Tales from our Pinoy Hackers after Y2k bug to pre-Comeleak part 1

by Nullforge Blog on February 8, 2021February 10, 2021 in Hacks, Threat Intelligence

Threat Intelligence has always been misunderstood from some Filipinos working in the scene but not all. Some threat intelligence analysts would tend to point that the Anonymous Philippines originated from some hacker cons and that most white hats are still active in the underground scene and are not entirely reformed hackers. I read this from a leaked presentation from before but I don’t want to point what Threat Intel company is involved for the mischief.

They talk about Threat Intel but they don’t share the stories of our Pinoy hackers and some of the origins of our Pinoy hackers. And so I hope that this post will somehow serve justice to them.

I was already online when Friendster was vulnerable to HTML Injection and XSS. BUT none of us care.

IRC was my home back then despite having Friendster and Yahoo messenger.

DALnet back then was home for the underground Filipino hacker groups. Before Philker, Privatex, Anonymous Philippines and ProjectX era (2008 – pre-ComeLeak), there were Filipino hacker groups like Asianpride, PHTeam, Philcarder, Oneball, Darkscience, and Locusts.org (year 2000 – 2004?).

Before talking about these groups. Let’s travel further to what happened in May 4 2000.

The I Love You Virus True Story (May 2000)

“On May 4 2000, an e-mail bearing the title ”I LOVE YOU” began popping up in computers in Asia. When opened, it destroyed graphics and other files. The e-mail program, commonly called a virus or worm, which replicates by sending itself to all the other e-mail addresses in a computer’s database. Within hours, the worm plagued through government offices in Europe and the United States which forced The Pentagon, CIA, the British Parliament, and most large corporations to completely shut down their mail systems.” –Wikipedia

The Suspects (Filipino students from AMA)

Onel de Guzman

Onel de Guzman admitted unleashing the “Love Bug”, the computer virus that caused havoc by infecting 45 million machines around the world.

He has never worked for the CIA, Microsoft and Pentagon.

Michael Buen

Michael Buen denies writing the virus but:

“In February 2000 (Before the outbreak of the virus), a virus was sent to clients of Sophos, a security firm based in Oxfordshire, England. It came in the form of a CV in the name of Michael Buen and it came from the Philippines. The virus was designed to reproduce itself and infect Word documents.” – Soldierx HDB

Impact of I Love You Virus

Since there were no laws in the Philippines against writing malware at the time, Onel was released with all charges dropped by state prosecutors.
To address this legislative deficiency, the Philippine Congress enacted Republic Act No. 8792, otherwise known as the E-Commerce Law, in July 2000, just two months after the worm outbreak.
In 2012, the Smithsonian Institution named ILOVEYOU the tenth-most virulent computer virus in history.

After 20 years of silence…

Onel de Guzman in 2020

Geoff White then interviewed Onel last April 2020 regarding the virus:

“De Guzman claimed he sent the virus initially to someone in Singapore, and then went out drinking with a friend. The first he knew of the global chaos he had unleashed was when his mother told him police were hunting a hacker in Manila.

His mother hid his computer equipment, but not the diskettes containing de Guzman’s classmates’ names, including Michael Buen, which were later found by the police. De Guzman insisted Buen had nothing to do with the Love Bug and that he was its sole creator.” – Computer Weekly

Where is Michael now?

I was able to tracked him in Twitter and his blog way back 2010.

So who is really the real virus author? You be the judge.

The 4’ O Clock Project (Year 2000 – 2002)

Since I talked about the old underground groups let us dig further about them.

As early as 2000 (based on the archives), a project initiated by Asianpride was launched which is the 4 o’clock Project. Their aim was to publicize the flaws of Philippine websites during that time. The website contained their mass defacements and defacement mirrors or archives from popular Philippine websites like cebu.gov.ph, Globe ISP, informatics.edu.ph, ABS-CBN websites, server.purefoods.com.ph, Icct.edu.ph, etc.

Website: http://fouroclockproject.iwarp.com/

Sample Defacement Page in the archive dedicated to Rico Yan

Asianpride allegedly was able to intrude into the servers of local ISP Mosaic Communications Inc (MosCom or Mozcom), uploading executable programs that would eventually modify a website’s main page.

1st Cybercrime Conviction (2005)

Before Rodel Plasabas, Paul Biteng and Joenel de Asis; JJ Maria Ginner was the first Filipino hacker accused of hacking and defacing of the government portal gov.ph. Here are some facts:

He was convicted under the E-Commerce Law for hacking the government’s .gov.ph site. (Criminal Case No. 419672-CR filed at Branch 14 of the Metropolitan Trial Court of Manila under Judge Rosalyn Mislos-Loja)
He was sentenced to one to two years of imprisonment and fined Php100,000. However, he immediately applied for probation, which was eventually granted by the court.
The conviction is now considered a landmark case, as he is the first local hacker to be convicted under section 33a of the E-Commerce Law or Republic Act 8792.

Where is JJ Maria Ginner?

I can’t confirm nor deny where he is right now but I am proud to say that he is a very excellent penetration tester right now and that you may have seen him in some hacker conferences.

Part 2?

There are more stories before ComeLeak. Follow our Facebook Page for more updates and new stories: https://www.facebook.com/nullforgesec.