‘I love you’: How a badly-coded computer virus caused billions in damage and exposed problems which remain 20 years on
Skinny, with a mop of black hair falling to his eyebrows, he appeared to barely register the journalists’ shouted questions, his only movement the occasional dabbing of sweat from his face with a white towel. Seated to his right, de Guzman’s lawyer Rolando Quimbo had to lean in close to hear the 23-year-old’s mumbled response, which he then repeated in English for the waiting press.
“He is not really aware that the acts imputed to him were indeed done by him,” the lawyer said. “So if you ask me whether or not he was aware of the consequences I would say that he is not aware.”
Twenty years on, the ILOVEYOU virus remains one of the farthest reaching ever. Tens of millions of computers around the world were affected. The fight to contain the malware and track down its author was front page news globally, waking up a largely complacent public to the dangers posed by malicious cyber actors. It also exposed vulnerabilities which we are still dealing with to this day, despite two decades of advances in computer security and technology.
This account of the virus is based on interviews with law enforcement and investigators involved in the original case, contemporaneous CNN reporting and reports by the FBI, Philippines police and the Pentagon.
On the afternoon of May 4, 2000, Michael Gazeley was in his office at Star Computer City, a warren of IT companies and shops selling electronics and gadgets overlooking Hong Kong’s Victoria Harbor.
That connectivity cut both ways, however, as Gazeley was reminded of that afternoon.
All the phones in his office started ringing at once. First were his clients, then came non-customers, all calling frantically in the hope that Network Box could help stop a virus that was screaming through their systems, destroying and corrupting data as it went.
They all told the same story: Someone in the office had received an email with the subject “ILOVEYOU” and the message, “kindly check the attached LOVELETTER coming from me.” When they opened what appeared to be a text file — actually an executable program masquerading as one — the virus quickly took control, sending copies of itself to everyone in their email address book. Those recipients, thinking the email was either some weird joke or a serious declaration of love, opened the attachment in turn, spreading it even further.
Office email servers were soon clogged as thousands of love letters went back and forth, disseminating the virus to more people. It turned out to be much worse than just a self-propelling chain letter. At the same time as it was replicating itself, the ILOVEYOU virus destroyed much of the victim’s hard drive, renaming and deleting thousands of files.
Many of the increasingly panicked callers Gazeley was fielding inquiries from did not have backups, and he had the awkward job of explaining to them that many of their files — everything from spreadsheets and financial records to photos and mp3s — were likely lost for good.
“This wasn’t something that people were used to as a concept, they didn’t realize that email could be so dangerous,” said Gazeley, recounting the first calls.
Two years earlier, Hollywood star Meg Ryan asked “is it infidelity if you’re involved with somebody on email?” as the movie “You’ve Got Mail” introduced people to the idea of cyber-romance — and that email could be used for something other than boring office work.
From Hong Kong, where the virus crippled the communications and ravaged file systems of investment banks, public relations firms and the Dow Jones newswire, the love bug spread westward as the May 4 workday started.
Graham Cluley was on stage at a security conference in Stockholm, Sweden, when the virus hit Europe. He had just finished describing an unrelated virus which targeted a now-defunct operating system, hijacking users’ accounts to broadcast messages to their coworkers, including “Friday I’m in LOVE.” This, Cluley cracked, was likely to cause severe embarrassment for most people, but could potentially lead to some office romance.
As the conference broke for coffee, attendees’ mobile phones and pagers began going off wildly. Several guests approached Cluley, asking if the virus he’d described was spread via email. He assured them it wasn’t — and, anyway, it was limited to a niche system that most people didn’t use.
“They said, Well, that’s weird because we’re suddenly getting loads of emails with the subject line ‘I love you,'” Cluley said in an interview from his home in the United Kingdom.
When Cluley turned on his own phone, he was bombarded with notifications of missed calls, voice mails and text messages. Back home, Cluley’s employer, the anti-virus firm Sophos, had been getting “absolutely hammered” with phone calls from clients begging for help and journalists trying to understand what the hell was going on.
Cluley raced to the airport to catch a flight to London, and even traded phone batteries with a generous taxi driver as the constant stream of messages drained his Nokia cellphone of power. When he landed in the United Kingdom, a car was waiting to whisk him to a TV studio to discuss what had by now become one of the biggest tech stories in the world.
Destructive viruses timeline
Michelangelo virus predicted to take down millions of machines, but in the end only a handful are affected.
Melissa, an email worm named after a Florida topless dancer, spreads to thousands of computers worldwide.
ILOVEYOU virus clogs up email servers and causes billions of dollars in damages worldwide
Anna Kournikova worm uses promise of photos of the tennis star to inflict repeat of ILOVEYOU chaos.
Stuxnet virus begins targeting Iranian nuclear facilities in example of what some later describe as “first cyberwar weapon”.
Conficker virus creates “botnet” of millions of infected machines but ultimately is never used.
Duqu virus discovered and said to be related to Stuxnet, sparking renewed fears of a potential cyber arms race.
Hackers use CryptoLocker virus to seize computers and force people to pay to restore access in new “ransomware” attack.
Denial of service attack launched via Mirai botnet — which uses infected internet-of-things devices — knocks dozens of major sites offline.
WannaCry ransomware attack strikes businesses and public institutions around the world.
Source: US Army
Unlike today, when many email services are run via centralized servers — think Outlook.com or Gmail — companies in 2000 were running email off the same servers on which they hosted their website. This could be janky, slow and startling insecure.
Back then, Cluley said, “many companies didn’t have in place filters their email gateways to try and stop spam, let alone viruses.”
From there, almost every major military base in the country — barring a handful that didn’t use Outlook — watched as their email services were crippled and forced offline for hours as the problem was fixed.
Searching for the culprit
Across the Potomac River, at the FBI’s Washington, DC, headquarters, Michael Vatis was scrambling to get a handle on the crisis.
As anti-virus companies slowly began rolling out patches, stemming the damage and enabling companies to come back online, attention within the FBI turned to tracking down those responsible. The investigation was led by the New York field office, which soon found evidence pointing back east, beyond Hong Kong, to the Philippines.
“In a very short period of time, we ended up identifying individuals in the Philippines and seeking the assistance of Philippine law enforcement,” said Vatis, now a partner at the New York law firm Steptoe. “And a very short time after that, the Philippine authorities ultimately made an arrest.”
Both the technical fix and first break in the case came so fast because, for all its rapid dissemination around the world, the ILOVEYOU virus was clumsily coded and startlingly unsophisticated. It mashed together several existing pieces of malware and did little to hide its workings.
“Every single victim of the love bug got a copy of the love bug’s code, the actual source code,” said Cluley, the Sophos analyst. “So it was simple to write an antidote. It was no more complex than any of the other thousands and thousands of viruses we’d seen that day. But of course, this one was particularly successful at spreading itself.”
As well as containing the blueprint for defeating it, the code also included some lines pointing to the identity of its author. It contained two email addresses — [email protected] and [email protected] — both of which were based in the Philippines. There was also a reference to GRAMMERSoft Group, which it said was based in the country’s capital.
Without the servers to send information to — and it appears the virus’s author was never able to access what was sent to the server, or at least act upon it — ILOVEYOU became purely an engine of chaos and destruction. It churned through email inboxes around the world and deleted files, while not actually serving the apparent original purpose of scraping passwords.
A suspect emerges
Ramones, a curly-haired 27-year-old who worked at a local bank, seemed like an unlikely computer hacker, and investigators wondered if they had arrested the wrong guy. Attention turned to the apartment’s two other residents: Ramones’ girlfriend, Irene de Guzman, and her brother, Onel.
Onel de Guzman — who was not in the apartment when it was raided, and could not be found — was a student at AMA Computer College. The college was home to a self-described hacking group, the now-defunct GRAMMERSoft, which specialized in helping other students cheat on their homework. While police could not prove initially that de Guzman was a member, officials at the school shared with them a rejected final thesis he had written, which contained the code for a program bearing a startling resemblance to ILOVEYOU.
In the draft thesis, de Guzman wrote that the goal of his proposed program was to “get Windows passwords” and “steal and retrieve internet accounts [from] the victim’s computer.” At the time, dial-up internet access in the Philippines was paid for by the minute, in contrast to the blanket-use fees in much of Europe and the United States. De Guzman’s idea was that users in the developing world could piggyback on the connections of those in richer countries and “spend more time on [the] internet without paying.”
Reading his proposal, de Guzman’s teacher was outraged, and wrote “we don’t produce burglars” and “this is illegal” in the margins. But while the thesis would cost de Guzman his degree, his teacher’s argument about illegality would be proven incorrect.
After several days out of the public eye, de Guzman appeared at the press conference in Quezon, flanked by his lawyer and sister. Asked whether he might have been responsible for the virus, he responded through his lawyer: “It is possible.”
“He did not even know that the actions on his part would really come to the results which have been reported,” his lawyer said. To a ripple of laughter from reporters, the lawyer added, after a mumbled consultation with de Guzman: “The internet is supposed to be educational so it should be free.”
Asked what he felt about the damage caused by the virus, de Guzman said “nothing, nothing.”
While Philippines lawmakers did rush through a law criminalizing computer hacking soon after the ILOVEYOU incident, it could not be applied retroactively.
Two decades on, this reaction still annoys Cluley, the Sophos investigator. “It’s the kind of thing that has you thumping your head against a wall in frustration,” he said. “This was when malware was just beginning to get a little nastier and a little more malicious and more financially motivated.”
“This wasn’t the message we wanted to give young people, that this was all right.”
“It had an enormous effect,” said Vatis, the former NIPC director. “It was really worldwide front page news for at least several days in a way that computer attacks had not been in the past.”
While previous attacks had caused more direct damage, and those in the future would be more sophisticated and far more effective in their goal, they were also much more limited in scope. Other viruses have targeted specific locations, businesses or governments. ILOVEYOU could affect just about anyone running Windows Outlook.
“It hit home in a way that other previous attacks did not,” Vatis said. “It made people aware that this is not just something that happens to defense agencies or owners of websites, this is something that can happen to any Joe or Jane sitting at home on the computer or in the office, and it can shut you down and really disrupt your ability to operate.”
And while email clients have gotten better at filtering out malicious-seeming messages, the main weakness that ILOVEYOU exploited remains impossible to fix.
“You can update your operating systems or you can have the best email filters in the world, but you can’t patch the human brain,” said Cluley.
“Humans are always the weak link,” Vatis said. “It’s almost always easier to exploit a human through some social engineering gambit than it is to crack, you know, some technological defensive measure.”
One thing that has changed somewhat since ILOVEYOU is how prepared most companies are for such an incident. Most at least have some kind of anti-virus protection, and back up their data. But all the experts who tackled ILOVEYOU two decades ago agreed that there remains a startling degree of complacency over potentially devastating cyber attacks.
“What’s frightening is that 20 years after, there are still plenty of organizations who don’t take this seriously until they are hit,” said Gazeley, the Hong Kong cybersecurity expert. “So many people still don’t plan ahead.”
What largely prevents such an attack is that most companies and individuals outsource running email servers to those who know how to do it best — primarily Microsoft and Google — and rely on them to filter incoming messages, cut out spam and warn of potential attacks.
Were a worm like ILOVEYOU to find a way past those filters, and spread fast enough to prevent the companies rolling out a patch, the possibility of it doing major damage remains. There is no reason to expect that the average user has grown any less complacent today. With email providers doing most of the work in spotting dodgy messages, they may actually be more so.
Vatis said that the potential effect on online communications of such a worm could be “devastating,” as could the knock on the global economy as companies go offline or lose business all at once. He compared the situation to people who avoid getting vaccinated for the flu every year.
“That’s not a problem for society as a whole until the vaccination rate drops below a certain percentage,” he said. “And then you have a lot of people getting really sick.”
Biggest Science And Technology Expo Blair Technology Group Ebay Store Blockchain Technology In Nigeria Brockway Career And Technology Center Communication Technology For Ell Construction Management And Technology Articles Cost Of Airline Technology Innovation Curve Of Technology Expectation D S Technology Usa Dc Cbre Technology Elevate Technology Solutions Hampton Epoch Technology Consulting Contract Famous Ted In Technology Hao Huang Illinois Insttitue Technology Happy Diwali Technology Health Information Technology Across Departments Health Information Technology Professional Networking Holo Image Technology Joint Engine Technology Definition Latest End Mill Technology Medical Technology Site:Harvard.Edu Mental Helath Technology Minnesota Technology Innovation Institute Multimedia Technology Aiwa C6 Gps North Carolina Technology Council Performance Technology Trucking Canton Ohio Peripheral Devices Technology In Action Phase Technology Phase Velocity V62 Psprs Az Chief Technology Officer Rna-Seq Technology Steps San Francisco Technology Output Scientific Technology Wireline Secretly Harmful Technology Skylake Z170 Smart Response Technology Technology Addiction Support Group Technology And Healthcare Jobs Technology At Our Fingertips Technology Based On Nature Technology Book Bindings Manuscript Technology Career Fair Los Angeles Technology Data Entry Jobs Technology Impacting Early Literacy Technology In Education Program Technology Is Hurting Education 217 Technology Leakage Problems Technology Logos Man Hair What Is It Technology Solutions What Technology Does Belgium Have What Technology In 10 Years Youth Technology Leaders Of America