ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Philippine student group notorious for hacking

Computerworld

May 18, 2000
Web posted at: 9:27 a.m. EDT (1327 GMT)

(IDG) -- The underground student organization being implicated in the "I Love You" virus case is notorious for spreading viruses and hacking local Internet service providers. The group, Grammersoft had tried to hack into Moscom Internet, the country's largest ISP, several times in the past and have intentionally spread viruses to Moscom subscribers at least twice, said Willy Gan, the company's president.

Agents of the National Bureau of Investigation (NBI) have been investigating the group after computer experts discovered the word Grammersoft embedded in the code of the "I Love You" virus which affected computer systems worldwide and caused an estimated damage of $10 billion.

  MESSAGE BOARD
 

In a press conference last week, Onel De Guzman, the 23-year old student of AMA Computer College (AMACC) suspected of writing the virus with his college buddy Michael Buen, admitted that he was a member of Grammersoft. He also said other members of the group had knowledge of a password-stealing program he created for his thesis project.

In the same event, De Guzman admitted that he might have accidentally sent a virus through the Internet.

Officials of AMACC told journalists earlier that De Guzman's thesis project, a software program that was capable of capturing and sending passwords from an infected computer to a specified email address, was similar to the "I Love You" virus.

De Guzman was traced by investigators through user names provided by three local ISPs, namely Sky Internet, ImpactNet, and Access Net, which was used by the "I Love You" virus author to launch the virus. The telephone number that was used to access the ISPs were also traced to the apartment of De Guzman.

Buen, who graduated from AMACC early this month, was also identified as a possible suspect by investigators because of his thesis project, a software program that could save multiple, even hundreds, of copies of a file using a single save command.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Being a hacker is easier than you think
  How hackers cover their tracks
  Diary of a hack attack
  Hackers as hired guns
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Karim Bancola, senior vice president of AMACC, surmised that the two software programs could produce the same effects as that of the "I Love You" virus if they were combined.

Buen on Sunday denied any involvement in the creation of the virus and defended himself, saying his thesis project was approved by AMACC officials. He is also not a member of Grammersoft.

Investigators, however, found a copy of a Microsoft Word macro virus allegedly authored by Buen in one of the diskettes seized from the apartment of de Guzman. The virus contained Buen's resume and a threat that says: "If I don't get a stable job by the end of next month, I will release a third virus that will delete all folders in the primary disk."

Nelson Bartolome, assistant director of the NBI's anti-fraud and computer crimes division, said they found no similarities between the "I Love You" virus and the virus found in the diskette, except for the fact that both were written using the Visual Basic programming language.

In a report by the NBI's technical team, Buen was described as "an above-average programmer with proficiency in Word Macros and the Visual Basic programming language."

Manuel Abad, executive vice president of the AMA Educational System, confirmed that De Guzman and Buen were friends. In Buen's resume, he listed De Guzman as one of his references. He also listed President Estrada and other prominent persons under "Not my references" in his resume.

Abad said both students were members of Grammersoft, but only De Guzman confirmed that he was a member of the group, which wrote software programs for small and medium-sized companies and sold thesis projects to students.

But far from being legitimate, Grammersoft members were engaged in hacking and creating viruses, claimed Moscom's Gan.

"Grammersoft has been trying to hack into our systems for quite some time and sending fake emails to our subscribers," said Gan in an interview with Computerworld Philippines.

Shortly before the "I Love You" virus came out, members of the group sent a fake email with an attached virus program to subscribers of Moscom.

The fake email was disguised to make it appear that it came from Moscom's network administrator. Recipients of the email were asked to open an attachment that was supposedly a patch to improve Internet access to Moscom's network.

The attachment was actually a virus which was also written in the Visual Basic programming language, claimed Gan.

Gan said it is not their practice to send attachments to subscribers or authorize their network administrator to send out such email messages to users.

"When we discovered it, we quickly sent out a warning not to open it. There were users who were affected but only a few because of the warning," said Gan. "It's easy to recognize that it's a fake because of the header and we normally don't send email like that."

Gan explained they traced the email to members of Grammersoft through the email's originating IP address. The group had tried to perform this trick at least twice already, he added.

"I don't like what they're doing because it's disrupting our operations."

He admitted Moscom is helpless in preventing people from sending such email messages because they can not filter all the email messages that go through their network everyday.

Reporting the incident to the National Bureau of Investigation (NBI) would not help much either, he said.

"How can you go to the NBI, they don't know what to do with these types of crime?," Gan stressed.




RELATED STORIES:
Clues lead to ILOVEYOU writer's older, cruder work
May 6, 2000
Internet provider in Philippines homes in on virus author
May 5, 2000
Copycat viruses following 'ILOVEYOU' computer bug are no joke
May 4, 2000
Viruses boom on the Net
January 18, 2000
Viruses anew pop up post-Y2K
January 5, 2000

RELATED IDG.net STORIES:
Inside a hacker's toolchest
(Sunworld)
Are Web phones the next security threat?
(PC World)
Can you counter-attack hackers?
(Network World Fusion)
Web sites consider hacker insurance
(PC World)
Hackers as hired guns
(Network World Fusion)
Diary of a hack attack
(Network World Fusion)
Being a hacker is easier than you think
(Network World Fusion)
How hackers cover their tracks
(Infoworld)

RELATED SITES:
Philippine National Police
AsiaPacificUniverse.com
Southeast Asia Table Talk

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.