Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Piracy Security

South Korean ISP 'Infected' 600,000 Torrenting Subscribers With Malware (torrentfreak.com) 21

An anonymous reader quotes a report from TorrentFreak: Last week, an in-depth investigative report from JBTC revealed that Korean Internet provider KT, formerly known as Korea Telecom, distributed malware onto subscribers' computers to interfere with and block torrent traffic. File-sharing continues to be very popular in South Korea, but operates differently than in most other countries. "Webhard" services, short for Web Hard Drive, are particularly popular. These are paid BitTorrent-assisted services, which also offer dedicated web seeds, to ensure that files remain available.

Webhard services rely on the BitTorrent-enabled 'Grid System', which became so popular in Korea that ISPs started to notice it. Since these torrent transfers use a lot of bandwidth, which is very costly in the country, providers would rather not have this file-sharing activity on their networks. KT, one of South Korea's largest ISPs with over 16 million subscribers, was previously caught meddling with the Grid System. In 2020, their throttling activities resulted in a court case, where the ISP cited 'network management' costs as the prime reason to interfere. The Court eventually sided with KT, ending the case in its favor, but that wasn't the end of the matter. An investigation launched by the police at the time remains ongoing. New reports now show that the raid on KT's datacenter found that dozens of devices were used in the 'throttling process' and they were doing more than just limiting bandwidth.

When Webhard users started reporting problems four years ago, they didn't simply complain about slow downloads. In fact, the main concern was that several Grid-based Webhard services went offline or reported seemingly unexplainable errors. Since all complaining users were KT subscribers, fingers were pointed in that direction. According to an investigation by Korean news outlet JBTC, the Internet provider actively installed malware on computers of Webhard services. This activity was widespread and effected an estimated 600,000 KT subscribers. The Gyeonggi Southern Police Agency, which carried out the raid and investigation, believes this was an organized hacking attempt. A dedicated KT team allegedly planted malware to eavesdrop on subscribers and interfere with their private file transfers. [...] Why KT allegedly distributed the malware and what it precisely intended to do is unclear. The police believe there were internal KT discussions about network-related costs, suggesting that financial reasons played a role.

This discussion has been archived. No new comments can be posted.

South Korean ISP 'Infected' 600,000 Torrenting Subscribers With Malware

Comments Filter:
  • Costs (Score:5, Interesting)

    by Bert64 ( 520050 ) <bert@NOSpaM.slashdot.firenzee.com> on Tuesday June 25, 2024 @05:32PM (#64578085) Homepage

    Since these torrent transfers use a lot of bandwidth, which is very costly in the country, providers would rather not have this file-sharing activity on their networks.

    If users weren't downloading files from torrents, they would download them from somewhere else instead so you'd not reduce bandwidth usage, just redistribute it.

    On the other hand if things are properly setup on the ISPs end as well as the torrent users, the torrent downloads will prefer local peers so the traffic stays within the ISP's network instead of using international transit - so it actually saves them money.

    KT seem to have a low level of IPv6 deployment, and probably put a lot of users behind NAT which prevents the users from peering with each and forces them to connect to other peers (usually foreign ones), so this could well be a problem of their own making.

    • by rsilvergun ( 571051 ) on Tuesday June 25, 2024 @08:10PM (#64578457)
      South Korea has famously fast internet. They have extremely modern infrastructure. There's absolutely no reason for bandwidth to be expensive in that country or frankly any country that isn't the Himalayas.

      This is about artificially constraining supply in order to keep prices high so you can bleed people dry. When you take something that should be a public utility because it's universally desirable and let a handful rich ghouls skim 20 or 30% off the top of it you're going to get situations like this.

      And South Korea is corrupt as fuck. Remember Gangnam style? That was about ultra ultra ultra Rich South Koreans. South Korea has basically an entire social class of the kind of scum that make up our Kardashians. And they are not nice people. This is exactly the sort of nasty little parasitic scam they would be all over
      • by Bert64 ( 520050 )

        The local infrastructure is fast and cheap, but international capacity requires undersea cables which are expensive to build and maintain. When the locals can easily get a 10GB fibre connection at home, this puts a lot of strain on the available international capacity.

        It costs nothing for the ISP to route traffic between their own customers, and very little for them to route traffic domestically to users of other ISPs if they're willing to peer. It costs a lot more to route traffic across the congested and

        • Am on a 1gbps fibre connection.

          With a proper public IPv4 / v6.

          When I used to torrent, most of my highest speed connections were on connections within my country, although there were some good speed connections from countries a few 1000s of kms away, but they were kind of rare.

          Been a few years since I did torrenting actively, but I imagine it still works the same.

          • by Bert64 ( 520050 )

            Yes, it works the same way, but...

            To get public ipv4 you usually need to be in a developed country using an incumbent provider who acquired large ipv4 blocks years ago and is no longer growing their customer base, or pay extra for it.

            If you do get public ipv4, chances are you will only get one which means that:
            a) the torrent client needs to somehow work out the public address to tell other peers
            b) you have to configure a forwarded port

            You can get public ipv4 with a dedicated (paid) seed box, but none of tho

        • As an American I rely on the exact same international underwater cables. And I know from SEC filings from major internet providers that it costs them around 20 bucks a month total, including support, to provide my internet service I pay $120 a month for.

          You're being taken advantage of. And you're actually sitting there going out of your way to defend the people ripping you off. I cannot imagine a more desirable outcome for a business
          • by Bert64 ( 520050 )

            Unless you're in Hawaii or Puerto Rico you rely on those cables a lot less, because more content and users are domestically in the US.
            Users in the US are also less likely to be stuck behind CGNAT, so you have far more local peers for p2p downloads.
            You also have overland links to canada/mexico, which south korea does not have since the only land border they have is with the dprk.

            The $20 figure is an average cost, for every heavy torrent downloader there will be a number of very light users.

            The services are a

        • 25 Gbps, 10 Gbps is ok pricewiwe nowadays, you can split it up to 2.5 Gbps internally since it is easy to get 2.5Gbps cheap. This of course depends on your usage last year I installed three dark fibre lines plus up links at max 25 Gbps, if you need it it really is cheap even over +30km. I easily saturated +25 Gbps out from that network.

          This equipment can be had second hand so if you need it or want to play with it now is the time to start building. ISPs are a bit slow upgrading their infra so it was impossi

          • by Bert64 ( 520050 )

            I'm talking about home user equipment, switches, network cards etc.
            The 2.5gbps stuff is starting to become affordable, 1gbps equipment is cheap and widely available but 10gbps still carries a hefty premium.

            I can get a usb to 1gbps ethernet adapter for $10, whereas a 10gbps adapter is going to be $200+. A 24 port 1gbps switch can be had for under $100, yet even the cheapest 8 port 10gbps switch is 200+.

  • Checksums are your friends.

  • In this case a criminal enemy. I sure hope people that made the decision to hack IT systems not their own will go to prison.

  • The only way for them to squeeze more money out of their users without doing anything but removing the throttle on the bandwidth.
    Japanese ISPs like Sony's Sonet do exactly the same thing.

  • by Anonymous Coward

    in everything we do, babe...

  • How exactly did they got the malware installed on the users PCs? Must have been a pretty widely available vulnerability. Is that patched?
    • by larwe ( 858929 )
      Maybe not. People are vulnerable to trusting the wrong authority figures. If your ISP says "please download this tool that will do some handy things" a lot of end-users might do that.
    • They used Windows of course :-)
  • Maybe I've just not enjoyed enough arrogant plutocratic impunity; but why would you do something that is a bunch of felonies(unless South Korea differs markedly from basically every other jurisdiction where computers are economically relevant) to reduce the amount of traffic certain systems are generating when you own the network? All manner of ways to stop or throttle traffic you don't feel like dealing with while confining your adjustments purely to systems you have administrative authorization for.

Each new user of a new system uncovers a new class of bugs. -- Kernighan

Working...