KT Corporation (KT), one of South Korea's largest Internet Service Providers (ISPs), is under fire for allegedly installing malware on the computers of its subscribers who use Webhard services, impacting an estimated 600,000 users. This malware was intended to interfere with file-sharing activities, raising significant legal and ethical concerns.
The investigative report by JTBC revealed that KT's actions date back to May 2020, when numerous Webhard services experienced unexplained outages. Users reported a variety of issues, such as the creation of strange folders, hidden files, and complete system malfunctions, particularly affecting those connected via KT's network. The source of these problems was traced back to malicious software embedded within the Grid programs (P2P clients) used by Webhard services, which facilitate peer-to-peer data transfers outside the main server network.
The initial discovery was made by affected software companies, who noticed their Grid services were being targeted by what appeared to be a deliberate attack. According to a software company representative, this intrusion led to significant disruptions: “Users experienced inexplicable errors, and our service was rendered non-functional due to the malware.”
Further analysis by cybersecurity experts confirmed that the malware was designed to hide files and disrupt the normal operation of Grid programs, effectively neutralizing Webhard services. This attack persisted for nearly five months, infecting approximately 60,000 devices per day at its peak.
Police investigation
In a shocking turn of events, a police investigation led by the Gyeonggi Southern Police Agency traced the origin of these attacks to KT's Bundang IDC Center. Evidence suggested that KT had deployed a specialized team tasked with developing and distributing malware, which included real-time surveillance of users' data. This revelation prompted a raid on KT's data centers and the identification of 13 individuals involved, including KT employees and third-party contractors.
KT defended its actions by claiming that the Grid services themselves were malicious, justifying their approach as a necessary measure to control these threats. However, this stance did not mitigate the backlash from both the public and legal experts, who criticized the company's lack of transparency and the invasive nature of its methods.
The ongoing police investigation hints at multiple violations, including breaches of the Telecommunications Privacy Protection Act and the Information and Communications Network Act. Last November, the police forwarded their findings to the prosecution, and supplementary investigations continue as more details emerge.
Impact on KT and customers
KT, formerly known as Korea Telecom, is a major player in South Korea's telecommunications industry, with over 16 million subscribers. This scandal has tarnished its reputation, calling into question its commitment to ethical practices and customer privacy.
Webhard services are a significant part of South Korea's digital landscape, utilizing the Grid system to minimize bandwidth costs. This system, however, has historically clashed with ISPs like KT, who view the high data traffic as a financial burden. Despite a previous legal victory allowing KT to manage network costs by throttling traffic, the transition to deploying malware marks a severe escalation.
As the investigation proceeds, the full extent of KT's actions and their implications will become clearer, but the incident has already highlighted the critical need for robust legal frameworks and ethical standards in managing network security and user privacy.
Active Exploitation of New MOVEit Transfer Auth Bypass Flaw Detected
Leave a Reply