First Person: I Hacked Myspace, And They Made Me Go The Next Three Years Without Computers
11 years ago, Samy Kamkar's worm infected over a million people on Myspace. US Secret Service agents raided his house and forced him to live the next three years without computers.
BY As told to Patrick Chew | Jul 12, 2016 | Culture
My mum got me a new computer when I was 10. That day, we also got the Internet. One of the first things I did was to go into a chatroom on IRC to have a look around. Someone else who was in that chatroom told me to get out. And I was like, Why would I get out of this chatroom? It doesn’t make any sense. Then he said, “You have 10 seconds to get out.”
I obviously didn’t heed that warning. 10 seconds later, my computer crashed. I freaked the hell out. My mum had spent all of her money to get me that computer and I was gonna get into a hell of a lot of trouble if I spoilt it the first day I got it. I rebooted it with no idea if it’d be fixed. Thankfully, it did. At that point, I was relieved but, at the same time, I remember thinking, Damn that was really cool. I really want to learn how to do that.
From there, I learned reverse engineering and computer programming. Not that I wanted to shut down people’s computers or anything but there was something intoxicating about the ability to do it. I invented cheat softwares and released them as open source.
When I was 14, I wrote cheat software for Counter Strike. All I wanted to do in the beginning was to control music. I didn’t like that I had to exit Counter Strike to change songs if I didn’t like them. I wanted to make it such that all I had to do was hit a key on my keyboard.
To do that, I reverse engineered the game codes. And once I did that, I wanted to find out which other parts of Counter Strike I could access. I remember running around in the game and hearing footsteps of enemies that would pan from my left to right speaker. That told me that the game had positional information on where the enemies were. So my intentions turned to extracting that information and displaying it on the screen.
Eventually, through the help of something called Computer Vision, I was able to see through walls and know where each enemy was. I also built a software that would aim for me and allowed me to delete anything I wanted, which meant that I could delete the smoke from a smoke grenade and see clear as day when everyone else would just see smoke.
That was the first effective thing I built that a lot of people used.
A few years later when I was 19, I was messing around on Myspace to see what I could do. It all started because I wanted to change my relationship status from “In a relationship” to “In a hot relationship”.
It all started because I wanted to change my relationship status from “In a relationship” to “In a hot relationship”.
After investigating, I realised that the easiest way to do it was to exploit Myspace’s job script filter to execute one of my own. Once I did that, I was able to change anything I wanted on the page but more interestingly, I could control users’ browsers whenever anyone visited my profile page.
I thought it’d be funny if I could modify someone’s profile to display the words, “Samy is my hero” whenever they visited my page. I also added another code that would make them automatically add me as a friend if they visited my page. That didn’t work very well because not a lot of people were visiting my page.
I thought, If someone were to add me as a friend and display “Samy is my hero”, then maybe I can find a way to copy those codes onto their profile so that anyone who visited them would also add me as a friend and display “Samy is my hero."
If someone were to add me as a friend and display “Samy is my hero”, then maybe I can find a way to copy those codes onto their profile so that anyone who visited them would also add me as a friend and display “Samy is my hero.
So I added that code and went to bed for the night. I woke up the next morning, thinking I’d have a couple new friends, but instead got 200 new ones, which doubled with each hour that went by. My code had become a worm that was travelling a lot further and faster than I could have imagined. By the end of the day, I had over a million new friends who were all saying I was their hero.
Myspace eventually shut down their website, fixed the bug and put everything back to normal. And I thought that was it.
Six months later, however, US Secret Service agents showed up at my door and raided my house. They took away all my computers, laptops and basically everything electrical. I went to court and ultimately accepted a plea agreement with the Los Angeles District Attorney, which stipulated that I had to spent the next three years with no computer use.
My code had become a worm that was travelling a lot further and faster than I could have imagined. By the end of the day, I had over a million new friends who were all saying I was their hero.
I was ready to accept anything they threw at me because I just wanted it to be over. It took six months before I got raided and another six months of fighting with the DA before coming to a settlement. It was probably more nerve-wrecking not knowing what was going to happen to me than just having something happen and then getting over it.
When I thought about life without computers, I thought it’d be awful. But honestly, it wasn’t that bad. What’s funny is that the hardest part I found was not having access to Google Maps. Think about it—I had to use paper maps. Who uses paper maps anymore? They suck. I got used to not having email or news or whatever but paper maps? Man, just can’t do it.
At the time, I had also just turned 21, which is the legal drinking age in the US so I could go to bars. I had co-founded a company and was managing a team of people during the day. I just filled my time with other things.
I went from spending almost every waking moment facing a computer to not being allowed by law to even use one. I started interacting with people a lot more than I did. The whole experience just made me a lot more sociable and made me go out and see the world in a way that I otherwise wouldn’t have.
The day the three-year ban was lifted, I went out to buy a new laptop. I went online for a few minutes to check some emails, closed it, and went outside. There was no need to stay on any longer.