How a backhoe and a bug stopped the nation

By GARRY BARKER TECHNOLOGY REPORTER Saturday 6 May 2000

A backhoe, a landslide and a "love bug" e-mail virus brought Australia's communications system to its knees yesterday. They shut down the Australian Stock Exchange, infected banks and finance houses, blacked out mobile phone networks and jammed automatic teller machines across the country.

Two Optus trunk cables between Melbourne and Sydney were cut by a backhoe in Wangaratta and a landslide near Nowa Nowa in Gippsland.

Optus had its services back on line soon after noon yesterday, but work on corporate computer systems to clean up the damage done by the viruses continued throughout the world last night.

The cable failures pushed some inter-city Optus traffic on to Telstra's network, overloading it and blanking calls to central Sydney exchanges for about two hours.

Westpac's automatic tellers and branch networks in Victoria, Tasmania, South Australia and Western Australia were out between 10am and 12.20pm. The Commonwealth Bank had similar problems. Others escaped major problems.

But the viruses had a horrendous worldwide effect and were estimated to have cost international business hundreds of millions of dollars. Rated by experts as a "thousand times worse" than the recent Melissa virus, the virulent e-mail "worms" were called "Love Letter", "Very Funny" and "Lithuania".

The main damage was caused in Britain, Europe, parts of Asia and the US. They reached major Australian corporate computers overnight, caused chaos for many and widespread shutdown of e-mail systems.

Kieran Fitzsimmons of MessageLabs, which screens millions of company e-mails for viruses said they were "very effective; among the nastiest I've ever seen".

He estimated that 10 per cent of the world's mail servers were shut down as precautions were taken.

Wall Street's international traders and many US-based multinationals, including Ford and Alcoa, were hit. Between 10 and 30 per cent of British businesses were affected, among them Microsoft, News International and the BBC, banks and financial institutions and the houses of Parliament.

The bugs originated in two e-mail addresses at an Internet service provider in Manila, but most doubt that the perpetrator, believed to be a youthful computer hacker, is in the Philippines.

He or she is more likely to be an American. One of the scripts used contains the phrase: "I hate to go to school."

"They used two e-mail addresses through Supernet, spyderzsuper.net.ph and mailmezsuper.net.ph," said Jose Carlotta, chief operating officer of Access Net, the Manila ISP that owns Supernet, a prepaid service. The users could not be traced because the service was pre-paid, he said. Anyone, anywhere in the world, could have used them.

Frances Ludgate of Computer Associates' anti-virus laboratory in Melbourne said it was unlikely the perpetrators would be caught.

"Only two have so far been charged, one in the UK some years ago, and the other, David L. Smith, alleged author of Melissa, who is to face trial soon in New Jersey."

LoveLetter's subject line carries the words "I love you". Very Funny has no message, just a subject line saying "Fw: joke."

The stings are in the attachments. If opened they release worms that invade the PC or the network it's on, overwriting images and audio files and damaging scripts.

They then steal the PC's address book and replicate themselves to all the addresses. The spread is fast and big enough to jam national telecommunications networks.

Australia was lucky. Time differences and early warnings avoided the huge damage suffered elsewhere in the world. BHP, Ford, Alcoa and Fairfax were among those here hit but damage was contained, thanks to early warnings from anti-virus companies and the media.

The Age had the story on its front page yesterday and radio news bulletins carried it from 6am. A BHP spokesman confirmed that the company's worldwide e-mail system, connecting more than 20,000 PCs, had been shut down soon after midnight and was still down at 4pm yesterday as the clean-up went on.

International financial companies such as Salomon Smith Barney, Merrill Lynch and Jardine Insurances were reported to have ingested the worms, but they, and most other reported victims, declined to give details.

http://www.theage.com.au/news/20000506/A44406-2000May5.html

-- Martin Thompson (mthom1927@aol.com), May 05, 2000