On May 4, 2000, the world was shaken by a computer virus disguised in the simplest form, an email titled “ILOVEYOU” with an attachment named LOVE-LETTER-FOR-YOU. At first glance, it looked like an ordinary love letter, but the attachment carried a global catastrophe.
Within hours, millions of computers worldwide were crippled, from major corporations like Ford and Merrill Lynch to vital institutions such as the Pentagon and the British Parliament. The damage was estimated at 10 billion US dollars, making it one of the largest cyberattacks in history.
From Y2K to the “Love Letter”
Just months earlier, the world had survived the panic of the Y2K bug, a computer glitch feared to paralyze systems during the transition from 1999 to 2000. While that crisis was ultimately resolved, the relief proved short-lived. Only a few months later, the “Love Bug” emerged, forever changing how people viewed the internet.
The subject line “ILOVEYOU” was hard to resist. Who wouldn’t be curious about a mysterious love letter? Unfortunately, once the attachment was opened, the malicious program immediately activated.
The virus replicated itself and sent copies to the first 50 contacts in the victim’s Microsoft Outlook address book. This cycle repeated thousands of times, spreading like a digital epidemic.
Worse still, the virus didn’t just spread. It deleted and replaced critical files on infected computers, from documents and personal photos to mp3 music files. Countless individuals and companies without data backups lost valuable files permanently.
Lightning-Fast Spread
In just five hours, the virus had traveled from Asia to Europe and then to the United States. In Hong Kong, banks and media companies were thrown into chaos.
In Stockholm, participants at a computer security conference—who had just listened to a lecture on another virus—suddenly found their phones ringing nonstop as the “I Love You” emails hit them in real time.
Soon after, the UK was forced to shut down Parliament’s email servers. In the US, the military headquarters at Fort Bragg was flooded with fake love messages, forcing the shutdown of its entire command email system. Even Microsoft, the maker of Outlook, was not spared.
It didn't take long for an estimated 45 million computers to became infected, including those belonging to financial institutions, news agencies and government bodies. The attack drove home a stark realization: the internet, still in its early years, could also become a devastating weapon.
Tracing the Trail to Manila
Amid the global panic, an international investigation was launched. The FBI, the Pentagon, and the Philippine police all pursued the origins of the virus. The code itself contained an email address based in Manila, as well as references to a small group called GRAMMERSoft.
Philippine police raided an apartment in Manila, where they found stacks of floppy disks, computer magazines, and other equipment. One name stood out: Onel de Guzman, a computer science student at AMA Computer College.
Interestingly, it was revealed that a thesis previously rejected by his professor contained code strikingly similar to the ILOVEYOU virus. In his thesis, Onel had written that the program was designed to “steal Windows passwords and internet accounts” so that users could access the internet for free.
At the time, internet costs in the Philippines were prohibitively high for many students.
Confession and Controversy
On May 11, 2000, Onel de Guzman appeared before the public at a press conference. Accompanied by his lawyer, he gave only vague answers when asked whether he was behind the virus. His reply was brief: “It is possible.”
When pressed about the massive damage caused, he simply said: “nothing, nothing.” The response left many baffled and frustrated, as it seemed to show no remorse.
The real problem was that the Philippines at the time had no laws against computer crimes. Even though the evidence pointed strongly to Onel, there was no legal basis to prosecute him. Attempts to charge him under fraud laws failed.
As a result, Onel was never convicted. Ironically, his case became the catalyst for the creation of the Philippines’ first anti-cybercrime legislation. However, the new law could not be applied retroactively to his case.
Public opinion in the Philippines was divided. Some hailed Onel as a “Filipino genius” who showcased local creativity—one even inspired a film based on his story. But cybersecurity experts regarded his actions as a disaster that undermined trust in technology.
Two Decades Later
For years, Onel de Guzman vanished from the spotlight. Rumors spread that he had moved to Europe or even been recruited by Microsoft.
The reality, however, was far more modest. Twenty years later, a BBC investigative journalist tracked him down in Manila, working at a small mobile phone repair shop.
In that interview, Onel finally admitted to being the creator of the ILOVEYOU virus.
“I figured out that many people want a boyfriend, they want each other, they want love, so I called it that,” he told the BBC when asked why he gave his creation such a romantic name.
He explained that his original intention was only to steal internet passwords to get online for free. He expressed regret and said he was shocked that his virus had reached institutions as far as the Pentagon and the British Parliament.
