To combat torrent traffic, a South Korean ISP deployed a bold strategy: Infecting 600,000 of its own customers with malware

A hacker, doing hacking.
(Image credit: Getty Images)

We're certainly no strangers to the Machiavellian schemes of telecom companies in the US, where thanks to the restoration of net neutrality, we've only just recently been able to dodge the nightmare scenario of ISPs being legally empowered to throttle their competitors' traffic. That makes it all the more impressive when companies elsewhere in the world upstage our own constant advancements in corporate skulduggery—companies like KT, a South Korean ISP recently accused of inflicting malware on 600,000 of its own customers.

According to a report from Korean news agency JTBC, users of torrent-based "webhard" services—file storage and transfer platforms that are popular in South Korea—began reporting in 2020 that they were experiencing slow transfers, busted files, and malfunctioning PCs. When one of the webhard providers noticed all the users experiencing issues were KT customers, the company reported the information to Korean law enforcement.

ISPs have waged war against torrent traffic for years. In the US, before those few years where the FCC decided to give things a go without net neutrality (it didn't go well), Comcast earned itself a cease-and-desist in 2008 after throttling BitTorrent transfers. Legal protections and networking advances have seen those efforts subside somewhat in recent years, making it even wilder that Korean police found evidence suggesting that KT was distributing malware to its own customers as punishment for using P2P services.

A follow-up JTBC report describes how, following a search of KT headquarters, it appears that the ISP had formed a team to develop and distribute malware, allegedly "wiretapping" data exchanged between KT subscribers accessing webhard services and interfering with their transfers. While it's difficult to parse out confirmed specifics without any English reporting from JTBC, it seems like KT's explanation for its malware task force is that the team was an attempt to control what it considered "malicious services," and that there were only a few people involved, so who can you even blame, really?

According to the police investigation, the malware squad's operation allegedly followed internal KT discussions about minimizing ongoing networking costs and involved dozens of devices, calling into question just how isolated within the company the operation was. I'm no expert, but if it was me, I'd have maybe tried some IP bans instead?

Lincoln Carpenter

Lincoln spent his formative years in World of Warcraft, and hopes to someday recover from the experience. Having earned a Creative Writing degree by convincing professors to accept his papers about Dwarf Fortress, he leverages that expertise in his most important work: judging a video game’s lore purely on the quality of its proper nouns. With writing at Waypoint and Fanbyte, Lincoln started freelancing for PC Gamer in Fall of 2021, and will take any excuse to insist that games are storytelling toolkits—whether we’re shaping those stories for ourselves, or sharing them with others. Or to gush about Monster Hunter.