South Korean ISP KT Caught Infecting Torrent Users With Malware

You might recall that “way back” in 2007 Comcast here in the U.S. was caught throttling BitTorrent uploads and subsequently lying about it. Since BitTorrent was popular, hoovering up network resources, and posed a threat to traditional cable TV, Comcast execs thought their best approach would be to make an entire file transfer system less efficient. And then lie repeatedly about it.

17 years later and things are notably different. BitTorrent piracy isn’t as popular thanks to the rise of affordable streaming options. Networks are significantly more robust, and network congestion management is far more intelligent and way less intrusive. The network neutrality debate (and inconsistent rules) have also required ISPs be a bit more transparent about network management.

Which is why it’s all the more weird to see South Korean ISP KT engaging in some historically ignorant behavior. The ISP was recently caught infecting more than half a million of its subscribers with a malware specifically designed to interfere with Torrent traffic and spy on users:

“The Gyeonggi Southern Police Agency, which carried out the raid and investigation, believes this was an organized hacking attempt. A dedicated KT team allegedly planted malware to eavesdrop on subscribers and interfere with their private file transfers…police have already identified more than a dozen persons of interest, who have been referred to the prosecutor.”

The attack took place in May of 2020, and while the investigation is ongoing, it’s presumed that KT was trying to cut down on costs. The source reporting suggests that KT executives viewed BitTorrent (which again can be used for things other than piracy) as malware itself and decided, foolishly, to respond in kind.

While the network usage by piracy is still very manageable on any well-run network, there has been a steady uptick in piracy lately as streaming companies charge more and more money for worse service (humans, if you hadn’t noticed, aren’t great at learning from history or experience). Still, modern network management gear should more than handle the congestion, making the use of malware extreme.

Keep in mind that KT operates in an environment of regulatory capture in South Korea. A few years ago, Korean telecoms convinced gullible regulators to pass a new “sender pays” regulatory framework wherein edge providers and content companies like Google and Netflix are forced to pay telecoms additional fees just to have their traffic successfully reach its destination (consumers).

It’s driven up costs for everyone, and driven some such services, like Twitch, completely out of Korea. It also resulted in KT suing Netflix back in 2021, claiming that the streaming company owed it money simply because the “Squid Game” TV show was so popular. The Internet Society has explained in detail why this approach is terrible for markets and consumers, but that hasn’t stopped ever-greedy telecoms from pushing corrupt lawmakers to implement the same approach in both the U.S. and EU.

When you’re already operating in an environment of limited regulatory accountability, I’d wager you’re not as likely to think that infecting your own subscribers with malware will result in any meaningful repercussions. South Korean law enforcement, apparently, had other ideas.