Internet service provider Korea Telecom, now known simply as KT, has been caught infiltrating hundreds of thousands of its subscribers' computers. According to TorrentFreak, KT installed malicious software on the PCs of clients who preferred downloading files via torrents. This software could block torrent traffic, disrupt torrent clients, and monitor users.
Investigations revealed that KT had been implanting this dangerous software on subscribers' PCs for several years. There’s a clear understanding of why they targeted torrent enthusiasts specifically. In the past, such services created significant load on networks when bandwidth was not as extensive as it is now, and streaming services were non-existent. Providers sought various ways to limit torrent traffic (Russian mobile operators still do this) to avoid overloading their communication channels. It remains to be hoped that providers in other countries do not follow KT's example.
Currently, TorrentFreak reports that torrent network traffic occupies a minimal portion of overall data flow. However, in South Korea, as in Russia, torrents remain very popular, and KT continues its battle against torrent users.
The Judge Might Have Erred
KT distributed malicious software exclusively among torrent users, seemingly to block the corresponding traffic. The duration of this practice is unclear, but in 2020, the provider was already sued for forcibly blocking torrents. At that time, there was no information about the covert installation of blocking malware, and KT won all legal battles, explaining that it restricted torrent traffic to reduce infrastructure costs.
In Korea, torrent enthusiasts prefer local file-sharing services like Webhard (also known as Web Hard Drive), which have their own applications. In 2020, users of such services began reporting application failures and error messages. An investigation initiated by the police and concluded with KT's court victory was continued by the Korean news agency JBTC. Journalists discovered that all the errors and crashes of applications like Webhard, which users complained about, were caused by the malicious software that KT actively installed on its subscribers' computers.
These journalists also estimated the number of affected individuals to be around 600,000. It is possible that the actual number is significantly higher, as KT is a very large provider with a subscriber base of about 16 million people across South Korea – roughly a third of the country's population as of 2024.
Police Are Taking It Seriously
Investigators who handled the case against KT in 2020, having received new evidence of the provider's guilt, now classify its actions as an organized attempt to hack user equipment. The police believe that KT had a dedicated team responsible for spreading malicious software, which not only blocked torrent traffic but also monitored everything users did online.
"The team consisted of a 'malware development' section, a 'distribution and exploitation' section, and a 'surveillance' section that monitored data sent and received by KT subscribers in real-time," states the JBTC report.
The investigation is still ongoing, but the police have already identified more than 10 potential suspects – their details have been sent to the prosecutor's office. These include employees of both the provider and external companies partnering with KT.
Searches were also conducted at KT's headquarters and data center, with some property confiscated. Investigators believe that the provider violated at least two South Korean laws – the Communications Privacy Protection Act and the Information and Communications Network Act.
KT representatives have yet to comment on the new accusations against the provider.