KT Corporation, a South Korean telecommunications company, was recently accused of deliberately infecting 600,000 of its customers with malware, in retaliation for their use of torrent services.
Torrents are decentralised file sharing services that upload and download files using individual user’s computers as servers, transferring data from peer to peer rather than from a centralised storage system.
They’re often used to share illegal or copyrighted material, as the files are spread across potentially thousands of computers rather than on a single, targetable server location.
The use of torrents themselves is not illegal anywhere in the world, but many countries aggressively shut down torrenting websites that host copyrighted material.
Telecom hacks the system
The cyberattack in South Korea was exposed after Webhard, a cloud service provider in South Korea, received a slew of new user complaints over unexplained errors.
Its Grid Program, which relies on leading torrent application BitTorrent for peer-to-peer file sharing, had been compromised.
“There is a suspicion of a hacking attack on our grid service. It’s very malicious, interfering with it,” an anonymous representative of Webhard said.
Upon investigation, it was discovered the only affected users were customers of KT.
“Only KT users have problems,” the representative said. “What the malware does on the user’s PC is to create strange folders or make file invisible. It completely disables the Webhard program itself. In some cases, the PC itself was also disabled because of it, so we reported it.”
Hack likely violates South Korean law
Police are now investigating the incident, as the installation of malware on customer’s devices without permissions may violate the Protection of Communications Secrets Act and the Information and Communications Network Act.
The investigation continues, but 13 people including KT employees and subcontractors have been charged in connection to the malware attack.
In a news report, KT was quoted as saying it had infected its customers with malware because Webhard’s Grid Service is a malicious program and the company had “no choice but to control it.”
Interestingly, KT and Webhard have been at odds over internet traffic and the resulting fees in the past.
A South Korean court ruled that since Webhard didn’t pay network usage fees to KT for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail, KT was allowed to block network traffic from Webhard.
Instead of simply blocking IP addresses, which is completely legal, the telecom decided to engage in cyberwarfare, attacking its own customers in the process.
It remains to be seen who exactly will be punished for the apparent cybercrime, which was almost certainly financially motivated.