Select Page


ILOVEYOU seems like three innocent words any human would love to hear in their lifetime. However, in this story, it’s not the case. Let’s go back in time to know the story behind what made three words cause millions if not billions in damages

The year is 2000, a new millennium. A couple of things happened. The Playstation 2 was released!  Microsoft was under heat with the government because of their violation of antitrust laws, and the Y2K panic passed and all was good. So it’s the 4th of May, Michael Gazeley was sitting in his office, probably sipping his afternoon tea, enjoying the view of Hong Kong’s Victoria Harbor. Now, who is Micheal? Well He’s an information security specialist, and just a few months ago moved to Hong Kong, and with his business partner, Mark Webb-Johnson, they established their own information security firm, Network Box, now their company is basically a security company that specializes in protecting users online from threats. 

I imagine Micheal was sitting in his office, sipping his tea and reflecting on the hard work they did in helping fix the Y2K bug. Then all of a sudden, all the phones in his office start ringing at once. So the calls were all about the same problem. The problem was a virus that was damaging windows computers by destroying and corrupting data. All of them had the same story, someone in the office received an email with the subject ILOVEYOU and then a message saying “kindly check the attached LOVELETTER coming from me.” Now, this didn’t only happen to the casual user but to businesses such as the Dow Jones, news wire, PR firms, and banks.

Miles away in Stockholm Sweden, Graham Cluley was on stage describing a virus that targets an obscure operating system hijacking users’ accounts and broadcasts a message to their coworkers stating “Friday I’m in LOVE.” I honestly don’t see how harmful this virus is, it looks more like a prank to me than a hack even Cluley jokes that this might cause severe embarrassment to most but hey it might lead to potential romance in the office. When he wrapped up his talk, and it came time for some coffee and the occasional networking that goes on in those conferences, a bunch of people came to Graham asking if the virus he just talked about spread through email. That sounded odd to him and he reassured them saying “umm no it doesn’t, and the virus only targets a niche system not many uses anyways so no need to worry” They looked at him skeptically and said “Well, that’s weird because we’re suddenly getting loads of emails with the subject line ‘I love you,'”

Cluley was confused, he turned on his phone, and was surprised by loads of missed calls, voice mails, and text messages he got from his employer Sophos, another anti-virus company. I bet he was thinking “Oh shit” He rushes to the airport and takes the first available plane to London. The damage was so severe that the house of commons had to shut down its email servers. 

Now a continent away, America. They had an advanced warning about a virus hitting countries right and left but even with that advanced warning, they were still affected. It hit the Ford motor company, AT&T, Microsoft, and even the pentagon and several army bases, all had to be taken offline.

So in just a span of five hours, ILOVEYOU spread across Asia, Europe, and North America. The damages were astronomical, it was estimated that it cost tens of billions of dollars.

A map of the spread of the ILOVEYOU virus attack that took place sourced from CNN
source CNN Business

Now let us take a look at how the virus worked:

  1. You would receive an email with the subject ILOVEYOU with an attachment LOVE-LETTER-FOR-YOU.txt and here is where it took advantage of an exploit or maybe it was a feature in Microsoft’s eyes, but there is an extension that wasn’t visible to the people getting this email which is .vbs which is an executable file writer in visual basic code. So users would think it’s an innocent text file when in reality it’s an executable code that when clicked on would run immediately.
  2. Once the attachment was clicked, the code replicates itself and emails a copy to everyone in your outlook email address book.
  3. The virus then searches for and replaces any jpeg, html, css, mp3 and many other file formats with copies of itself.
  4. Finally it scraps windows passwords and sends them to a server.   

Because of the large scale of the infection, it was headline news for days and investigators got to work trying to trace the source of the virus. While authorities were hard at working trying to unmask the culprit behind the virus, conspiracy theories emerged. Cybersleuths gave us some alternative theories. The first being the Recording Industry Association of America, I think it’s a record company and the slouthers believe they have a lot to benefit from this virus. Now the RIAA is mixed up in a lawsuit with Napster at the time. Now, why did they believe it was the RIAA? Well because the bug affected mp3 files and corrupted them, some people would be discouraged from downloading files from strangers.  

Some even suggested that Metallica’s drummer Lars Ulrich might have done it because there were rumors that he spent time learning to code because his band was suing Napster too.

Another fun theory begs this question, who has a stake in JPEG files? Who would benefit the most from a massive loss of digital photography more than the porn industry?! Those sloths say that pornographers can make a huge chunk of change since JPEG files have been corrupted. Here’s his argument, “As the virus attacks JPEG files, people who have saved pornographic material on their hard drives will now have to re-access these sites to download it again,”

And now for the final and hilarious theory. Now, who’s a powerful person who is powerful enough to create the worm? Who has access to Microsoft’s outlooks code? And who might want to bring the world to its knees because they keep meming him and filing lawsuits against him?! That man is Bill Gates! The Sleuths believe he’s had a rough time in all those court hearings and then losing the antitrust case and to make it even worse seeing his arch-rival Larry Ellison surpass him at the world’s richest man. He might be a little pissed off at the world and wants to take revenge.

screenshot of the ILOVEYOU virus
A screenshot showing a copy of the ILOVEYOU virus email which spread around the world in May 2000.

Now back to the case, since every infected device had a copy of the viruses source code it was easy to come up with an antidote for it so while specialists were analyzing the code, they came across the first clue to authors of the virus, two email addresses spyder@super.net.ph and mailme@super.net.ph (can you guys guess what the clue is?) it’s the location? .ph points to the Philippines. They also found references to a group called GRAMMERSoft which is based in the capital Manila. In the beginning, investigators were a bit worried or rather skeptical of those clues because they were right there in your face and it’s usually custom to not take things at their face value but one thing that helped solidify those clues was the location of the server the virus was communicating with. Remember when I explained to you how the virus worked, in the final step the virus would communicate with a server, and that server is hosted by the Manila-based Sky Internet. Now Sky quickly took the server offline, which stopped at least part of the virus in its tracks. 

Local police traced the email to an apartment in Manilla. They raided the apartment and seized the computer magazines, desks, telephones, wires, and cassette tapes. They also arrested one of the occupants, Reomel Ramones. However the 27-year-old who worked at a local bank didn’t seem that computer savvy, let alone one who writes code that causes 10’s of billions of damages. Then attention was shifted to the other apartment occupant Onel de Guzman as well as a possible co-conspirator Michael Buen.

Guzman's photo author of ILOVEYOU vires taken by reporters in a press conference
Onel de Guzman, the author of the ILOVEYOU virus.

Now who is Onel de Guzman? He was a student at AMA Computer College. Remember that GRAMMERSoft reference found in the code, well the college was home to the self-described hacking group which specialized in helping other students cheat on their homework. NOw the authorities couldn’t prove that Guzman was a member of the group however, the facility shared with them a rejected final thesis by Guzman, and lord and behold the code has an uncanny resemblance to the code in the ILOVEYOU virus. In his thesis, Guzman wrote that the goal of this program is to “get windows passwords” and “steal and retrieve Internet accounts from the victim’s computer” his idea was that users in the developing world could piggyback on the connections of those in richer countries and “spend more time on [the] internet without paying.” When his instructor read the paper he was fuming. And wrote on it “we don’t produce burglars” and “this is illegal”.

A photo of Guzman's thesis paper with his instructors comments
Onel de Guzman’s thesis with his instructor’s comments

His paper cost him his degree but his instructor was wrong in one thing, what he did was not illegal! There was no law in the Philippines about cybercrimes. They tried to prosecute him over charges of fraud but that was later dropped. While Philippine lawmakers did rush through a law criminalizing computer hacking soon after the ILOVEYOU incident, it could not be applied to anything that happened before the law. 

So the culprits went unscathed. Internationally people were outraged but locally, de Guzman was a hero. “Here is a Filipino genius who has put the Philippines on the world map,” wrote someone in a column. Another said, “[He] has proven that the Filipino has the creativity and ingenuity to turn, for better or for worse, the world upside down.”  This whole thing even spawned a movie. 

The interesting thing or rather genus about this virus is its use of social engineering. It used a universal need everyone wants, love, for it to spread. Now no matter how advanced anti-virus software becomes, we’re still vulnerable because of humans. The number one cause of all hacks has a form of social engineering in it. Google’s hack was caused by a message to an employee, Hilary Clinton’s campaign was a victim of a phishing scam, and many more.

Years have passed since that incident and no one knows what happened to the author of ILOVEYOU it is as if he up and vanished from the earth up until 2020 when a BBC reporter Geoff White managed to track him down. 

Guzman and the journalist Geoff White
Geoff White with a 40-year-old Onel de Guzman

There were a lot of rumors about his whereabouts; some claimed de Guzman had moved to Germany, Austria, or the US. Some claimed he had been recruited by Microsoft following the outbreak. None seemed plausible. On a forum dedicated to the Philippine underworld, a user claimed in 2016 that de Guzman ran a mobile phone repair shop in the Quiapo district of Manila. So Geoff was on the hunt. He went to the square asking around if anyone knew de Guzman until one person pitied him and told him “the hacker guy? Yes I know him, he works in a different market” and he gave him the location. So Geoff waited and waited until a man approached and there he was in the flesh Onel de Guzman. To Geoff’s surprise, de Guzman was forthcoming and open to any questions. His story was quite straightforward.

De Guzman was poor and to get online you’re required to enter a password which you need to purchase. He saw this as absurd, internet access is a human right. So he decided to make a program that steals internet passwords from the rich and this way both can have internet access he didn’t see any harm in that. He ignores the fact that this shared bandwidth not only slows it down for the other person but it would also cause the ISP to serve two for the price of one. Now password-protected internet was used in the Philippines so he targeted people in his local internet cafe. He goes there to target non-savvy computer people, and practices on them. He sent them an email with the message “a photo of me” and that would actually work.

Now if he had kept his scheme in the Philippines his life would have been drastically different, but curiosity killed the cat. He was curious to see what would happen if he removed the geo-restriction of the virus and so he did and well we know what happened after that. Now that alone will not make it work he had to make a change. People wouldn’t care to open an image of him, and that’s when he came up with the idea that made this virus so successful a need all humans strive for “I figured out that many people want a boyfriend, they want each other, they want love, so I called it that,” he says.

And thus the Love Bug was born.

Resources

Check out some other moments

if you enjoyed "Lobster Boy" you might like our previous episode "Fermat's Last Theorem" where we talk a math problem that puzzled the world.