Tag: trojans

Samy

I’ve known Samy a long time, maybe eight years. He’s a computer genius. At age 15 he was running the L.A. Perl Users Group. I got a conference room for him at my job and he ran the whole thing, even though his mom had to drop him off there. He finished high school early and got emancipated. At 16 or 17 he was living in his own apartment, making good money at a technology job. I didn’t see him often, but it was always a pleasure. Unlike a few other computer geniuses I’ve known, he was personable and sociable, even charming. And Samy is an idea factory. He would pop up, say hi, and show me something he’d done. It was almost always a “holy shit” moment of surprise and admiration for me. More than once he’d figured something out that was potentially Very Big, but he never sold his hacks and to my knowledge he never did any harm.

In October, 2005 someone gave me a link to Samy’s website. On that page, a surprised and a bit frightened Samy recounted his adventures with Myspace. With his usual flair for amusing and instructive hacks, Samy had created a software worm that caused anyone who visited his myspace to have “Samy is my hero” put in their profile. And anyone who viewed their site got the same thing. Exponential growth occurred. Five hours later a million profiles were infected. Six hours later Myspace.com was down.

At the time I was working for Myspace’s parent company. We joked about the hero hack, and we figured they’d probably either fix the hole and hire him, or pretend it didn’t happen.

They did neither of those things. They filed a civil suit, and pressed criminal charges. This week it was announced that Samy had pled out and been sentenced to three years probation, an undisclosed sum of “restitution” to myspace, and restrictions on his use of computers and the internet (employment purposes only) for an undisclosed period.

I think Samy got a raw deal. I’m sure that Myspace and the prosecutor turned the downtime into a cash figure from lost ad revenue, because in my experience the D.A.’s are not interested in computer “crimes” unless they involved large sums of money or national security. It’s my opinion that Myspace needed a security success to offset their more lurid and frightening image as a haunt of murderers and sexual predators. Samy is neither. He’s just a smart kid who made the classic Robert Tappan Morris worm mistake.

I hope they don’t find a way to nail him during his probation.

Hey Sony! You gonna get JAILED!

Thanks for installing malicious stealth software on people’s computers when they play CDs.

It would be a terrible shame if someone put one of their CDs into a machine that happened to control some part of the infrastructure here in the U.S. that is responsible for people’s lives, and that machine happened to fail, because then they would be guilty of industrial terrorism. And that would be bad.

If that first link above makes your eyes glaze over, a simpler version of the story can be found at the WFMU blog, where I found the story in the first place.

Don’t buy copy protected CDs. And if you happen to get one, join a class action suit. They need to get spanked hard for rootkitting people’s machines like this.