This story is from The Pulse, a weekly health and science podcast.

Find it on Apple Podcasts, Spotify, or wherever you get your podcasts.

In the morning of May 4, 2000, the U.S. Army was under attack. 

It started around 6:45 a.m., when technicians at Fort Bragg in North Carolina got word from two other bases that something was up with their computer networks. 

The issue was narrowed down to the email server of the Army’s largest command. Something was spreading amongst its 50,000 users. Exactly what it was, no one really knew. But just an hour later the server was completely overloaded and taken offline.

It wasn’t until others began to arrive from their morning commute that technicians started to put it all together: a local radio station was broadcasting reports of some kind of worldwide computer virus — one that had just paralyzed the communications of a large chunk of the U.S. military. 

Geoff White, an author and investigative reporter who covers cybercrime, was working for an internet company back then. 

He said in 2000 the tech world had just gotten over a major, potentially scary hurdle: Y2K. 

“The big concern around this time was the millennium bug,” White said.  “Moving from 1999 into 2000, there was a concern and it was a legitimate concern that computers might struggle with that changeover.”

Most were more worried about computer glitches than targeted attacks. 

“And we’ve managed to get through that period with a lot of preparation. The clocks ticked midnight at the millennium and the computers held up and I think people sort of breathed a sigh of relief, and then a few months after that, we got this virus.”

The Love Bug 

Whatever it was, wherever it came from, this virus was remarkable. 

“It was like a sort of auto spreading computer virus,” said White. “Really hard to stop, really contagious and, and went around the world in, in a very short amount of time.”

The U.S. military essentially created the internet and now it was being used against them. 

Within hours, the virus penetrated international banking systems, more than a dozen federal agencies, and several large companies — including White’s — mucking up email servers all over the globe. Along the way, it secretly collected the internet passwords of the millions who were infected. 

It took days for some organizations to flush out the virus. Experts raced to understand the code causing all this chaos—and to find whoever unleashed it. 

But a closer look under the hood didn’t reveal anything that advanced.

It was a relatively standard “worm” virus—a kind of code that corrupted existing files to exploit weak points in email software and internet browsers.

“The virus technically wasn’t cutting edge, but it was more than I could do in the year 2000,” White said.

What was cutting-edge was how it spread. For that, the virus relied on a different kind of weakness: human nature. 

The virus would spread from email inbox to email inbox through a message with an attachment that looked like a text file with the tempting title ‘I Love You.’ 

“And so obviously as the recipient [of] the email, you’d think, ‘Oh my gosh, somebody loves me. I’ll open this mysterious non-Valentine’s Valentine’s card and see who it is.’” said White. 

But the text file was actually a piece of code.

“When you open that attachment, the code went into effect, and what it would do would be to scan your email address book. Send itself automatically to the first 50 people in your address book. So they would all get a copy of this email again with the attachment on it. And of course, a bunch of them would click on the attachment and send it to 50 people,” said White. “Now, once you start doing the math on that, you can take your calculator out and just give it a go. Fifty times 50, times 50, times 50, you suddenly get thousands upon thousands of infections.”

In a matter of days, it was estimated the virus would cost the world economy $10 billion in lost work time.

Spread by social engineering

“ I think one of the things about the I Love You virus that made it incredibly successful is it used two things: trust and curiosity,” said Stephanie Carruthers, the Chief People Hacker for IBM’s X-Force, a group of white hat hackers, analysts, and researchers who provide cybersecurity solutions for companies all over the world. 

“So when someone would open up their email, they would see it coming from someone that they knew and trusted, and then it played into their curiosity because it’s a subject line or the file name was, ‘I love you.’ So okay what’s this about? I think that’s incredibly impactful and something that we still do in today’s world.”

It’s Carruthers’ job to think like an internet scammer and understand how people work. 

Years in the field have left her with a simple core takeaway: we all, generally, want the same things and that makes us vulnerable. 

“Really any type of scam at its core is social engineering,” she said. 

Carruthers traces the origins of social engineering all the way back to the Middle Ages, when local conmen replaced suckling pigs sold in burlap sacks, a “pig in a poke,” with stray cats and dogs. 

“They would just keep moving city to city so they wouldn’t get caught,” she said. 

The I Love You virus was one of the first examples of how social engineering could scale via the internet—how to get millions of people to click first and think later.

“That’s why we’re still talking about it today. It affected, I believe, 10% of people who used the internet at its time, which is huge.”

Compared to modern scams Carruthers deals with now, the I Love You virus was quaint. 

“The ones that keep me up at night are the AI deep fakes, to have those kinds of audio deep fakes be so successful, terrifies me,” she said.

Carruthers is constantly warning clients about fake phone calls — voice clones made to sound like friends or family in crisis and needing money. But hackers are still working with the same emotional playbook the I Love You virus first grafted onto the digital age all those years ago — with an emphasis on trust and curiosity. The internet promised to connect the world and the I Love You virus, for the first time, exposed just how spectacularly dangerous that promise could be.

In the days following the initial outbreak, copycat viruses spread, experimenting with alternative email subject lines like “Very Funny” and “Mother’s Day gifts”. But none took off like the original virus.

Authorities scoured for clues about the mad genius behind it.

A foreign adversary perhaps? Some digitally-savvy and psychologically-attuned terrorist organization maybe?

Computer science students with floppy disks

Digital forensic experts followed the data flow — where the malicious code was funnelling all those passwords scraped by the virus. 

“It was sending data back to this computer server in the Philippines, which was the sort of first indication as to where this virus might have sent out from,” said investigative reporter Geoff White. 

But the virus did not contain the hallmarks expected from a nation state or rogue computer hacking gang. 

“The actual purpose of it was really quite murky. In fact, it was sending so much data back to this server in the Philippines that the server actually crashed. It got overloaded with information that was incoming, which again, was another indication that the person behind this virus didn’t necessarily predict how successful it would be.”

Authorities tracked down this server in the Philippines, which led them to a small group of computer science students in Manila. 

“A bunch of kids who were basically experimenting with different types of computer viruses,” White said. “And you got to realize, these were the days still of floppy disks. So they would pass around viruses to each other on floppy disks. There was a lab where they would work and kind of swap bits of code.”

In 2000, the internet was still so novel that computer hacking was not yet a crime in the Philippines. 

“And so when the investigators started looking and getting the names of some suspects within this university, who were these computer science students who’d clearly been experimenting with computer viruses, yes, they could identify some of the names that were likely in the frame, but they couldn’t actually convict any of these people.” said White.

But the media was not ready to let this go. 

Press descended on Manila and focused its cameras and microphones on one particular student—the person most closely connected to the creation of the Love Bug — a young man named Onel de Guzman. 

“You had this bizarre moment where the lead candidate, the key suspect, Onel de Guzman. He sort of paraded in front of the cameras, gave a very non-committal answer to the journalists’ questions,” he said.

De Guzman had long black hair, wore sunglasses, and held a cloth over his mouth, as his lawyer took questions in a crowded room.

“It’s one of those moments where you sort of hang your head in shame at how bad the journalism was at the time. Because you just wanted someone to throw the obvious question at him, you know, ‘did you do it?’ But he managed to dodge that question. He sort of shuffled outta the press conference and then was never seen again.”

Just like that, the world’s foremost pioneer of hacking via social engineering disappeared. 

Tracking down de Guzman

About 20 years later, when White started researching his book, “Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global”, he began to wonder where this mysterious figure had gone. 

And that’s when he got a tip on de Guzman’s whereabouts. 

“He’d been hanging around working at a market in Manila, working on a mobile phone stall in this marketplace.”

White got word that de Guzman was fixing cell phones for a living. 

He flew to Manila and scoured different markets for hours, armed only with a piece of paper with de Guzman’s name written on it.

“And I showed the piece of paper to people and most people thought I was just mad, but one person said, ‘well, ah, yes, I know him’.” White said.

A few hours later, a man pointed White down a market alleyway. 

“And sure enough I went down there, found the mobile phone stall, tapped this guy on the shoulder and he turned around and it’s him.” White said. “Which was quite a surprise for both me and for him. So finally, I came face to face with Onel de Guzman.”

White made a quick sketch of the moles on his face to later match with those visible in the old press conference footage. They matched. It was really him. 

“We sat down and we had a coffee and he decided that he was going to do an interview with me.”

And that’s when Onel de Guzman admitted, for the first time publicly, that it was true. 

He created the I Love You virus and sent it tunneling through the early internet.

He was responsible for crashing the communications of the world’s most powerful army and countless others.

“He still seemed quite shy and quite reticent. He chuckled about things occasionally. He had a good sense of humor. He also said that he regretted what he’d done.”

De Guzman told White he didn’t realize how bad this virus was going to get.

“In fact, he says that after he unleashed the virus back in 2000, he went out and just got drunk and then woke up probably with a stoning hangover to discover that he’d caused worldwide mayhem and the police were banging a path to his door. He basically, at that point, told his family to sort of trash all of his computers and just sort of went on the run for a little bit. So it was a pretty traumatic thing to happen, and I genuinely don’t think he understood the kind of mayhem he was gonna cause as a result of this.” said White.

But as to why he set the virus loose in the first place — why he tricked 10 percent of the internet and stole their passwords — the answer was simple and unsurprisingly human. 

“ Onel wanted internet access,” said White.

Back then, users were charged for internet access, monthly fees usually billed to your phone line. At the time, the costs were too high for a computer science student in the Philippines to afford. 

De Guzman believed free internet access was akin to a human right—a position the United Nations adopted 16 years later.

If he could not afford this right, de Guzman would commandeer it, and steal the passwords of others to unlock a sea of information locked behind a paywall. 

“Ironically, of course, the vast majority of the internet passwords he received were from people outside the Philippines, so he could never have used those details anyway,” White said.  

“But that was the heart of it. He wanted information, he wanted it for free. He wanted what everybody else had.”