In October, 2005 someone gave me a link to Samy's website. On that page, a surprised and a bit frightened Samy recounted his adventures with Myspace. With his usual flair for amusing and instructive hacks, Samy had created a software worm that caused anyone who visited his myspace to have "Samy is my hero" put in their profile. And anyone who viewed their site got the same thing. Exponential growth occurred. Five hours later a million profiles were infected. Six hours later Myspace.com was down.
At the time I was working for Myspace's parent company. We joked about the hero hack, and we figured they'd probably either fix the hole and hire him, or pretend it didn't happen.
They did neither of those things. They filed a civil suit, and pressed criminal charges. This week it was announced that Samy had pled out and been sentenced to three years probation, an undisclosed sum of "restitution" to myspace, and restrictions on his use of computers and the internet (employment purposes only) for an undisclosed period.
I think Samy got a raw deal. I'm sure that Myspace and the prosecutor turned the downtime into a cash figure from lost ad revenue, because in my experience the D.A.'s are not interested in computer "crimes" unless they involved large sums of money or national security. It's my opinion that Myspace needed a security success to offset their more lurid and frightening image as a haunt of murderers and sexual predators. Samy is neither. He's just a smart kid who made the classic Robert Tappan Morris worm mistake.
I hope they don't find a way to nail him during his probation.