When celebrated computer hacker Barnaby Jack died suddenly a year ago at the age of 35, headlines around the world touted the Steve Jobs-style pizazz he brought to cyber-security conferences and his show-stopping stunts such as breaking into ATMs and pacemakers. In hacker circles, he was known as the life of the party.
But recent interviews with Jack's family and longtime friends portray a much different person, one who was uncomfortable with being in the spotlight at the annual Black Hat and DefCon conventions, events that will miss his showmanship when they begin next week in Las Vegas.
Little is known about the circumstances around Jack's final days. A five-month investigation by the San Francisco Medical Examiner's Office found that Jack's death on July 25, 2013 was the result of an overdose of cocaine, heroin, and allergy and anxiety medications.
What is clear is that he had conflicted feelings about fame and the heightened expectations that come with breakout success. "White hats" like Jack play a critical role in uncovering security flaws early so they can be fixed before real damage occurs. Yet few possess the combination of attributes that made Jack a star: charisma, cleverness, strong technical skills and a marketing instinct that appeals to the mainstream.
Especially that last part.
In 2010, Jack showed how he could hack into ATMs and make them spit out cash. Two years later, demonstrating a potentially fatal hack, he rigged up a clear mannequin with a pouch of red fluid inside to show how he could force insulin pumps to dump their contents. Before Jack died, he was about to perform a hack involving pacemakers. In an interview a week before his death, Jack said he planned to show how he could scan a 30-foot area for a certain model of pacemaker and defibrillator - he wouldn't say which one - and send high-voltage shocks to the device to short out its circuitry.
But Jack was greatly anxious about presenting and loathed the spectacle of it, according to Gunter Ollmann, chief technology officer for IOActive, Jack's last employer. Jack viewed the presentations as a "necessary evil" in order to warn the public about security threats, pressure companies to fix the flaws and help his career, Ollmann said. Jack would retreat into radio silence for weeks before conferences, shutting off friends and colleagues, said Ollmann, who knew Jack for more than a decade.
"The thoughts of going on stage with several hundred people listening to every word, that was nerve-wracking for him every time," Ollmann said. "He was a master of turning that tremendous nervous anticipation into the excitement, the jazz on stage that made it all work. The magic he had in those performances - people that knew him well knew how much effort and how difficult it was for him to psych himself up to get on stage and give those talks."
"While we've all seen how he was an extrovert, he was much more an introvert than many of us," Ollmann added.
Jack was uncomfortable with the attention he got from the ATM talk at Black Hat, which generated stories in news outlets around the world, said his sister Amberleigh Jack, a freelance writer in Auckland, New Zealand, who coached him on how to talk to reporters.
"He did all the press because he had to," she said. "He was never a show pony for the sake of being a show pony."
Jack got his love of technology from his father, Michael, who ran a pirate rock-and-roll radio station from a boat off the coast of New Zealand. His dad and mom, Sammi, a former emergency room nurse who works in hospital management, both encouraged their kids to pursue their passions even if they were outside the norm, according to his sister.
Jack's first attempted hack was taking apart their dad's computer without permission. Making matters worse, he wasn't able to put it back together. His skills obviously improved. After his father died in 2003 from cancer, Jack worked at technology companies in Southern California and then in the San Francisco area.
He would visit New Zealand twice a year and bought his mom and sister tickets to visit him in San Francisco, a trip that was supposed to happen at Christmas the year he died. Jack didn't disclose any serious health conditions to his family, and there were no signs of trouble before his death, his sister said.
Jack's death not only leaves a void among his family and friends, but also in an industry where skills like his are in high demand. As hospitals, power grids, financial institutions and consumers increasingly go digital, the risk of hacking grows. The security industry is estimated to generate more than $85 billion in global revenue by 2016, and these attacks have never been more sophisticated.
Jack's work involved difficult subjects that few others had studied. While pursuing his ATM-hacking research, Jack spent six months building relationships with ATM vendors. Representatives from two of them were in the front row when he spoke. In trying to figure out how to hack into pacemakers, he turned to the father of his last boss, IOActive CEO Jennifer Steffens. Jack spent hours talking with her dad, who uses a pacemaker, and his doctors.
"He really cared about making a difference in that area, and my dad and his doctors wanted to help," Steffens said.
While Jack was known for his zany antics at conferences and parties - he once wore a fake leopard-fur coat in Las Vegas's summer heat - his work carried a lot of weight in the industry, and his discoveries pushed other hackers harder, said Jeff Moss, founder of Black Hat and DefCon.
And his efforts pushed the manufacturers. Medtronic, one of the world's biggest medical device makers, hired security teams and coordinated with the U.S. Department of Homeland Security to implement anti-hacking changes to its insulin pumps and other products in light of research from Jack and others.
"He was really approachable, he really knew what he was talking about, he emitted this great level of light, he was this infectious person to be around, and it's not like this industry is full of those personality traits," Moss said.