카페 게시글

IT-컴퓨터 관련정보 스크랩 해커- 바너비잭 (1977~2013년 )

바위섬 추천 6 조회 847 14.06.29 08:44 댓글 2

게시글 본문내용

<졸쥬:

- 그들은 궁극적으로 당신의 두뇌를 조종하여, 노예화가 목적이나, 당신을 추적하고, 생명유지의 첫번째 조건은 건뇌와 심장입니다..-

의료기기의 컴터시스템도 원격으로 해킹가능하고, 임플란트된 칩도 감염(http://youtu.be/TY8fcTN5OL4 )이 된다는 사실이 밝혀지고 있습니다. 아래글은, 지난해 사망한 해커 바너비젝을 기리며, 해당 기사 올려봅니다.>

출처: http://rt.com/usa/hacker-pacemaker-barnaby-jack-639/

Hacker dies days before he was to reveal how to remotely kill pacemaker patients

해커 바니잭씨는 어떻게 원격으로 심박조율기를 단 환자를 사망에 이르게 하는가 그 방법폭로 몇일전에 사망하였습니다.

Published time: July 26, 2013 15:07
Edited time: July 26, 2013 16:32

Security researcher Barnaby Jack has passed away in San Francisco, only days before a scheduled appearance at a Las Vegas hacker conference where he intended to show how an ordinary pacemaker could be compromised in order to kill a man.

보안연구가였던 바너비 잭씨는 일상의 심박조율기가 사람을 살해하기 위해서 위태롭게 사용될 수 있는가를 보여주기 위해 참석예정이었던, 라스베가스의 해커 컨퍼런스에 참석하기 하루전에, 샌프란시스코 사망했습니다.

Jack, who previously presented hacks involving ATMs and insulin pumps at the annual Black Hat conference in Vegas, was confirmed dead Friday morning by the San Francisco Medical Examiner’s office, Reuters reported. He passed away Thursday this week, but the office declined to offer any more details at this time.

이전에 베가스에서 일년마다 열리는 Black Hat 학회(Balck Hat conference)에서 ATM기계들 과 인슐린펌프들과 관련된 해커들을 발표한적이 있는 잭은 샌프란시스코의 의료조사단들에 따르면, 금요일날 사망판정되었다고 로이터통신이 보도했습니다.

그는 이번주 목요일에 사망하였으나, 그의 사무실에서는 더이상의 공식적으로 상세한 내용을 제공하는것을 거부하였습니다.

Jack’s death came one week to the day before he was scheduled to detail one of his most recent exploits in a Black Hat talk called “Implantable Medical Devices: Hacking Humans.”

잭의 죽음은 그가 가장 최근에 일정중에 있었던 Black Hat 해커들의 모임에서 " 임플란트된 의료기구들: "인간을 해킹하기"라 불리우는 내용으로 그가 가장 최근에 탐구한 내용에 대한 상세한 발표가 예정된 하루전 사망했고, 이제 일주가 지나고 있습니다.

“I was intrigued by the fact that these critical life devices communicate wirelessly. I decided to look at pacemakers and ICDs (implantable cardioverter defibrillators) to see if they communicated securely and if it would be possible for an attacker to remotely control these devices,” Jack told Vice last month.

"나는 이들 위기의 생명장치가 무선으로 통신이 가능하다는 사실에서 호기심이 작동되었습니다. 나는 만약에 심박조율기나 전자제세동기가 심각하게 소통가능한지, 그리고 어떤 공격자들이 원격으로 이러한 장치들을 조종가능한지를 알아보기 위해서, 심박조율기와 ICDs( 이식가능한 전자제세동기 디파이브릴레이트; implantable cardioverter defibrillators)를 검토해보았습니다." 잭은 지난주에 Vice에게 그렇게 말했습니다.

After around six months of research, Jack said he developed a way to hack one of those devices remotely and send it a high-voltage shock from upwards of 50 feet away.

“If the devices can be accessed remotely, there's always a potential for abuse,” he told Vice tech reporter William Alexander.

약 6개월의 연구끝에, 잭은 그가 그러한 장치를 원격으로 해킹하는법을 개발하였고 그리고 50 피트 이상 떨어진 거리에서 고압쇼크를 보넬 수있다고 말했습니다.

"만약 이 장치가 원격으로 액세스를 할 수 있다면, 잠재적인 남용의 가능성이 존재한다고 그는 기술보도분야 부회장인, 윌리엄 알렉산더에게 경고의 말을 하였습니다.

In a blog post earlier this year, Jack said he was influenced by a recent episode of the television program "Homeland," in which a terrorist remotely hacked the pacemaker of the United States vice president.

올해

블로그포스팅을 통하여, 잭은 그가 " 고향" 이란 타이틀의 TV프로그램의 최근의 에피소드에 영향을 받았다고 말했으며, 그 에피소드는 한 테러리스트가 미국의 부통령의 심박조율기를 원격으로 해킹했다는 내용입니다.

“In my professional opinion, the episode was not too far off the mark,” he wrote.

When Alexander asked Jack if a government official outfitted with a pacemaker would be vulnerable to assassination from a hacker, the researcher remarked, “I wouldn't feel comfortable speculating about such a scenario.”

" 나의 전문가적인 견해에 따르면, 그 에피소드는 기준에서 그렇게 멀리떨어진 내용이 아니다"라고 그는 말했습니다.

"심박조율기 장치를 가진 정부관리는 해커에 의해서 살해되는것에 취약한지를 부기술보도원인 알렉산드가 잭에게 물었을때, 이 연구원, 잭은 " 나는 그러한 시나리오에 관해서 전혀 안전하지 않다고" 두드러진 표현을 했습니다.

“Although the threat of a malicious attack to anyone with an implantable device is slim, we want to mitigate these risks no matter how minor,” he wrote on his blog post. At the time, Jack said the vulnerability was being discussed with medical device manufacturers.

"비록 임플란트장치가 된 어떤사람에게 악의적인 공격위협이 축소된다할지라도, 문제점이 얼마나 소소하다 할지라도, 이러한 위험요소들을 경감하기를 원합니다." 라고 그는그의 블로그포스팅에 적었습니다.

그당시에 잭은 의료장치제작자들과 이런 장치의 취약성에 대해서 토론했다고 말했습니다.

“Over the past year, we’ve become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” William Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health, told Reuters. “Hundreds of medical devices have been affected, involving dozens of manufacturers.”

" 과거 몇해를 지나오면서, 우리들은 점차적으로 자주 보고되는 사이버보안취약성에 대해서 경고해왔습니다." " 수백가지 의료장비들과 십여개에 해당하는 제작사들이 영향을 받고 있다." 고 FDA의 장치센터와 장치방사능물질애 대한 보건건강 센터에서 과학부의 부회장역을 맡은 윌리엄 매슬씨가 로이트방송에 보도했습니다.

At previous Black Hat talks, Jack detailed how he emulated a stunt found in the movie Terminator 2 that allowed him to remotely hack an automatic teller machine. In addition to being able to read credit card numbers and PINs inputted by another user, Jack also showed how a USB drive could be implanted in an ATM which would override the machine’s firmware and allow a hacker to take control.

이전의 Black Hat 토론에서, 잭은 영화 터미네이터2에서 보여준 원격으로 ATM(현금출금기기)를 해킹하는지에 대한 이 곡예같은 행위를 모방하는방법을 상세하게 기술했습니다.

ATM기기에서 펌웨어를 거부하나, 해커의 기술을 허용하는 ATM 기기에서 신용카드를 읽어내는 방법을 추가로 언급하였습니다.

In another presentation, Jack said he could hack insulin pumps to order the machines to deliver lethal doses to patients, in turn killing them.

“We notified the manufacturer of the vulnerability and it will be fixed with the next insulin pump revision,” he told Vice.

다른 프리젠테이션에서, 잭은 환자들에게 치명적인 용량을 주입하여, 환자를 살해할 수 있는 인슐린펌프를 해킹할 수 있다고 말했습니다.

" 우리는 제작자들에게 그 취약성에 대해서 경고했습니다. 그래서 차기의 인슐린 펌프에서는 보정된 것으로 출시할 것"이라고 잭은 바이스에게 말했습니다.

Jack’s most recent employer, security firm IOActive, said in a statement, “Lost but never forgotten our beloved pirate, Barnaby Jack has passed. He was a master hacker and dear friend. Here’s to you Barnes!”

잭을 가장 최근에 고용한 IOAtive의 고용주는, " 우리가 사랑했던, 해적 잃었지만 결코 잊을수는 없다.

바너비 잭은 사망했다. 그리고 그는 바로 해커의거장이었고 친애하는 친구였다. 명복을 빌면서 반즈!" 라고 진술문에서 말했습니다.

Black Hat is scheduled to begin Wednesday in Las Vegas, with a presentation by NSA Chief Gen. Keith Alexander. It will be immediately followed by the Def Con hacker conference, which will be taking place just down the road. Researchers at Def Con plan to demonstrate various high-profile hacks, including how modern cars can be compromised.

Black Hat모임은 라스베가스에서 수요일에 NSA의 Keith Alexander장군과 시작할 예정이었습니다.

그래서즉시 앞으로 장차 계속되는 데프콘 해커회의(DefCon)로 바로 시행됩니다.

데프콘회의에서 연구원들은 현대자동차들이 기술 절충안을 포함하여 시범적으로 다양한 고도의 프로파일 해킹법들을 보여줄 계획입니다.

< 다음내용은 위키피디어백과에 실린 Barnaby_Jack의 짧은 전기와 업적에 대한 상세사항입니다.>

출처: http://en.wikipedia.org/wiki/Barnaby_Jack

Barnaby Jack 바너비 잭

From Wikipedia, the free encyclopedia 위키피디어백과에서,

Barnaby Jack 바너비 잭
Born	Barnaby Michael Douglas Jack 이름: 바너비 마이클 더글러스 잭 22 November 1977 생일:1977년 11월22일생 Auckland, New Zealand 나라: 오클랜드 뉴질랜드
Died	25 July 2013 (aged 35) 사망: 2013년 7월25일 San Francisco, California, U.S. 미국 캘리포니아, 샌프란시스코
Nationality	New Zealand 국적: 뉴질랜드
Occupation	hacker, computer security professional and programmer 직업: 해커, 컴퓨터보안전문가이자 프로그래머

Barnaby Michael Douglas Jack (22 November 1977 ? 25 July 2013) was a New Zealander hacker, programmer and computer security expert.^[1] He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage.^[2] Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.^[3]

Jack was renowned among industry experts for his influence in the medical and financial security fields.^[4] In 2012 his testimony led the United States Food And Drug Administration to change regulations regarding wireless medical devices.^[4] At the time of his death, Jack was the Director of Embedded Device Security at IOActive, a computer security firm with headquarters in Seattle and London.^[5] ^[6]

Contents 내용

"Jackpotting" ATMs 젝팟ATMs

At a Black Hat conference in 2010, Jack gave a presentation on "jackpotting", or exploiting automated teller machines in order to make them dispense cash without withdrawing it from a bank account using a bank card.^[7] ^[8] Jack gave demonstrations of different kinds of attacks involving both physical access to the machines and completely automated remote attacks. In both cases, malware was injected into the operating system of the machines, causing them to dispense currency fraudulently on the attacker's command. During the physical attack on an ATM as demonstrated by Jack, the attacker takes advantage of their physical access to the target machine and uses a flash drive loaded with malware to gain unauthorized remote administration access to the machines allowing control over their currency dispensing mechanism. During the remote attack, malware is installed onto the target system via exploited vulnerabilities in the remote management system, most notably the use of default passwords and remote management TCP ports. The attacker then executes the malware, causing the target ATM machine to dispense a given amount of currency.

Insulin pumps 인슐린펌프

At the McAfee FOCUS 11 conference in October 2011 in Las Vegas, while working for McAfee Security, Jack first demonstrated the wireless hacking of insulin pumps, one worn by a diabetic friend and another of the same model on a bench set up for demonstration. Interfacing with the pumps with a high-gain antenna, he obtained complete control of the pumps without any prior knowledge of their serial numbers, up to being able to cause the demonstration pump to repeatedly deliver its maximum dose of 25 units until its entire reservoir of 300 units was depleted, amounting to many times a lethal dose if delivered to a typical patient.^[9]

At the RSA Security Conference in San Francisco in February 2012, using a transparent mannequin he demonstrated that he could wirelessly hack the insulin pump from a distance of up to 90 metres using the high-gain antenna.^[10]

Pacemakers 심박조율기

In 2012 Jack demonstrated the ability to assassinate a victim by hacking his pacemaker, a scenario first explored in fiction, and meeting with some disbelief, on the TV series Homeland. In his blog post "Broken Hearts", Jack wrote that the hack was even easier than portrayed: "TV is so ridiculous! You don't need a serial number!"^[11] Jack demonstrated delivering such a deadly electric shock live at the 2012 BreakPoint security conference in Melbourne.^[4]

Heart implants 심장이식장치들

Jack died a week before he was to give a presentation on hacking heart implants at the Black Hat 2013 conference scheduled to be held in Las Vegas. In a June 2013 interview with Vice, Jack outlined his presentation:^[3]

Barnaby Jack, the director of embedded device security for computer security firm IOActive, developed software that allowed him to remotely send an electric shock to anyone wearing a pacemaker within a 50-foot radius. He also came up with a system that scans for any insulin pumps that communicate wirelessly within 300 feet, allows you to hack into them without needing to know the identification numbers and then sets them to dish out more or less insulin than necessary, sending patients into hypoglycemic shock or ketoacidosis^[3]

In his presentation, Jack was set to outline vulnerabilities in various medical devices, as well as give safe demonstrations of attacks with which there is "certainly a potential health risk".^[3]

Death사망

Jack was found dead in a San Francisco apartment on 25 July 2013 by his girlfriend. He was aged 35.^[12]^[13]^[14] At the time of his death, he was due to attend a Black Hat Briefings hacking conference in Las Vegas.^[15]^[16] Black Hat general manager Trey Ford, said "Everyone would agree that the life and work of Barnaby Jack are legendary and irreplaceable", and announced his spot would not be replaced at the conference.^[13] People across the hacking and security industries tweeted about his death.^[17] According to the coroner, Jack died of a cocktail of cocaine and prescription drugs.^[18]