South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs

KT Corporation logo on building
(Image credit: JTBC)

Korean news organization JTBC recently discovered through an in-depth investigation that KT Corporation, one of the largest telecom providers in South Korea, deliberately infected over 600,000 users with malware over their use of torrent services.

The issue began in May 2020 when Webhard, a Korean cloud service provider, was inundated with user complaints of unexplained errors. The company discovered that its Grid Program, which relies on BitTorrent peer-to-peer file sharing, had been compromised. An anonymous representative of Webhard said, “There is a suspicion of a hacking attack on our grid service. It’s very malicious, interfering with it.”

anonymous interview

(Image credit: JTBC)

Upon further investigation, the company noted that all affected users had KT as their internet service provider. The representative added, “Only KT users have problems. What the malware does on the user’s PC is to create strange folders or make file invisible. It completely disables the Webhard program itself. In some cases, the PC itself was also disabled because of it, so we reported it.”

Police officials acted on the information and discovered it came from KT’s own data center south of Seoul. The authorities say that KT may have violated South Korean laws, including the Protection of Communications Secrets Act and the Information and Communications Network Act. They’ve since identified and charged 13 individuals, including KT employees and subcontractors directly connected to the malware attack last November, but the investigations continue today.

According to the news report, KT said it directly planted the malware on its customers that use Webhard’s Grid Service, as it was a malicious program and that “it had no choice but to control it.” However, the main problem here wasn’t Webhard’s use of the BitTorrent protocol but the installation of malware on customer computers without consent.

Webhard and KT have fought in the past over the latter’s use of its Grid Service. The former says that it’s saving tens of billions of Korean Won by allowing its users to use peer-to-peer services to store and transfer data instead of storing it on its servers. On the other hand, the massive number of Grid Service users is straining KT’s network, and the two companies went to court to resolve the issue.

The judiciary actually ruled in favor of KT. It said that Webhard didn’t pay KT network usage fees for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail. Therefore, it wasn’t unreasonable for KT to block Webhard’s network traffic.

South Korean court ruling on Webhard-KT Case

(Image credit: JTBC)

But instead of blocking IP addresses, KT nuked Grid Service users with malware. Unfortunately, most of them were individuals, not businesses or corporations, and they had no idea what was going on.

KT’s move to send and install malware on hundreds of thousands of Grid Service users seems like a financial move, as it likely just wanted to stop them from continually using Webhard’s BitTorrent file-sharing service. But whatever KT’s intentions were, this move led to missing files and damage to customer PCs. Its users were more than just inconvenienced; they likely had to deal with computer problems that stemmed from the company’s actions.

Jowi Morales
Contributing Writer

Jowi Morales is a tech enthusiast with years of experience working in the industry. He’s been writing with several tech publications since 2021, where he’s been interested in tech hardware and consumer electronics.

  • razor512
    Were they uploading malware files disguised as various other files, or did they find a way to inject malware into an otherwise safe torrent download?
    Reply
  • 35below0
    "The judiciary actually ruled in favor of KT. It said that Webhard didn’t pay KT network usage fees for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail. Therefore, it wasn’t unreasonable for KT to block Webhard’s network traffic."

    Malware is bad for everyone. :/

    Retaliating by spreading malware is cartoon villain level of planning and execution.
    Reply
  • TheOtherOne
    When it's the ISP itself, they have probably hundreds of different ways to send malware to their users. It doesn't have to be attached to a TORRENT file.
    Reply
  • Sluggotg
    Gee, there's an ISP I would love to use...... I wonder if people are going to be smart enough to Permanently ditch that ISP and demand Jail Time for Senior Management? How can any business think that is OK to do?
    Reply
  • Grobe
    Sluggotg said:
    How can any business think that is OK to do?
    Maybe because battery manufacturers have far greater issues and this "little incident" is getting hidden behind the shadows - my speculation
    Reply
  • CmdrShepard
    ISP sends malware to hundreds of thousands of customers to stop them from using a file-sharing service.
    How is that even legal?

    1. People are paying for your ISP service
    2. You don't invest in expanding your network capacity (probably shower shareholders and CxOs with money instead)
    3. Instead of sending notices and disabling access if you really can't be arsed to implement proper network congestion management you infect customers with malware?!?


    Like, they should be out of business yesterday. Closed, sold for scrap, and all executives who approved or knew about this sent straight to jail.
    Reply
  • Grobe
    Ok, I read the article and I'm left with some (maybe non-relevant) questions

    Does the ISP take this action for all kind of torrent or only those used by a specific service/software ?

    When searching online for "Webhard's Grid Service" - I only get search results assuming this is in fact a local electric grid, no search results indicates any form for torrent services. What gives? Very different local name that doesn't appear unless using Korean search engines ?
    Reply
  • derekullo
    Moral of the story is to use a sandboxed computer for downloading torrents.
    Reply
  • USAFRet
    derekullo said:
    Moral of the story is to use a sandboxed computer for downloading torrents.
    All comes through the same IP address, which is what the ISP knows about and controls.
    Reply
  • hotaru251
    CmdrShepard said:
    How is that even legal?
    different country have different rules over what can be done.
    That wouldnt fly in states but may not be agaisnt law in korea (idk korean law)
    Reply