To combat torrent traffic, a South Korean ISP deployed a bold strategy: Infecting 600,000 of its own customers with malware

 A hacker, doing hacking.
Credit: Getty Images

We're certainly no strangers to the Machiavellian schemes of telecom companies in the US, where thanks to the restoration of net neutrality, we've only just recently been able to dodge the nightmare scenario of ISPs being legally empowered to throttle their competitors' traffic. That makes it all the more impressive when companies elsewhere in the world upstage our own constant advancements in corporate skulduggery—companies like KT, a South Korean ISP recently accused of inflicting malware on 600,000 of its own customers.

According to a report from Korean news agency JTBC, users of torrent-based "webhard" services—file storage and transfer platforms that are popular in South Korea—began reporting in 2020 that they were experiencing slow transfers, busted files, and malfunctioning PCs. When one of the webhard providers noticed all the users experiencing issues were KT customers, the company reported the information to Korean law enforcement.

ISPs have waged war against torrent traffic for years. In the US, before those few years where the FCC decided to give things a go without net neutrality (it didn't go well), Comcast earned itself a cease-and-desist in 2008 after throttling BitTorrent transfers. Legal protections and networking advances have seen those efforts subside somewhat in recent years, making it even wilder that Korean police found evidence suggesting that KT was distributing malware to its own customers as punishment for using P2P services.

A follow-up JTBC report describes how, following a search of KT headquarters, it appears that the ISP had formed a team to develop and distribute malware, allegedly "wiretapping" data exchanged between KT subscribers accessing webhard services and interfering with their transfers. While it's difficult to parse out confirmed specifics without any English reporting from JTBC, it seems like KT's explanation for its malware task force is that the team was an attempt to control what it considered "malicious services," and that there were only a few people involved, so who can you even blame, really?

According to the police investigation, the malware squad's operation allegedly followed internal KT discussions about minimizing ongoing networking costs and involved dozens of devices, calling into question just how isolated within the company the operation was. I'm no expert, but if it was me, I'd have maybe tried some IP bans instead?