I’ve known Samy a long time, maybe eight years. He’s a computer genius. At age 15 he was running the L.A. Perl Users Group. I got a conference room for him at my job and he ran the whole thing, even though his mom had to drop him off there. He finished high school early and got emancipated. At 16 or 17 he was living in his own apartment, making good money at a technology job. I didn’t see him often, but it was always a pleasure. Unlike a few other computer geniuses I’ve known, he was personable and sociable, even charming. And Samy is an idea factory. He would pop up, say hi, and show me something he’d done. It was almost always a “holy shit” moment of surprise and admiration for me. More than once he’d figured something out that was potentially Very Big, but he never sold his hacks and to my knowledge he never did any harm.
In October, 2005 someone gave me a link to Samy’s website. On that page, a surprised and a bit frightened Samy recounted his adventures with Myspace. With his usual flair for amusing and instructive hacks, Samy had created a software worm that caused anyone who visited his myspace to have “Samy is my hero” put in their profile. And anyone who viewed their site got the same thing. Exponential growth occurred. Five hours later a million profiles were infected. Six hours later Myspace.com was down.
At the time I was working for Myspace’s parent company. We joked about the hero hack, and we figured they’d probably either fix the hole and hire him, or pretend it didn’t happen.
They did neither of those things. They filed a civil suit, and pressed criminal charges. This week it was announced that Samy had pled out and been sentenced to three years probation, an undisclosed sum of “restitution” to myspace, and restrictions on his use of computers and the internet (employment purposes only) for an undisclosed period.
I think Samy got a raw deal. I’m sure that Myspace and the prosecutor turned the downtime into a cash figure from lost ad revenue, because in my experience the D.A.’s are not interested in computer “crimes” unless they involved large sums of money or national security. It’s my opinion that Myspace needed a security success to offset their more lurid and frightening image as a haunt of murderers and sexual predators. Samy is neither. He’s just a smart kid who made the classic Robert Tappan Morris worm mistake.
I hope they don’t find a way to nail him during his probation.