News South Korean telecom company attacks torrent users with malware — over 600,000 people report missing files, strange folders, and disabled PCs

[Admin]

Korean telecom company KT Corporation sent malware to its subscribers who use Webhard's Grid Service peer-to-peer sharing program to hide their files and stop them from using the service.

South Korean telecom company attacks torrent users with malware — over 600,000 people report missing files, strange folders, and disabled PCs : Read more

 

[razor512]

Were they uploading malware files disguised as various other files, or did they find a way to inject malware into an otherwise safe torrent download?

 

[35below0]

"The judiciary actually ruled in favor of KT. It said that Webhard didn’t pay KT network usage fees for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail. Therefore, it wasn’t unreasonable for KT to block Webhard’s network traffic."

Malware is bad for everyone. :/

Retaliating by spreading malware is cartoon villain level of planning and execution.

 

[TheOtherOne]

When it's the ISP itself, they have probably hundreds of different ways to send malware to their users. It doesn't have to be attached to a TORRENT file.

 

[Sluggotg]

Gee, there's an ISP I would love to use...... I wonder if people are going to be smart enough to Permanently ditch that ISP and demand Jail Time for Senior Management? How can any business think that is OK to do?

 

[Grobe]

How can any business think that is OK to do?

Maybe because battery manufacturers have far greater issues and this "little incident" is getting hidden behind the shadows - my speculation

 

[CmdrShepard]

ISP sends malware to hundreds of thousands of customers to stop them from using a file-sharing service.

How is that even legal?

1. People are paying for your ISP service
2. You don't invest in expanding your network capacity (probably shower shareholders and CxOs with money instead)
3. Instead of sending notices and disabling access if you really can't be arsed to implement proper network congestion management you infect customers with malware?!?

[Profanity removed by Moderator]

Like, they should be out of business yesterday. Closed, sold for scrap, and all executives who approved or knew about this sent straight to jail.

 

[Grobe]

Ok, I read the article and I'm left with some (maybe non-relevant) questions

Does the ISP take this action for all kind of torrent or only those used by a specific service/software ?

When searching online for "Webhard's Grid Service" - I only get search results assuming this is in fact a local electric grid, no search results indicates any form for torrent services. What gives? Very different local name that doesn't appear unless using Korean search engines ?

 

[derekullo]

Moral of the story is to use a sandboxed computer for downloading torrents.

 

[USAFRet]

Moral of the story is to use a sandboxed computer for downloading torrents.

All comes through the same IP address, which is what the ISP knows about and controls.

 

[hotaru251]

How is that even legal?

different country have different rules over what can be done.
That wouldnt fly in states but may not be agaisnt law in korea (idk korean law)

 

[Kondamin]

Gee, there's an ISP I would love to use...... I wonder if people are going to be smart enough to Permanently ditch that ISP and demand Jail Time for Senior Management? How can any business think that is OK to do?

South Korea is a Weird corporation run nation that functions like a medieval kingdom of serfs and lords but with a veneer of democracy.

Stunningly modern and brilliant on the surface but everyone is miserable and no one is having kids.

 

[BlueAether]

Moral of the story is to use a sandboxed computer for downloading torrents.

Not really if they were using a distributed file system (this is how it reads to me) that happens to use BT

 

[Findecanor]

I worked for a number of years as a software developer on file-sharing software used for legal video streaming. (The company is now defunct)
We considered our solution a win for telecom operators compared to centralised hosting because it kept most connections local between peers on the operators' networks instead of crossing network boundaries. That way, an operator wouldn't have to to pay as much in transit fees to other operators.
That makes me wonder why KT didn't approve of Webhard.

Does Webhard have flaws that made it burden the network more than it should have?
Is KT simply so large that there wouldn't have been any transit fees to save on anyway?

From a translation of the Korean Wikipedia page for "Webhard", it looks as if KT would also have its own competing service called "KT Mstorage".
That makes the motives behind the malware even more suspicious in my book.

 

[abufrejoval]

Hmm, vendor fighting users who dare to use things the way they want: where have I seen that before?

So Windows upgrade refuseniks or Co-Plot resisters take heed: this is how it might escalate!

 

[Moonstick2]

The police are investigating and arresting people from KT, and the company's line seems to be "two wrongs make a right, don't they?"

So I'm pretty sure this is illegal.

 

[dk382]

different country have different rules over what can be done.
That wouldnt fly in states but may not be agaisnt law in korea (idk korean law)

If you read the article, you'll see that it definitely is not legal in Korea either. The ISP broke the law by installing malware on people's computers and they're facing the consequences.

 

[TechyIT223]

The police are investigating and arresting people from KT, and the company's line seems to be "two wrongs make a right, don't they?"

So I'm pretty sure this is illegal.

This!

 

[wr3zzz]

KT is basically the equivalent of Verizon+Specturm in NY. There are other ISP but it's the default fixedline broadband for almost all South Korean.

Webhard is owned by LG Dacom, the largest ISP competitor to KT. Since most people in South Korea uses KT for broadband it sounds like LG Dacom sold Webhard as an online storage service but uses torrent to offload capital and tranmission costs to KT's infrastructure. I don't know for sure but the Webhard "service" in question sounds very much like the notorious Xunlei from China. I personally would have problem with Webhard broadcasting my personal data to torrent if they sold me the service as my personal cloud storage but I am guessing the service is priced cheaply to appeal to online pirates. I bet the KT people who designed the malware didn't think they were pushing malewere but rather they were crippling an illegal torrent service akin to thepiratebay, rarbg etc. I personally uses a qBittorrent fork that blocks out all Xunlei users. Compliance training has never been an emphasis in South Korean coporate culture but following orders is paramount. The likely outcome is that some low level engineers will be paying the price for following orders. The senior guy who gave the order will probably be off the hook because the order was likely phrased to stop illegal torrents on KT infrastucture but hinted clearly at Webhard to his underlings as the order got passed down.

 

[Pei-chen]

It’s South Korea and KT’s biggest shareholder is the government. Good luck getting to the one that ordered this

 

[Amdlova]

It's hard to be a pirate today...

 

[spartaman64]

this is why SKT is better than KT rolster

 

[derekullo]

All comes through the same IP address, which is what the ISP knows about and controls.

Right and so if you only use Gridsource on a sandboxed computer and that computer gets nuked by KT then only your sandboxed computer is nuked.

This is 2001 Kazaa level security measures!

"According to the news report, KT said it directly planted the malware on its customers that use Webhard’s Grid Service, as it was a malicious program and that “it had no choice but to control it.”"

Or am I missing something?

 

[USAFRet]

Right and so if you only use Gridsource on a sandboxed computer and that computer gets nuked by KT then only your sandboxed computer is nuked.

And you think they wouldn't do this to the other systems in your LAN?

 

[derekullo]

And you think they wouldn't do this to the other systems in your LAN?

I'm just reading what the article says.

"According to the news report, KT said it directly planted the malware on its customers that use Webhard’s Grid Service, as it was a malicious program and that “it had no choice but to control it.”"

If your computer doesn't have Webhard’s Grid Service installed then there is no malicious program to "control".

It's possible they are blanket attacking everyone with even a hint of Grid Service, but the article doesn't say that.