The person behind the devastating "ILOVEYOU" computer virus creating havoc on computer systems worldwide is a 23-year-old male from Pandacan, Manila, a Philippine Internet service provider said yesterday.
"The hacker hid behind a screen of hacked e-mail accounts and pre-paid Internet user cards," said Jose Carlotta, chief operating officer of Access Net Inc., a Manila Internet company.
Access Net is the owner of Supernet, a pre-paid Internet services provider.
The computer virus, called the "Love Bug," first spread through two e-mail addresses in the Philippines.
Access Net came up with the profile of the attacker after comparing notes with other local service providers. Police are now working with the companies.
The person behind the "Love Bug" also used the more common type of e-mail account, but they probably weren't his own.
Carlotta's company offers pre-paid e-mail accounts activated with the purchase of a plastic card, much like a phone card, where the buyer is not required to give personal information. The cards are cheap, and it's easy Internet access for the many Filipinos without a credit background.
"What I suspect is that all of these accounts that he has are hacked," Carlotta said. "He has been able to find out what the user names and passwords of these accounts are without the knowledge of the true owners. So then, it makes it doubly impossible to figure out exactly who this guy is."
"ILOVEYOU" was uploaded into the servers of service provider SKYInternet as early as April 28, but remained dormant until Thursday, technical consultant Toby Ayre said.
AccessNet suspended the creation of new e-mail accounts in an attempt to foil the hacker.
"We are tracking all movements and we don't see any movement,"
Carlotta said. "What happened is the author of the virus used two e-mail addresses spyder@super.net.ph and mailme@super.net.ph."
The virus, which emerged as a cyber greeting, was reportedly launched in the Philippines and then raced through Asia, Europe and North and South America.
The virus comes in an e-mail that says "ILOVEYOU" in the subject line. With the e-mail comes an attachment, which, when opened using Microsoft Outlook software, sends the virus to the e-mail addresses stored within the software, researchers said.
Once the virus infects a personal computer, it can destroy certain files not only on the user's own hard drive, but also other files on networks to which the user is connected. While Outlook is used to propagate the virus, any e-mail recipient can be affected.
The attachment can also be sent through Internet Relay Chats (IRC), chat rooms accessible over the Web and popular among computer aficionados.
Embedded in the message are the words "Manila, Philippines," giving rise to suspicion it originated in the country, and the phrase "I hate go to school."
"We're cooperating with everybody who requires our cooperation, we're practicing all the required procedures in cases like this," Carlotta said. "The best we can do is advise our users to be cautious about opening attachments if they do... not just from us but any service provider."
Meanwhile, the National Bureau of Investigation (NBI) said yesterday it has started a probe on the virus attack.
NBI Director Federico Opinion Jr. said he has assigned two units -- the International Police and the Anti-Fraud and Computer Crimes Division -- to trace the source of the virus after he was contacted by the specialists from their US counterpart.
The "Love Bug" is being called the fastest-moving and most widespread computer virus ever, affecting brokerages, food companies, media, auto and technology giants worldwide.
Universities and medical institutions have also been hit.
It wreaked havoc on computer systems worldwide Thursday, shutting down e-mail systems at major companies and penetrating the Pentagon, the Central Intelligence Agency and Britain's parliament.
According to a tracking site maintained by Trend Micro Inc., a leading provider of anti-virus software, some 2.9 million computer files have been infected as of 2 p.m. yesterday, causing damage in the millions, or even billions, of dollars from lost data, interrupted work, and the cost of fixing the damage.
Asia has escaped relatively lightly, because the virus was unleashed after the close of the business day in the region. A total 2.5 million files were infected in North America, some 223,000 in Europe and around 100,000 in the Asia-Pacific.
Japan, with 13,000 infected files, and China, with just 3,800, were relatively unscathed because most offices were shut for holidays.
"There was nothing terribly sophisticated, or that displayed any artistic programming skills about this (new attack) -- that's the scary thing," Network Associates president Peter Watkins said at a press conference call.
But "run-of-the-mill" skills and equipment are all that's needed to launch such an attack, capitalizing on the democratic power of computing tools available in almost any PC and the ubiquity of the Internet to spread problems around the world.
The virus drew comparisons with last year's Melissa virus, which spread through computer systems in the US.
Last month, 15-year-old hacker "Mafiaboy" of Canada was arrested for his alleged role in sabotaging the CNN.com Web site in February.
At that time, some of the best known Web sites, such as Amazon.com and Yahoo! Inc., were sabotaged and their services crippled for a short period of time. Investigations continue for culprits in those attacks.
Once again an attacker with apparently limited computer skills was able to carve a deep scar on the face of the computing world, mirroring the destructive but technically primitive attacks like the Melissa outbreak in March 1999.
Melissa affected 300,000 computers. The "Love Bug" had spread twice as fast as Melissa in the first 10 hours since it was identified.
Microsoft Corp., Ford Motor Co., Archer Daniels Midland Co., Vodafone AirTouch Plc, and the Mayo Clinic medical center in Rochester, Minnesotta were just a few of the organizations affected.
The US Federal Bureau of Investigation said it was investigating the matter to determine whether there have been any violations of the federal Computer Abuse Act.
The virus also infected the Pentagon and other US government computers, but did not affect any classified systems.
"We have found absolutely no evidence that this has infected classified computer programs," Defense Department spokesman Ken Bacon told Reuters.
CIA spokesman Mark Mansfield said the impact of the "Love Bug" on the spy agency's computers was "negligible."
"There were a handful of isolated cases on our unclassified systems that were reported and dealt with. But it has had absolutely no impact on our classified systems," Mansfield said.
White House spokesman Jake Siewert said the virus had not gotten through the White House system.
"It hasn't affected operations at the White House," he said. "There have been some reports around the government about it. The White House has taken some measures to secure its system. Our cybersecurity people are on top of it."
The British Parliament was also affected, with London's House of Commons shutting down its e-mail system for about two hours on Thursday to safeguard against the virus.
Software makers like Computer Associates International Inc., Network Associates Inc. and Symantec Corp. have tools that can detect and eradicate the virus available on their Web sites. --