South Korea's largest telecommunications company, KT, infected its subscribers' devices with malware to block their use of BitTorrent



KT , a major South Korean Internet Service Provider (ISP), has reportedly installed malware on the computers of over 600,000 of its subscribers without their consent, with the aim of disrupting the use of BitTorrent , a traffic-intensive service.

[Bonus] KT, how to use the app? Tips for downloading 'audio code' on PC | Monthly JTBC News
https://mnews.jtbc.co.kr/News/Article.aspx?news_id=NB12201880



South Korean ISP 'Infected' Torrenting Subscribers with Malware * TorrentFreak
https://torrentfreak.com/south-korean-isp-infected-torrenting-subscribers-with-malware-240625/

South Korean telecom company attacks torrent users with malware — over 600,000 customers report missing files, strange folders, and disabled PCs | Tom's Hardware
https://www.tomshardware.com/tech-industry/cyber-security/south-korean-telecom-company-attacks-torrent-users-with-malware-over-600000-people-report-missing-files-strange-folders-and-disabled-pcs

BitTorrent is a peer-to-peer (P2P) file sharing system, and it was once said that BitTorrent accounted for one-third of Internet traffic. In recent years, it has not been used as widely as it once did, but in some countries, such as South Korea, where file sharing is active, the burden on networks caused by BitTorrent is still a source of concern for ISPs.

Among Korean BitTorrent users, the paid BitTorrent support service provided by the cloud storage service ' Webhard ' is very popular. According to a report by Korean TV station JTBC , KT, one of the largest ISPs in Korea with over 16 million subscribers, has infected its subscribers' computers with malware to disrupt the use of Webhard.



According to JTBC, in May 2020, Webhard users were inundated with complaints about 'unexplained errors.' Users reported not just slower file downloads, but also that their grid-based Webhard service was going offline or experiencing unexplained errors.

Further investigation revealed that all users experiencing the unknown error were using KT as their ISP. A Webhard representative said, 'Only KT users are experiencing this issue. The malware creates strange folders on the PC and makes files invisible, completely disabling the Webhard program itself. In some cases, the PC itself became unusable, which is why we made the issue public.'

Police authorities investigated the information and found that the malware attack was originating from KT's own data center south of Seoul. Authorities say KT may have violated the Act on the Protection of Communications Secrecy and the Information and Communications Network Act. In November 2023, 13 people, including KT employees and subcontractors, were indicted for their involvement in the malware attack, but the investigation is still ongoing.

Police investigating the case believe it was a coordinated hack. According to a JTBC report, KT's dedicated team consisted of a malware development department, a distribution and operations department, and an eavesdropping department that examined data sent and received by KT users in real time.



The exact reason why KT distributed the malware is unclear, but police say they believe that there were internal discussions at KT about network-related costs and that reducing the financial costs associated with using Webhard was likely the motive.

◆ Forum is currently open
A forum related to this article has been set up on the official GIGAZINE Discord server . Anyone can post freely, so please feel free to comment! If you do not have a Discord account, please refer to the account creation procedure explanation article to create an account!

Discord | 'How do you think we can prevent ISPs from distributing malware?' | GIGAZINE
https://discord.com/channels/1037961069903216680/1255815423908380715

in Software,   Web Service,   Security, Posted by log1h_ik