In July 2000, Philippine's President Joseph Estrada led a bold and aggressive business delegation, with a strong concentration on Information Technology (IT) representatives, to the United States, visiting San Francisco; Washington, DC; and New York City. San Francisco, more specifically the area known as Silicon Valley, and the Metropolitan DC area, more specifically the Northern Virginia area (home to AOL, DynCorp and SRA Corp. , among others, as well as numerous government-oriented divisions of companies such as SAIC and Unisys), are world famous as Information Technology hotbeds. And New York City is, well, New York City (besides being the residence of President Estrada's sister and other close family members). During this mission, President Estrada and his delegation boasted that the Filipino community is relatively as IT-savvy as their US counterparts, bragging that the Philippine Islands host technical support centers for several US-based IT mammoths.

To give credit where credit is due, this was an extremely bold move by President Estrada in the aftermath of the Love Bug virus, which authorities have concluded originated in the Philippines. But the formulation, engineering and dispersion of the virus and resultant global contamination does give credence to President Estrada's insistence that the Philippines as a country is home to a geek-dom of IT geniuses. The onslaught of the Love Bug virus was just a negative example of this fact.

Demonstrating just how connected we are to each other throughout the world, particularly via the Internet and the World Wide Web, the Love Bug virus spread with alarming speed, without discrimination, across national borders and around the globe. By worming itself through an unsuspecting victim's address book, the virus expanded its infectious reach swiftly. In effect, it spread like a good piece of gossip: as if a listener told two friends, who each then told two friends, who each then told two more friends, and so on and so on. A well-orchestrated Ponzi scheme doesn't work this well.

The most alarming feature of the Love Bug virus was the degree of passivity that characterized the typical victim. Unlike the aggressive role one takes in participating in a Ponzi scheme or other coordinated plan to perpetuate a fraud, the victim of the Love Bug virus merely clicked his or her mouse on a seemingly innocent message (an attachment denominated "iloveyou", for those few who slept through this disaster in May 2000); and the devastation was unleashed. This simple process of opening an attachment, a common occurrence to novice and veteran computer user alike, made the addressee and all those listed in his or her address book vulnerable and even defenseless. Human nature being what it is, many just could not resist opening the message. The enticing - and innocent - nature of the message is one tremendous factor in what made it so easy to spread. Furthermore, seeing how easy it was to disperse the Love Bug virus, by the next day copy-catters were spreading new viruses, some disguised as jokes with others that quickly followed as purported Mother's Day messages (to commemorate the US mid-May holiday).

The complexity of the technology utilized was masked by the apparent ease of the virus's transmission. When the average computer user opened the apparently harmless e-mail attachment, something seemingly "went wrong." But there was no flash of smoke, or alarming computer graphics equivalent to a dramatic explosive reaction; there was not even the widely dreaded computer crash to demonstrate the seriousness of the invasion. The terms used publicly to describe the destruction that was occurring meant little if anything to the typical consumer. More importantly, the terms used to describe how to avoid being infected or what to do once infected meant even less. This was further compounded by the fact that different systems were more susceptible than others; the operations of the virus varied with different systems; and the virus wrought different damage to different systems. All of these factors and the varying impact of the virus led to confusion and virtual paralysis in the face of a disaster whose dimensions were incomprehensible to the average consumer.

Because of its quiet but rapid spread, the virus was able to virtually cripple the digital world before authorities and security personnel even knew it existed. Financial markets were disabled, government agencies in the US and abroad were hit, and corporate operations in America and around the world ground to a halt. Although not resulting in a complete shut-down of computer operations or a full-scale denial of service at specific digital hubs like those perpetrated by other computer viruses, the Love Bug did flood a user's e-mail account, sometimes with hundreds of purported "love letters", so that in effect the user was incapacitated. It also destroyed digital technology files, such as photographs and music stored using MP3 (the technology that allows a consumer with Internet access to find, purchase, listen to and store a vast musical collection). In other instances, computer operations simply, ultimately crashed. However, the vast majority of the damage was done to e-mail systems, interrupting internal and external communications, among friends, business associates and across personal and professional lines, in a truly borderless world.

To eliminate the possibility of the perpetration of this type of crime in the future, efforts must be undertaken at both the corporate and the government level. It behooves corporations to identify security provisions (whether software, hardware, computer experts or standard operating security procedures) that can detect and prevent destructive computer viruses before they access, spread and cause damage to computer systems. Corporate security personnel must play a vital role in this initiative. No longer can a company rely on closed circuit television to detect hostile activity and its perpetrators. Trained professionals must monitor not only the physical premises and the work force, but the company's computer systems and access via the Internet.

As access to and the reach of the Internet spreads, laws dealing with encroachments related to its use are emerging, but slowly and tentatively. For example, in October 1996, US federal law was amended to address the increase of computer related crimes. Specifically, this new legislation makes it a crime where anyone "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer", which includes any computer "which is used in interstate or foreign commerce or communications". The European Union is likewise addressing the issue. In formulating a "Convention on Crime in Cyberspace", in April 2000, the Council of Europe released the "Draft Convention on Cyber-Crime", which is expected to be finalized by the end of this year. It is anticipated that the Committee of Ministers could adopt the final text and that the Convention will be open for signature by the fall of 2001.

Laws must be enacted at the national level; and reciprocity must be provided for among nations to protect the increasingly interconnected and inter-dependent global community that is wired together via the Internet. While uniformity in addressing computer security and unauthorized penetration of computer systems is not absolutely essential, it will ensure that criminal havens - such as those that have arisen to protect money-laundering operations around the globe - do not permit and sustain greater and greater devastation. It is not too soon to begin a global dialog on the standards of acceptable and unacceptable behavior on the Internet.

Unfortunately, there was no law in the Philippines dealing with computer crimes at the time of the initial Love Bug attack. Therefore, the Government of the Philippines was forced to dismiss the charges against the Love Bug suspect, identified as a disgruntled graduate student whose thesis was on the development and dissemination of a destructive, global computer virus. Apparently recognizing the serious ramifications of this disturbance, and of its negative impact on his country's tremendous potential in the field of Information Technology, President Estrada signed legislation addressing electronic commerce and computer hacking, in June 2000, just weeks after the spread of the Love Bug virus. Although this measure was too late to punish the Love Bug perpetrator, one more door has been closed to illegal computer activities and one more country has recognized the need to face this massive new area of potential waste and fraud. Hopefully, the door to legitimate connections, both in the Philippines and around the world, will remain open.

© Copyright - Smith Brandon International, Inc.

Smith Brandon International, Inc. conducts international investigations and provides actionable business intelligence and risk avoidance counsel to assist companies in their overseas operations. The firm's principals are grounded in investigative, analytical, and intelligence gathering techniques, drawing on decades of experience in the FBI, State Department, intelligence circles and the private sector. For more information, please call 202-887-9363, or visit our website at http://www.smithbrandon.com/.