On May 4, 2000, the ILOVEYOU computer virus was unleashed onto the Internet, leaving behind a trail of millions of screwed computers, a bunch of criminal charges, and countless headaches.
Twenty years on, one of the two student programmers who developed the bug, Onel de Guzman, has been tracked down to the Filipino capital city of Manila where he works in a phone repair booth. Now 44, this online antihero has spoken for the first time in years about the ILOVEYOU virus to investigative journalist Geoff White for his new book on cybercrime, Crime Dot Com.
It all started in 2000 when de Guzman was studying at the AMA Computer University in Manila, hoping to learn the tricks of the trade and secure a job overseas in the blossoming world of computer technology. Dial-up Internet in the Philippines at the time was paid for by the minute and accessed via passwords, but de Guzman was too poor to afford them. So, de Guzman started working on a code that would allow him to steal the Internet access passwords, he explains to White in an article for BBC News.
The virus worked by sending unsuspecting people an email with the subject line "ILOVEYOU” and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs" Naively expecting to read a love letter, the victim would open the attachment, which would proceed to overwrite all their files and steal passwords, before automatically sending copies of itself to all contacts in the victim's address book.
Things, however, quickly got out of hand. After being sent to one computer in Singapore, the ILOVEYOU virus leaped from computer to computer and rocketed out of Southeast Asia within hours, quickly finding itself on government and business email systems around the globe. The rate of its spread was astonishing, said to be up to 15 times faster than the so-called Melissa computer virus that wracked the Internet just one year previously. By the end of the week, it’s estimated that tens of millions of computers around the world were infected with the ILOVEYOU virus.
But de Guzman claims he didn’t know about the chaos that was unfolding until his mother told him police were hunting a hacker in Manila. With the Philippines' National Bureau of Investigation and international law enforcement hot on his trail, he briefly went into hiding, while more and more computers across the world started to fall.
Eventually, de Guzman emerged from obscurity on May 11, 2000 and held a news conference in the Filipino capital Manila (footage below). The 23-year-old barely makes eye contact with the reporters and hides behind some Matrix-style sunglasses, frequently covering his face with a towel.
"The Internet is supposed to be educational so it should be for free,” said de Guzman's lawyer Rolando Quimbo, translating his statements into English for him.
Remarkably, all charges were dropped against de Guzman and his fellow conspirators by August 2000 as the Philippine justice department said the evidence against them was insufficient. Besides anything else, there were actually no laws in the Philippines against creating computer malware at the time either.
Now, de Guzman lives a quiet life, working at a phone repair booth in a shopping mall in the Quiapo district of Manila. But although he shies away from previous exploits, the legacy of his creation can still be seen in the way Internet viruses and malware functions today.
"It was a timely example of how our increased connectivity could represent a threat as well as a benefit," Professor Steven Furnell, a leading cybersecurity expert, explains in a blog post for the Chartered Institute for IT.
"It showed how an appropriate combination of technology and human persuasion could help to ensure a wider reach than previous incidents," he adds. "In short, it was a very good sign of things that were to come in terms of online threats and exploitation."