South Korean telecom company attacks torrent users with malware

Unsurprisingly, terrible Korean internet strikes again. ISPs try to charge companies insane fees because customers want to connect to their servers. Company decides to use peer-ro-peer instead so the ISP starts installing spyware on customer computers.

Makes me wonder where this myth of "good Korean internet" even came from if everything ends up so bandwidth constrained. Is it because all the customers and services are in the same city so it appears low latency?

I hope everyone involved in this catches criminal charges, all the way up the chain. Completely unacceptable behavior.

>Police officials acted on the information and discovered it came from KT’s own data center south of Seoul. ... They’ve since identified and charged 13 individuals, including KT employees and subcontractors directly connected to the malware attack last November,...

I'm actually very impressed. If this happened in the US, the police wouldn't care about it at all, and would just tell everyone affected that "it's a civil matter" and they'll have to file a lawsuit if they don't like it.

South Korea information technology (as distinguished from hardware-related technology) is unbelievably bad. Much of it is purely technical: domestic firms like Naver are simply not as good as global incumbents like Google, but also they are terrible compared to other regional players (The Kakao chat app is vastly inferior to Zalo, a Vietnamese chat app). However, just as much is due to poor cultural and interpersonal decisions. This news case highlights such a cultural factor.

Note that KT, while relatively recently privatized, is still a national corporation that is considered a critical national asset under the law (thus if the North attacks, KT towers are first priority to be protected by the South's military). So, it is not as if some rogue SME infected its users with malware; it's a national corporation infecting its users over and not even be sorry about it (as in the article).

Plenty of other comments detail the strange Active X requirement: The national law had dependency on Internet Explorer/Active X. (I do not know of any developed nation having a national legal dependency on a specific corporation's consumer technology at this scale.) Also, many comments on South Korea's purportedly great infrastructure (albeit two decades ago). There is more to this.

Interestingly, if you ask an average Korean, he would say Korea is literally the best nation in IT/internet technology, topping or at least on par with the US. The national propaganda effort that went into forming this collective conscious should not be understated. Even many of the top programmers in South Korea I met strongly believe in this superiority. I wonder if this strong sense of superiority is both (1) preventing SK from improving its actually-lagging tech and (2) act in Dostoevskian-Raskolnikov manners thinking that it is above the law and consensus ("the best can break the rules and set new ones"). Whatever the underlying reason may be, there is a serious techno-cultural issue going on in the country.

One of the biggest banks in South Korea blacklisted Amazon as a financial scammer because it's Prime subscription renews monthly and customers complained after seeing the renewal charge on their credit cards. The ban was national -- no customer of this bank could buy a product from Amazon unless he calls the bank personally and ask the charge to be approved. Again, the issue wasn't technical. It was cultural.

Did they exploit a vulnerability or MITM the traffic somehow?

Edit: While looking for an answer, I ran across this article. Apparently they've been fighting for a while (2015):

https://www.opennetkorea.org/en/wp/1529

South Korean internet had been one of the best and fast network in the world; especially up to the point before KT was privatized. After privatization, three internet service providers have been focusing on exploiting profits, not on making better and faster network infrastructure because they don't have to.

The title is very clickbaity. These are not users downloading torrents in the normal sense. It's users that are using a specific piece of software that happens to utilize the BitTorrent protocol.

Unfortunately, it's not explained in the article how the malware was actually sent to users. I wonder how they did it.

KT built fiber connection here in Poland ~15y ago. Project was made in a large part of the country, strongly subsidised and thought as a backbone for other ISPs. 4k km of fiber underground and multiple nodes.

Project is now being nationalised as kt: - didn't pay subcontractors. Many of them went bankrupt - offered prices so large, that other isps would rather create their own infra than use theirs - abandon the project totally Of course i shouldn't put this under KT's name, as they used a subcompany - SungGwang - for all the dirty stuff.

So, fast forward: we laid a new infra parallel to this one in many cases and that one lays in the ground and rots.

Hell Joseon strikes again.

For context, the legal situation of network usage in South Korea is something akin to Ajit Pai's wet dream. Network operators are legally empowered to charge troll tolls on both ends of any connection they want. Infrastructure costs are to be borne by literally anyone BUT the network operators.

To compound this, South Korea is economically an authoritarian hellscape. Large megacorporations[0] own everything and the government is just a clearinghouse and mediator for their interests. Corruption is so rampant that even administrations run by ardent anti-corruption activists wind up being toppled by rampant and widespread corruption.

I guarantee you that not one SK Telecom executive will spend time behind bars for this blatantly illegal conduct. Anyone with the power to put people behind bars in South Korea will be unmade if they touch a chaebol.

[0] These are specifically called chaebols and the group includes LG, Hyundai, Samsung, Lotte, and a few others. Japan used to have something similar, but they ate their rich... and then brutally invaded and colonized half of East Asia.

MITM by ISP and the government! Even SK constitution said it is illegal. but they don't give a damn about it.

They are scanning SNI field and manipulate packet to prevent user visit certain sites.

Reminds me a lot of the telecom situation in the US. There are lots of people who e.g. hate Comcast but basically have no choice in their area if they want broadband. Granted, a malware attack, is another level of terrible, but isn't it "interesting" how pseudo-monopolists seem to be resistant to meritocratic forces?

How exactly was the malware deployed?

> The judiciary actually ruled in favor of KT. It said that Webhard didn’t pay KT network usage fees for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail

Huh? The users are paying for their network, so they should be free to do with it as they wish. How is Webhard involved in this discussion? This is something the ISP may wish to discuss with its users, if the ISP feels the users are consuming more than they paid for.

Facinating to see the same game played across nations, technologies, and time: https://slate.com/technology/2010/02/the-little-told-story-o...

Just charge them 250 a head for the equivalent for analysis and remediation should only cost about 150M usd plus about 10-20M to administer. Liquidate the executives holdings including stock then the companies assets and it will never ever happen again.

As a former resident of Russia, I'm not the least bit surprised. The practice of implementing parasitic scripts there began in 2014, and to date has been continued at the level of the largest provider as well as the monopoly owner of international channels (Rostelecom).

Good luck to the believers that someone there will be punished for this. For everyone else, switch to encrypted protocols.

Not best Korea anymore.