Hackers’ Paradise

7 minute read
DAFFYD RODERICK Manila

In a small, hot room in Caloocan city, one of Manila’s shoddy suburbs, a 21-year-old man-child perches on a chair and turns the fan up to high. Yellow paint peels from the walls. There is no running water. The bed is a dirty mattress on a steel frame. But enthroned on a makeshift table sits a workstation worthy of a cash-rich start-up. The man leans toward his crisp, new 19-inch monitor and gets down to business. He surfs to the archive of an online florist and peruses someone’s recent order for roses, complete with a mushy love letter. But this man, a hacker who uses the online handle Eyestrain, isn’t interested in the saccharine prose. He is focused instead on swiping the buyer’s credit card details. “See? It’s that simple,” he says, as he cuts and pastes the number onto his desktop. Eyestrain, who doesn’t want his real name revealed, says he paid for all of his computer equipment with pilfered numbers he lifted off the Net.

Eyestrain is a far cry from the black-garbed, straggly haired hacker that has become a pop culture clichE. His short, black hair is gelled carefully in place and his fashion sense is more eager-intern than Neuromancer. But Eyestrain is as crafty as the iconic hacker when he jacks in as a dark-side programmer jamming code. The Philippines has a vast underworld of hackers, rooting through the Internet’s depths while typical Web users surf the surface. But most of them, like Eyestrain, aren’t so much malicious as stifled. They have skills, some creative flair and a streak of cybercourage. And the main reason that hacker gangs like the Locusts and the Abu Sayaff Boyz (unrelated to the terrorist group) battle for control of hacked servers is because with all their computer chops, they can’t get a mainstream job in the impoverished Philippines. The result: a particularly virulent breed of hackers, at least a thousand strong, with real grievances, a blurry sense of right and wrong and a knack for stealing passwords and pirating software.

The poster boy of Filipino hackerdom is Onel de Guzman, the 23-year-old Manila resident blamed for allegedly unleashing last year’s Love Bug virus, which wiped out files and paralyzed Internet access from Pakistan to the Pentagon. De Guzman was unemployed: he learned to hack partly by sneaking into other people’s accounts to access the Internet, which he couldn’t otherwise afford. That’s typical: hackers in the Philippines tend to be overtrained, underutilized minds trying to satisfy their creative yearnings but kept from doing so by a variety of factors. Besides the stinging poverty that has translated into few programming gigs, political instability and the wrong kind of computer training have kept the country from following India as a beneficiary of low-cost Internet spin-off jobs, either in software or services like call centers or technical support help desks. Some 350,000 students are enrolled in computer colleges across the Philippines, but there are far fewer jobs to match their skills.

Another factor is more sociological than financial. The country’s top universitiesthe University of the Philippines, Ateneo de Manila, De La Salle Universityare dominated by students from rich and middle-class families who attended the top high schools. They eventually percolate into the Elite jobs available for graduates. For less-pedigreed programmers, the pickings can remain lean all their lives.

Born to a poor family in Lucena City in the southern Philippines, Eyestrain first tapped a keyboard when he was 12. His school had just received its first computer, and it was love at first byte. “I couldn’t get enough,” he says. “As soon as I sat down at it, I got it.” He skipped lunch hours and stayed late after school to get a turn at the terminal. Neither of his parentshis dad is a machinist, his mom a store clerkhad even used a typewriter. Hungry for more than he could learn in his small hometown, Eyestrain went to Manila at age 17 to attend Systems Technology Institute, a technical college that offers low-cost programming courses. The classes were disappointing: Eyestrain found that he knew more than his teachers. “They exempted me from classes and got me to help administer the computers,” he recalls. He tried another computer school, but soon gave up on receiving a formal education in programming. Without the family or the academic background to get into a computer science degree program at one of the country’s Elite institutions, he drifted home.

Chatting online with some Manila friends in 1999, Eyestrain decided to return to the capital. He got off the bus with $150 in his pocket and hopes of finding work as a programmer or system administrator. But without a degree, finding computer work has been impossible. Ieta Chi, general manager at Trend Microsystems, an antivirus company that employs more than 280 people at its Manila office, says his desk is flooded with applicants like Eyestrain. “We can’t really afford to waste time seeing people who haven’t even finished school,” Chi says.

Instead of returning to his backward hometown, however, Eyestrain stayed in Manila and became a cyberthief. By hacking into several e-commerce websites, he has built up a database of hundreds of credit card numbers. To use them without risking arrest, he set up a mailing system through a chat room, a kind of Net Bandits Clearing House. It works like this: “I order two monitors, they get sent to an address in Tacoma, Washington, that the guy I met in the chat room has access to, and then he forwards me one monitor and keeps the other for himself,” says Eyestrain, with a sheepish smile on his face. The address isn’t attached to the accomplice and each credit card is only used once. Almost all of his hardware has been illicitly gained, and now Eyestrain is using some of it to commit even more cybercrime, burning pirated CDs that he sells for $1.20 each. Hardly the job of his dreams, but it’s easy and gives him plenty of time for hacking.

More than 40 Philippine websites have been hacked in the past year, including those of the nation’s navy and air force, popular portal Yehey.com and AMA computer college. On many of the sites hackers have left obscene messages berating the system administrator for sloppy security while also heaping scorn on rival hackers, in a boasting battle similar to those between rappers. “When creativity expresses itself in an immature way, it can often be destructive,” says Randy David, a sociology professor at the University of the Philippines. That’s especially true, he points out, in a class-ridden country where hackers have the chance to lash out at powerful institutions they consider repressive. “In cyberspace it doesn’t matter if you’re a Roxas, a Lopez or a Zobel,” he says, ticking off the Philippines’ leading families. “No one knows your identity. You can’t begin to imagine the impact this has on a hierarchical society like ours.”

Eyestrain’s friend Hiiro, a more stereotypical geek with Coke-bottle spectacles and a microchip key-chain dangling from his belt, doesn’t dabble in credit cards and says he has “knocked some sense” into his pal. (Tapping into other people’s Internet accounts, however, is still considered fair game.) Both men would prefer to go legit and offer their services as security advisers to local ISPs. They’re not getting far. “They just ignore us,” says Hiiro. When their user databases get hacked and they find a few thousand missing credit card numbers, these websites and isps may regret that decision.

More Must-Reads from TIME

Contact us at letters@time.com