“The internet is supposed to be educational, so it should be free,” Onel de Guzman’s lawyer told the court, at his client’s behest, on May 11, 2000.
The two men were taking part in a press conference in Manila, with de Guzman’s attorney translating for the assembled press. The media was there for good reason—to see the young man whose computer virus had shut down much of the planet. The 24-year-old Filipino computer student claimed he had only meant to gain login credentials to get access to the internet.
I wanna know. TheILOVEYOU bug spread across world computers via email on May 4, 2000, and was seen as patient zero for megahacks. It quickly spun out of control.
Here’s how it worked: Users saw a message with the title “ILOVEYOU.” In the body of the email, they were asked to “kindly check the attached LOVELETTER coming from me,” which was an attachment of executable script called “LOVE-LETTER-FOR-YOU.TXT.vbs.”
“What it did, which wasn’t particularly innovative in itself, was to duplicate itself and then send copies of itself to the first 50 people in your email address book,” tech journalist Geoff White told IT Brew.
Then the bug, having infiltrated the new recipients’ computers, targeted their contact books, and so on. It had a basic, simple purpose—to steal passwords—but it also rewrote and deleted files in hard drives, acting like a freight train blowing through the computer’s interior. The effects of the virus on networks around the world were catastrophic at a time when most people were still on dial-up.
“Unfortunately, once this virus took hold in your organization and started spreading, and people started emailing each other automatically through this virus, one of the few things you could do was unplug your email server and switch it off—which of course, would stop the virus spreading, but would also stop all other emails as well,” White said. “So, you had this awful thing where in order to stop the virus, you had to basically do the damage that the virus was doing, voluntarily.”
The attack paralyzed the entire global internet, which at the time was in a relatively nascent stage. Seven months later, the Daily Mail in December of 2000 warned in a headline that the “Internet ‘may be just a passing fad as millions give up on it.’” There was still mistrust in tech’s ability to really take over the world after the Y2K scare.
Everything you want. The internet represented great promise, but the public had yet to fully buy in. The online world was confined mainly to forward-looking science fiction movies, but an attack like ILOVEYOU threatened to bring the reality of hacking home.
“There was this idea that people could create code and could compromise computers, but the idea of that happening to you remotely from somewhere else in the world was still something that in the late ’90s people were getting used to,” White said.
For IT professionals like Michael Gazeley, who became founder and CEO of IT services firm Network Box in 1999, it was only a matter of time until the attacks began. When the bug began to spread across the globe’s networks, he immediately knew that it represented a clear threat.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“Observing the ILOVEYOU worm’s spread in real-time was a surreal and alarming experience,” Gazeley told IT Brew via email. “It felt akin to witnessing a massive digital wildfire, with millions of computers becoming infected worldwide. The ensuing chaos and damage was unprecedented.”
That’s the way it is. Cybersecurity professionals had to spring into action, and fast. They were calling and emailing each other, trying to work on a solve for the bug and to somehow limit the damage. Mikko Hyppönen, F-Secure principal research advisor, told the BBC in 2010 that after getting off a call with other security teams, his screen “showed that I had received and missed 40-plus phone calls during that 30-minute conference call.”
‘All those calls were coming in from partners, vendors, and media,” Hyppönen said. “Everybody wanted to know what was happening and how to fight the outbreak.”
To hear de Guzman tell it to him decades later, White said, the success of the attack was unexpected. The amateur hacker had gone to bed after sending out the first string of attacks; by the time he woke up, it had spread around the globe.
“This virus was doing so many passwords it actually crashed the server that it was sending them to,” White said. “So, effectively, he DDoS’d his own honey pot.”
By May 11, the bug was largely contained. “Every single victim of the love bug got a copy of the love bug’s code, the actual source code,” Graham Cluley, an analyst with Sophos, told CNN. “So, it was simple to write an antidote.”
Crash and burn. Authorities had found de Guzman, but there wasn’t much they could do to him. The law in the Philippines didn’t yet include cyber crime, so he was let off the charges. The bug had succeeded so far beyond expectations that he was a public figure—and he hadn’t exactly covered his tracks.
“It didn’t take a work of genius to track it back to Manila, given that the passwords were going back there, and I’m pretty sure that when they looked at the server that was receiving the passwords, that’s what led them to Onel’s apartment,” White told IT Brew.
Talking to reporters as his client faced unprecedented national attention, de Guzman’s attorney claimed that “if you ask me whether or not he was aware of the consequences I would say that he is not aware.”
Count Gazeley a skeptic. Even today, he isn’t forgiving of de Guzman. He told IT Brew that though the hacker’s “stated motivation was to allow access to the internet for free, the reality is that the worm’s impact extended far (far) beyond that.”
“The ILOVEYOU worm inflicted massive financial damage, estimated to be over $10 billion,” Gazeley wrote. “One cannot throw petrol bombs at the world, destroy billions of dollars of properties, and then claim it was all just to bring, ‘light to the public.’”
This is one of the stories of our Quarter Century Project, which highlights the various ways industry has changed over the last 25 years. Check back each month for new pieces in this series and explore our timeline featuring the ongoing series.
