Unexpected Stories from a Hacker inside the Government 5: A Tribute to Barnaby Jack

This is the closing part where Peiter Zatko tells the Defcon community two hilarious stories from his reminiscence of the famous white hat hacker Barnaby Jack.

5. A Tribute to Barnaby Jack

Okay, so let me try and give my Barnaby one without actually breaking down into tears here. Let’s see if I pulled myself together. It’s a real quick one, but it’s my little tribute to him. There are two things that happened, interactions with Barnaby that I’ll always remember. I mean, I remember all of the interactions, but two really stand out. One was a talk. I was on the steering committee of NDSS, and they asked me if I could bring in some folks to run some demos that would kind of break the academics out of the academic mold. And, you know, what better people than Barnaby Jack when he was working with the EI and the rest of the EI team to actually come in?

The problem is that the conference, like a lot of conferences, was very cheap; they wouldn’t pay them to come do the work or whatever. So I said: “Alright guys, the drinking bill the night before is on me; I’ll just foot the bill myself,” which is a very, very dangerous thing to do. Barnaby had a great time. I don’t think they went to sleep, they just kept drinking. They were on in the morning. And the audience at NDSS I don’t think actually really understood how cool the technology was that was being demonstrated. Because this was almost ten years ago, at this point, and Barnaby was remotely compromising a wireless router, replacing the firmware and then trojaning the Microsoft updates that were going through it over the wire before they were delivered to the end system.

Everybody in the first row was terrified that they were at some perverse form of a Gallagher hacker show.

They were demonstrating a bootroot, where they were getting an Ethernet, so a computer that was told not to boot off the network, the Ethernet adapter was on the PCI board, so it had direct memory access and it would still emit a BOOTP packet. And if you responded to it, the Ethernet board would actually shove it directly in memory and reboot from the network even if your BIOS didn’t have that capability. So of course they would say: “Here is your base operating system, it has a little hypervisor,” and of course the operating system would load up on top of this. This was a decade ago. This was awesome. And the reason why I don’t think any of the audience actually caught the technical part of those talks is because Barnaby nearly threw up on stage ten times in the middle of trying to give that talk, and everybody in the first row was terrified that they were at some perverse form of a Gallagher hacker show.

And then the other thing I remember about Barnaby was I had just gone in and I was working for DARPA, and my first public speaking engagement as a U.S. official was in Abu Dhabi. So, here I am, first time, the Government is a little nervous about me, I’m a little nervous about them. I’m flying under my Government official passport, not my blue tourist passport. So all the coordination between the countries that I imagine has to go on with those folks, and I’m in Abu Dhabi and that was actually to do the keynote for Black Hat, it was the first year they were over there. And it was the first time ever that I was showing parts of the Cyber Analytical Framework that I drove at DARPA.

Barnaby presenting his famous ATM research

Barnaby presenting his famous ATM research

And it was my way of trying to get a small group of peers that I could interact with and get feedback and just talk honestly: does this make sense or, you know, am I full of crap? Barnaby was there and ‘the Grugq’ was there. Those are two people that, put together, will deplete the world’s alcohol supplies. And he was doing his “Jackpotting ATM Machines”. Now, the UAE has a lot of money they’ve come into since the ‘70s. And in the palace there is an ATM machine that dispenses gold bars. Very expensive gold bars. Not like you’ve got some 200-dollar withdrawal limit. I mean, these are in the tens if not hundreds, I can’t remember how high up the price was. There might have been the ability to withdraw a million-dollar gold bar from it. Some of you might have seen the picture of Barnaby kind of like going like that, you know, right next to the thing.

So Barnaby’s had a few drinks and they see the gold ATM machine. So, how do you think it works? And they’re peering behind it and everything. And the folks who are – I think it’s the son or one of the relatives of the Crown Prince who I knew from a prior life – were looking at me and going: “What’s going on?” And they’re all starting to gather around the gold ATM. I forget who it was that tweeted and said: “I remember Barnaby in the UAE, calling the embassy to make sure everything was okay.”

It wasn’t the embassy, it was me, having to go over, talk to people who are part of the Court of the Crown Prince and explaining: “I know you’re not used to extremely heavy drinkers, and you just invited a bunch of hackers into your country, and they’ve demonstrated a bunch of crazy terrifying things, and now they’re eyeing your million-dollar gold vending machine. It’s Barnaby Jack, he’s cool. Don’t worry about it. I’ll tell you what, you probably want to know if your million-dollar gold vending machine has this problem. So, why don’t you let him do a little bit and then, when they walk away, why don’t you pull the plug on the thing and then move it off the floor?”

Sure enough, everybody got a little tired, because of course there’s some research that has to go into these things, and the alcohol fueling only lasts so long. And when everybody got a little tired and decided to walk away, the next day you see there’s this big curtain pulled around everything and nobody is allowed near the thing. So there was no reach out to the embassy and there was no international incident. But there was Barnaby Jack, and he’ll be missed. Thank you!

Read previous: Unexpected Stories from a Hacker inside the Government 4: Hacker Equals Researcher, Not Criminal

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: