Korean internet provider infects users with malware stopping torrent use

In a bizarre attempt to fight online piracy, KT, the major telecommunications network operator in South Korea, hacked 600,000 of its customers’ devices and infected them with malware. The planted code was supposed to interfere with BitTorrent traffic.

According to a report by JTBC, a South Korean nationwide television network, users of online file hosting and sharing services have complained about unexplained errors since May 2020, such as creating strange folders, hiding files, and completely disabling the software.

The issues only affected KT subscribers, often those who used “Web Hard Drive” services. This popular service in South Korea allows files to be kept in the cloud and requires no physical setup. It predates modern cloud storage solutions. BitTorrent-enabled “Grid System” technology allows peer-to-peer transfers, bypassing the centralized infrastructure while also increasing the load on the telecom’s network.

Analysis revealed that malware had been planted to interfere with torrenting. In a month, it affected more than 600,000 users. Users had no way of avoiding this compromise, and the hacking continued for nearly five months in 2020.

KT itself argues that the code targeted a service that “itself is a malicious program,” so it had no choice but to control it.

Gyeonggi Southern Police Agency, which raided KT's data center and headquarters, is investigating whether KT may have violated the Communications Secrets Protection Act and the Information and Communications Network Act. Allegedly, the dedicated team at KT may have eavesdropped on subscribers and interfered with their network activity.

In total, 13 KT employees and partners have been referred to prosecution. During the four-year investigation, the company's CEO eventually left KT.

Before hacking began in 2020, KT was previously caught throttling BitTorrent traffic, which led to lawsuits. KT based its hacking actions on the previous court ruling that blocking “Web Hard” traffic was “not unreasonable.”

Meddling with this traffic was in KT’s financial interests as it maintained its revenues by forcing users to rely on centralized services rather than peer-to-peer transfers or reduce costs due to lower loads on the network.