Today marks 20 years since the notorious ILOVEYOU virus spread around PCs globally, and caused anything between $5.5bn and $8.7bn in damage and repair costs.
As Infosecurity detailed in a recent print edition, this was a groundbreaking attack in terms of news coverage and impact upon businesses, paving the way for other threat actors to reach broad audiences. Who was responsible for it remains controversial, as the name cited at the time wad Onel de Guzman, however he escaped prosecution and has kept a low profile since.
In a new book due out this summer entitled Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global, journalist Geoff White details the story of how he got to meet the man behind the myth. In a chapter from the book, which has been shared with Infosecurity, White writes how he travelled to the Quiapo district of Manila, capital of the Philippines, in search of those apparently responsible for the Lovebug.
For some context on de Guzman, in 2000 he was a student who had never confessed to being responsible, and according to White, “mumbled his way through the press conference, giving a couple of non-committal interviews to the media,” and hadn't surfaced in two decades with no online profile.
At the time, the passwords stolen by the virus were being sent to an email address registered in the Philippines, and local police traced the email account to an apartment in Manila. At that point, de Guzman was a 23-year-old computer science student at AMA Computer College.
As the virus mentioned the phrase 'GRAMMERsoft,' investigators quickly established an underground hacking cell made up of AMA students, some of whom had started experimenting with viruses. De Guzman was a leading member of the group.
Upon being arrested, de Guzman admitted that it was possible that the virus had been leaked accidentally. However, he was never prosecuted, as at that time the Philippines had no law against computer hacking.
White eventually found a now 43-year-old de Guzman, initially not recognizing him, as in the brief press conference 20 years ago, he covered his face with a handkerchief. White was able to get some details from him, notably that de Guzman described the Lovebug as a Trojan and not a virus, that he did not expect it to spread to the US and Europe, and the intention of it was to avoid paying to get online.
At the time, de Guzman was poor, and internet access was expensive, and he felt that getting online was almost akin to a human right. However, getting access required a password, so his solution was to steal the passwords from those who'd paid for them.
Initially, Manila's dial-up passwords would only work on Filipino phones, and since de Guzman was stealing passwords to use on his home phone, he had no need to target victims outside the city. However, in May 2000 he tweaked his original code so that it would not simply be restricted to Manila residents, and also programmed the virus so that once it had infected a computer, it would send a copy of itself to each person in the victim's email address book and once released, de Guzman had no control over it. With the addition of a tempting name, the Lovebug came to life.
What happened to de Guzman? White reports that he took a year off to let the incident die down, during which time he didn't touch a computer. He never went back to university and later became a mobile phone technician. In the interview, he admits that he regrets writing the virus, but now faces the fact in the internet age, his infamy will never decay.
White calls the Lovebug “the perfect illustration of a basic truth about much of the computer crimewave currently plaguing our society: it's not about the tech, it's about the people.”
Geoff White’s book is due to be released this summer, and having seen this preview of the opening chapter, we’re looking forward to reading it. Crime Dot Com is released on August 10.