South Korean ISP ‘Infected’ Torrenting Subscribers with Malware

Home > Piracy >

News reports from South Korea, reveal that Internet provider KT actively installed malware on the computers of over half a million subscribers. The malware was intended to interfere with BitTorrent traffic, presumably as a network management solution. A police investigation suggests that cost savings likely played a role too, which is not surprising given local file-sharing habits.

KT logoFrom a networking perspective, most Internet providers are generally not thrilled with BitTorrent users.

Historically, torrent traffic has placed quite a burden on the network, which is one of the reasons why Comcast quietly began throttling torrent traffic many years ago.

Another reason to limit torrent traffic is to reduce costs. BitTorrent users transfer large amounts of data that’s not always covered by cheap peering agreements, which can become quite costly.

Today, torrent traffic is a much smaller percentage of total traffic. Internet providers generally are better equipped to deal with it and all-out throttling has become a rarity in most countries. However, in South Korea, an even more concerning anti-torrent tactic was uncovered recently.

Last week, an in-depth investigative report from JTBC revealed that Korean Internet provider KT, formerly known as Korea Telecom, distributed malware onto subscribers’ computers to interfere with and block torrent traffic.

Webhard Torrents

File-sharing continues to be very popular in South Korea, but operates differently than in most other countries. “Webhard” services, short for Web Hard Drive, are particularly popular. These are paid BitTorrent-assisted services, which also offer dedicated web seeds, to ensure that files remain available.

Webhard services rely on the BitTorrent-enabled ‘Grid System’, which became so popular in Korea that ISPs started to notice it. Since these torrent transfers use a lot of bandwidth, which is very costly in the country, providers would rather not have this file-sharing activity on their networks.

KT, one of South Korea’s largest ISPs with over 16 million subscribers, was previously caught meddling with the Grid System. In 2020, their throttling activities resulted in a court case, where the ISP cited ‘network management’ costs as the prime reason to interfere. The Court eventually sided with KT, ending the case in its favor, but that wasn’t the end of the matter.

An investigation launched by the police at the time remains ongoing. New reports now show that the raid on KT’s datacenter found that dozens of devices were used in the ‘throttling process’ and they were doing more than just limiting bandwidth.

KT Reportedly Distributed Malware to 600,000 Users

When Webhard users started reporting problems four years ago, they didn’t simply complain about slow downloads. In fact, the main concern was that several Grid-based Webhard services went offline or reported seemingly unexplainable errors. Since all complaining users were KT subscribers, fingers were pointed in that direction.

According to an investigation by Korean news outlet JTBC, the Internet provider actively installed malware on computers of Webhard services. This activity was widespread and effected an estimated 600,000 KT subscribers.

JTBC’s Report

KT malware

The Gyeonggi Southern Police Agency, which carried out the raid and investigation, believes this was an organized hacking attempt. A dedicated KT team allegedly planted malware to eavesdrop on subscribers and interfere with their private file transfers.

“The team consisted of a ‘malware development’ section, a ‘distribution and operation’ section, and a ‘wiretapping’ section that looked at data sent and received by KT users in real time,” a follow-up report from JTBC explains.

The explosive allegation accuses KT of accessing and altering data on users’ computers to limit torrent traffic. Follow-up investigations have yet to get to the bottom of everything, but police have already identified more than a dozen persons of interest, who have been referred to the prosecutor.

Million-Dollar Questions

Why KT allegedly distributed the malware and what it precisely intended to do is unclear. The police believe there were internal KT discussions about network-related costs, suggesting that financial reasons played a role.

To illustrate what’s at stake, a sales manager from one of the Webhard companies said that torrent transfers save them significant bandwidth costs. This peer-to-peer upload bandwidth goes over KT’s network instead, presumably costing the ISP many millions of dollars per year.

KT, meanwhile, maintains that it merely intended to manage traffic on its network, presumably to keep everything running smoothly. Whatever the truth, that plan clearly backfired.

Note: This report is partly based on information translated and provided by a Korean software engineer who prefers to remain anonymous.

The JTBC report


Popular Posts
From 2 Years ago…