South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs

Korean news organization JTBC recently discovered through an in-depth investigation that KT Corporation, one of the largest telecom providers in South Korea, deliberately infected over 600,000 users with malware over their use of torrent services.

The issue began in May 2020 when Webhard, a Korean cloud service provider, was inundated with user complaints of unexplained errors. The company discovered that its Grid Program, which relies on BitTorrent peer-to-peer file sharing, had been compromised. An anonymous representative of Webhard said, “There is a suspicion of a hacking attack on our grid service. It’s very malicious, interfering with it.”

Upon further investigation, the company noted that all affected users had KT as their internet service provider. The representative added, “Only KT users have problems. What the malware does on the user’s PC is to create strange folders or make file invisible. It completely disables the Webhard program itself. In some cases, the PC itself was also disabled because of it, so we reported it.”

Police officials acted on the information and discovered it came from KT’s own data center south of Seoul. The authorities say that KT may have violated South Korean laws, including the Protection of Communications Secrets Act and the Information and Communications Network Act. They’ve since identified and charged 13 individuals, including KT employees and subcontractors directly connected to the malware attack last November, but the investigations continue today.

According to the news report, KT said it directly planted the malware on its customers that use Webhard’s Grid Service, as it was a malicious program and that “it had no choice but to control it.” However, the main problem here wasn’t Webhard’s use of the BitTorrent protocol but the installation of malware on customer computers without consent.

Webhard and KT have fought in the past over the latter’s use of its Grid Service. The former says that it’s saving tens of billions of Korean Won by allowing its users to use peer-to-peer services to store and transfer data instead of storing it on its servers. On the other hand, the massive number of Grid Service users is straining KT’s network, and the two companies went to court to resolve the issue.

The judiciary actually ruled in favor of KT. It said that Webhard didn’t pay KT network usage fees for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail. Therefore, it wasn’t unreasonable for KT to block Webhard’s network traffic.

But instead of blocking IP addresses, KT nuked Grid Service users with malware. Unfortunately, most of them were individuals, not businesses or corporations, and they had no idea what was going on.

KT’s move to send and install malware on hundreds of thousands of Grid Service users seems like a financial move, as it likely just wanted to stop them from continually using Webhard’s BitTorrent file-sharing service. But whatever KT’s intentions were, this move led to missing files and damage to customer PCs. Its users were more than just inconvenienced; they likely had to deal with computer problems that stemmed from the company’s actions.