To combat torrent traffic, the South Korean internet service provider implemented a bold strategy: it infected 600,000 of its customers with malware

We are certainly no strangers to the Machiavellian plans of telecom companies in the US, where, thanks to restoring net neutralityOnly recently have we avoided the nightmare scenario of ISPs gaining legal authority to throttle their competitors’ traffic. It’s all the more impressive when companies from other parts of the world eclipse our steady progress in corporate fraud—companies like KT, the South Korean ISP that was recently accused of infecting 600,000 of its customers with malware.

According to the report from Korean news agency JTBCUsers of torrent-based “webhard” services — file-storage and upload platforms popular in South Korea — began reporting in 2020 that they were experiencing slow transfers, corrupted files, and unresponsive computers. When one of the webhard providers noticed that all of the users experiencing problems were KT customers, the company reported the information to Korean law enforcement.

Internet service providers have been waging war on torrent traffic for years. In the US, before the FCC decided to try without net neutrality a few years ago (it didn’t go well), Comcast has self-imposed a cease and desist order in 2008 after restricting BitTorrent transfers. Legal protections and network advances have caused those efforts to wane somewhat in recent years, making it all the more surprising that Korean police have found evidence suggesting KT was distributing malware to its customers as punishment for using its P2P services.

AND JTBC Supplementary Report describes how, after a search of KT’s headquarters, it turned out that the ISP had put together a team to develop and distribute malware, allegedly “eavesdropping” on data exchanged between KT subscribers accessing webhard services and disrupting their transfers. While it’s hard to piece together the confirmed details without any English language reports from JTBC, it seems that KT’s explanation to its malware task force is that the team was an attempt to control what it considered “malicious services” and that there were only a few people involved, so who exactly is to blame?

According to the police investigation, the malware unit operation was allegedly the result of internal discussions at KT about minimizing ongoing network costs and involved dozens of devices, which calls into question how isolated the operation was within the company. I’m no expert, but if it were me, I might try some IP bans instead?