that Jack took down. "It is a blow," he acknowledged. "It is not just the damage to your products and your company's good name. But there is a deep, emotional cost to having your machine hacked."
Schwarz has blogged and spoken about his experiences ridding thousands of Triton ATMs of the vulnerabilities sussed out by Barnaby Jack. And he has real lessons for investors who wonder if the security nightmare will ever end. "The trick is not to panic," he said. The easy thing for an organization to do, he said, is to look for ways that don't face the hard technical problems. He's seen companies consider legal options or punitive civil actions in court or otherwise find some way to evade the hard work of solving a real problem.
Select the service that is right for you!COMPARE ALL SERVICES
- $2.5+ million portfolio
- Large-cap and dividend focus
- Intraday trade alerts from Cramer
- Weekly roundups
Access the tool that DOMINATES the Russell 2000 and the S&P 500.
- Buy, hold, or sell recommendations for over 4,300 stocks
- Unlimited research reports on your favorite stocks
- A custom stock screener
- Upgrade/downgrade alerts
- Diversified model portfolio of dividend stocks
- Alerts when market news affect the portfolio
- Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
- Real Money + Doug Kass + 15 more Wall Street Pros
- Intraday commentary & news
- Ultra-actionable trading ideas
- 100+ monthly options trading ideas
- Actionable options commentary & news
- Real-time trading community
- Options TV