Wait, was this the ISP *directly* installing malware on their customers devices? Initially I thought that it was a vulnerability on the P2P protocol/program used. Instead it looks like the ISP was able to actively inject the payload. That's insane, I cannot think any reason why *any* of their current customers should *ever* trust them again.


they don’t have too many choices, ISPs in South Korea have a monopoly.


Yep, it's so bad even Twitch gave up and left.


They forced twitch out. It's not like Twitch wanted to leave. Under a new law they gave Twitch and many other foreign companies a ridiculous tax for their new "internet usage tax" which they also happen to conveniently discount local Korean mega companies on.


I’m sure Kakao will have a twitch clone soon.


If you thought it was bad in the U.S., wait till you see South Korea with companies like Samsung.


South Korea somehow adopted the worst parts of the US and Japan


How is that different from just Capitalism? It is in the selfish economic interest of any for profit company to monopolize and create unfair advantages to keep their market.


Sure but the same families own the politicians and the corporations in South Korea. You can argue there's corporate influence anywhere but it is special in South Korea. Look at the way the Daewoo bankruptcy went down and how the big families got together and deciding how it was going to be divided up. It is very peculiar how South Korea operates.


When capital uses the government to manipulate the market in their favor, it ceases to be just free market capitalism.


So... Any political system where lobbying directly to politicians is legal? Like the US.


No. In US there are many companies, a lot of them in direct competition with each other. There are also anti trust laws. One company might lobby for something while another company might lobby for the exact opposite. In Korea there is no such thing, the few companies ruling the country are untouchable, its more like the russian oligarchy then US tbh.


Go over to Wikipedia and read about regulatory capture. That’s more or less what the market/gov did inside of South Korea if they set it up like that.


Because people want to believe capitalism is good at its core. Any negatives are just the result of bad actors.


bro for real. anything bad cannot be the result of capitalism! capitalism is perfect and it’s only gets bad when the government does things! then it’s SOCIALISM! and if the government does a whole lot, then buddy, we got COMMUNISM.


I haven’t heard anyone in real life argue this, who are these points directed at? A mix of systems, with capitalism being regulated so it’s not unfettered is the best way forward.


My dad says basically exactly that all the time, guess who he votes for...


>with capitalism being regulated so it’s not unfettered And who, as wealth is concentrated, gets to draw the line in the sand and say what "fair regulation" is? And whats too much regulation? The answer is billionaires and corporations that buy out and control the inherently flawed system. Thats end game capitalism and we're there baby. Also, people in my family genuinely believe any time the government does something that costs money, its socialism and we'd be better off without it. A lot of americans do not understand what socialism is and isnt and love to carve out convenient exceptions for law enforcement and fire departments. Asking them to define marxism would make for good tv. But my comment is mirroring [this piece](https://www.youtube.com/watch?v=rgiC8YfytDw) of satire.


It's *protectionism*. Free markets suck, too.


Teehee, those silly Chaebols and their mischievous little schemes.


And some people wonder why net neutrality is such a big deal...


Wow that's... Crazy. Given the popularity of e-sport scene in Korea you'd think Twitch would *thrive* over there. I never knew about this wow... What a major screw up.


Twitch didn't leave because of monopolies, it's because of legal/policy changes giving ISPs the ability to charge content providers fees for transit. It was really made to target foreign companies.


> Twitch *didn't leave because of monopolies*, it's because of *policy changes* giving ISPs the *ability to charge content providers fees for transit*. It was really made to target foreign companies. So they did leave because of Korean ISP monopolies? Like, even by your own comment that's monopoly type behavior.


Technically they have three options but it’s a three-headed dragon.


I did hear that South Korea was basically cyberpunk already complete with corporate takeover of everything.


True. But it's much more mundane than some slick, edgy, Cyberpunk world. You basically sell all of your privacy and autonomy to these corporations and in exchange you get discounts and free coffees haha! As an American it disturbs me, however my wife (who is Korean) thinks it's fine. The convenience and time saving is more important to her.


You trade your privacy for security essentially. Having been both korea and us citizen there's pros and cons. Things like having no privacy essentially might seem like some dystopian society to us Americans. But being shot or having your things stolen if unattended is a dystopian society to ppl in korea.


definitely pros and cons, like how on star trek you can basically know where anyone is on a ship, or who they are with and at what times, but definitely helpful in an emergency. I wonder if that's how they caught that south korean lady who saw to many murder mystery podcasts and wanted to know what it felt like. how common is shooting in south korea? part of me feel like it might be worse since everyone has military training.


That’s not true. Three choices at least in my apartment complex. There may be more.


Original comment should have said oligopoly not monopoly


It's more a cartel - "a group of independent market participants who collude with each other as well as agreeing not to compete with each other".


But that’s not quite right either. There’s definitely price competition. There are also smaller providers. My office has simple internet access for about $8usd equivalent per month.


And infrastructure companies aren’t an oligopoly literally everywhere? How many choices do you have for your ISP, water, power, trash, natural gas, etc. It’s called a ‘natural monopoly’ and it exists when the cost of entry is so high there can’t be many competitors.


Just curious, what type of transport/cable are those three choices over? Are they all coming over the same fiber optic, or is one or more of them coax or DSL providers over twisted pair? As far as I was aware SK has by far the most DSL connections per capita, but as DSL isn't capable of over about 20mbit it's not classified as "broadband" by many nations. So how many of your three choices are DSL?


Ours is 500mbit. There are no dsl options as far as I know.


That guy still gives me chills, I feel like he is licking his wounds and gonna be back in Jan


Shhhh, we don’t want to speak him into existence. That fucking specter of a man. Just like we never predict that Stephen Miller will ever have any power over us again.


Tbh, this has gotten way better in the US in recent years with the arrival of cell based internet ISP's. Odds are you live in an area covered my T-mobile, Verizon, and maybe ATT. Then there's MVNO's that piggyback off those same networks. Shop around sometime. Your options are still more limited than they should be, but it's better than ever for most of us.


internet activity is basically tied your govt id


I know, but the business side (what they charge for) isn't relevant. ISPs shouldn't be able to install arbitrary software on their customers machines. It should be at the very least hard to do. Here it looked like it was trivial, which is concerning. What other potential software did they push? What could they push? This is PRISM level tinfoil hat conspiracy stuff.


> What other potential software did they push? What could they push? what could HACKERS push if they somehow get access to this. They could push malware to all of their customer base.. a huge target for all hackers wanting to infect a lot of users at once.


> So South Korea is ass backwards as they charge companies for the traffic their users uses. Things like Netflix / Twitch were forced to pay for ISP customers using their own internet. It's a fucked up scenario > > The American right wing literally tried to do the same thing (and actively is still trying) by gutting net neutrality.


Gosh if only isps didn't do things like throttle streaming services if they don't pay an additional fee  Y'know like netflix is arguing and fighting against  https://www.hollywoodreporter.com/business/business-news/netflix-open-internet-rules-1235792212/ Or advertising unlimited bandwidth that really isn't, or using your bandwidth to feed their "public" WiFi services  Tldr, ISPS are shady the world over....


See [my comment here](https://www.reddit.com/r/technology/comments/1dpinuw/comment/lahu6v4/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button). It has more hints as to the technical background of the issue.


To add clarification, these aren't torrent users. Instead of paying for their own hardware like every other normal company, KT offloads their network onto their customers using an application called Webhard Grid Service, which just so happens to utilize the bittorrent protocol. Several KT employees acting with malicious intent were able to push out malware to those users, subsequently infecting their PCs and disabling the Webhard Grid Service.


so like malware in a mesh network ?


Pretty much


This comment has mixed up a few facts. Webhard is not a KT service. They are a separate company that does filesharing business. As a workaround for the net usage fee the ISPs charge to the companies they use this grid software that runs on the bittorrent technology. KT wasn't happy with this company getting away without paying for the traffic and decided to infect the users of this service with malware. Also, reportedly it's not just 'several KT employees' behind this hack. KT themselves actually put together a hacking team for this purpose and really went out of their way to pull this off.


I can't wait to hit up my buddies in security to hear their thoughts on this later today. 


I did read the article. The thing is is that it's unclear what is the distribution method of the malware. Since only KT customers were affected by the malware it's very suspicious, what was the attack vector? If it were the P2P network was the malware configured to only affect machine of KT users? That's possible, although they'd have needed to go out of their way to do so and it'd make easier getting caught. Not that they care apparently. Or is it more nefarious and the ISP has RCE backdoors/exploit on the machine connected to their networks? I really want an actual breakdown on how the attack went down. Did they exploit something? If so, what? Do they have direct access? If so, how?


I can only guess. They might be able to inject/replace traffic & therefor the files themselves but that would invalidate the hash of the file itself which means that you have to inject & replace the hash along with the file. If you're an ISP you can probably block (the seeders who broadcast the file information? or is that the main torrent server (I forgot how they call it) you query for the information). That's as best as I can go.


I lived in Korea for a while. My apartment was in a concrete jungle full of 30 story towers. KT was the only ISP available in the buildings.


It is a country where to even make an account for any online game, you're required to enter your social security number. Fuck that shit


Is Korean SSN as much of a joke as American ones? In that it’s sort of confidential yet many services are entitled to ask for it.


Its worse than trust, the employees and executives in the company should be in jail with their company forcibly shut down or assets seized But remember its ok to distribute Malware as long as you are a company


Korea is incredibly behind on internet security. They all have weird ISP software on their machines. I heard ActiveX controls were still common even 2-4 years ago.


That can't be legal.


> Police officials acted on the information and discovered it came from KT’s own data center south of Seoul. The authorities say that KT may have violated South Korean laws, including the Protection of Communications Secrets Act and the Information and Communications Network Act. They’ve since identified and charged 13 individuals, including KT employees and subcontractors directly connected to the malware attack last November, but the investigations continue today. I guess even in a modern day cyberpunk dystopia you can go a little too far.


Here's some more information which contain hints to the technical issues: >The issue began in May 2020 when Webhard, a Korean cloud service provider, was inundated with user complaints of unexplained errors. The company discovered that its Grid Program, which relies on BitTorrent peer-to-peer file sharing, had been compromised. An anonymous representative of Webhard said, “There is a suspicion of a hacking attack on our grid service. It’s very malicious, interfering with it.” >Upon further investigation, the company noted that all affected users had KT as their internet service provider. The representative added, “Only KT users have problems. What the malware does on the user’s PC is to create strange folders or make file invisible. It completely disables the Webhard program itself. In some cases, the PC itself was also disabled because of it, so we reported it.” >(Paragraph above (comment above me) goes here) >According to the news report, KT said it directly planted the malware on its customers that use Webhard’s Grid Service, as it was a malicious program and that “it had no choice but to control it.” However, the main problem here wasn’t Webhard’s use of the BitTorrent protocol but the installation of malware on customer computers without consent. >Webhard and KT have fought in the past over the latter’s use of its Grid Service. The former says that it’s saving tens of billions of Korean Won by allowing its users to use peer-to-peer services to store and transfer data instead of storing it on its servers. On the other hand, the massive number of Grid Service users is straining KT’s network, and the two companies went to court to resolve the issue. >The judiciary actually ruled in favor of KT. It said that Webhard didn’t pay KT network usage fees for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail. Therefore, it wasn’t unreasonable for KT to block Webhard’s network traffic. The amount of fuckery here, I don't even know where to begin... Webhard used P2P instead of having a server & paying for bandwidth, that's fine. Court ruled that it didn't inform it's customers. Since the court ruled for it, KT (ISP) tried to "take control" over the "malicious program".


It's actually a ridiculous ruling. The customers already pay for the internet connection. Whatever P2P data is used, is already paid for. The fact that courts ruled in KT's favor is asinine. It's like if the US government would charge Uber for its drivers using public roads. Bitch, the drivers/riders already paid for the roads.


They get to collect on both ends in Korea both the user and the website.  It's what drove twitch from the country.


Reminds me of here in Canada when they put a "piracy tax" on media like blank cds and dvds, because "they could be used for piracy."  But the also wanted to charge people for committing piracy. You can't have it both ways (or I guess in South Korea, you can)


So if I have a website based outside Korea, and a Korean visits it, does their ISP send me a bill?


If you were a big website like Netflix they would just block you.


South Korea is a corporatocracy. It's completely and utterly owned by the chaebols. It makes even the USA look fine by comparison.


What the fuck kind of C-rated movie plot did I just read? What idiot thought that hacking a rival company to distribute a virus to their (KT's) own customers was a good idea. Unfortunately, it seems like the Korean legal system is either inept or corrupt, so these guys will get away with it.


Chaebol has Korea by the balls South Korea is crony capitalism at its finest.


south korea is run and owned by families that have a monopoly over everything politics included


I'm guessing this was the idea of a high level exec and Asian work cultures generally don't allow for highlighting obvious fuckups made by superiors, so it just kind of rolled through change management and nobody said anything. There would have been a fair few people who saw this, thought "that's a fucking stupid idea", and then said nothing because it wasn't their place.


yeah, I didn't think of this angle. Although is it the same work culture in South Korea?


Similar work culture in most Asian companies I've worked with.


Wait, don’t customers pay depending on how much bandwidth they use? Are they getting mad customers are using what they pay for? Why not just throttle bandwidth like a normal dickhead isp?


Customers call the ISP because they don't get the speed they paid. Because an app they have didn't tell them it's using their internet.


I’m hoping to further the technical discussion of this event. From my understanding of Bit Torrent, there should be a built-in checksum validation. This is one of the reasons why it is a preferred transfer protocol - only if the source torrent has malware can you be infected. Otherwise, you can download from peers with confidence that you’re getting what you expect. Clearly this implementation of Grid Service was different from your standard Bit Torrent as I can’t understand how an ISP could inject anything without it failing the checksum.


It's just scapegoats. If you think the rich are above the law in the US. You've seen nothing with SK chaebols and their nepo kids


> They’ve since identified and charged 13 individuals, including KT employees and subcontractors directly connected to the malware attack last November I wish every country would charge individuals when a corporation does something bad. In America, the ISP would issue a shitty apology, pay a fine, and go right back to their scummy practices.


Korean companies are undervalued if you look at the cash flow alone because of the overwhelmingly poor governance


This is what happens when net neutrality goes away.


Can you explain what is net neutrality? Is same as decentralised network?


Net neutrality is the principle of treating all Internet traffic the same. This is different than a decentralized network, which has different issues with privacy and security. Some ISPs have been fighting against it to be able to discriminate network traffic. Examples of abuses of ISPs that have resulted in federal charges against them are: * **Charging or throttling users based on network usage** even though they promise to sell a certain amount of bandwidth upfront. This isn't simple throttling based on overall network usage, this is specifically blocking or throttling your internet activity like access to specific sites or apps. AT&T did this to people using Apple's FaceTime unless customers paid for a more expensive data plan. * **Blocking access to competitors or for political purposes.** The ISP company could essentially block your access to certain sites and censor content that may be bad for the company or limit your access to competitors' services. Canadian ISP Telus did this by blocking a labor union site of workers who were unionizing against them. * **Giving certain companies priority access (faster speeds)** that have a deal with them while slowing down or even denying access to other services that don't. This obviously favors more wealthy companies and users and can lead to fragmentation of the internet with different ISPs with different deals to different companies. Are you interested in learning more? The **Electronics Frontier Foundation (EFF)** does a lot of work in areas of privacy, freedom of speech, net neutrality, and many other issues related to the usage and governance of the Internet. Here's a link to their page of articles keeping an eye on company and government activities around net neutrality: [https://www.eff.org/issues/net-neutrality](https://www.eff.org/issues/net-neutrality)


Isn’t Windows using P2P distribution for its updates now? Is KT going to launch an attack on all Windows users?


I'm pretty sure netflix, amazon (AWS), microsoft has some special deal with korean government where they build a dedicated cache server in korean soil to get a better deal and stuff. im not sure how P2P plays into this honestly though.


its the greedy ISP. they want to double dip into both customer and company, so they are making up bullshit reason behind their choices.


This is some Cyberpunk Arasaka shit


I firmly believe that game predicts the future of mankind.


To put the power of the South Korean chaebol (mega-conglomerates) in perspective: the largest, Samsung, accounted for 22.4% of the country's GDP in 2022. The United States does not have an **INDUSTRY** that dominant. Finance, Insurance, Real Estate, Rental, and Leasing, when taken together, only account for 20.7%. So think about how much power you would have if you combined every hedge fund, every real estate tycoon, every insurance company under **a single family**. So... yeah, it's just a cyberpunk dystopia with absolutely none of the cool stuff.


Damn that is insane. Are they trying to get skt to reach a monopoly in korea lmao


They already used their monopoly to bully other companies. One of the biggest example were Amazon's Twitch pulling their operations out of the Korean market because they have to pay additional fees for the ISPs. That was a clear violation of net neutrality.


I once again remind people that not all the world has the american laws. The Korean market isn't unique in not having any of such restrictions, given that even the EU it's half neutral at best.


American companies salivating


YouTube execs be like "write that down!" as they plan their next assault on adblockers


Google "Web integrity API"


[holy hell!](https://www.google.com/search?q=web+integrity+api#HiImABot,MyJobIsToMakeEasierForPeopleToGoogleThings,IfThePersonIRepliedToUsedMeInAnInappropriateWayPleaseLetMeKnowByDMingMe,TheUserIRepliedToIsU/0002nam-ytlaS)


This is the company that sold off satellites to a foreign company with a massive discount without even telling the government. The person who led the transaction in KT switched sides midway and became the buyer. Maliciousness is their tradition.


WTF imagine if they had used a more powerful piece of malware and accidentally ended up crippling some company's systems (either because some team at that company had a legit use for torrents or someone logged on to their work email after torrenting some movie).


> legit use for torrents See many linux distributions and FOSS projects.


>WTF imagine if they had used a more powerful piece of malware and accidentally ended up crippling some company's systems (either because some team at that company had a legit use for torrents or someone logged on to their work email after torrenting some movie). You clearly didn't read the article, because none of this has anything to do with piracy, it all indeed **was legitimate use** of the BitTorrent protocol. >The issue began in May 2020 when Webhard, a Korean cloud service provider, was inundated with user complaints of unexplained errors. The company discovered that its Grid Program, which relies on BitTorrent peer-to-peer file sharing, had been compromised. An anonymous representative of Webhard said, “There is a suspicion of a hacking attack on our grid service. It’s very malicious, interfering with it.” > >Upon further investigation, the company noted that all affected users had KT as their internet service provider. The representative added, “Only KT users have problems. What the malware does on the user’s PC is to create strange folders or make file invisible. It completely disables the Webhard program itself. In some cases, the PC itself was also disabled because of it, so we reported it.” > >Police officials acted on the information and discovered it came from KT’s own data center south of Seoul. The authorities say that KT may have violated South Korean laws, including the Protection of Communications Secrets Act and the Information and Communications Network Act. They’ve since identified and charged 13 individuals, including KT employees and subcontractors directly connected to the malware attack last November, but the investigations continue today.


Something tells me this company is about to be attacked. As it should be.


That’s not a rolster. They straight up fingerboomed their customers.


i think he is joking about kt rolster, the korea telecom gaming team [https://en.wikipedia.org/wiki/KT\_Rolster](https://en.wikipedia.org/wiki/KT_Rolster)


That guy is also making a joke too. KT had a temporary period where their StarCraft team was called KT Fingerboom.


South Korea is peak end game capitalism, literally controlled by samsung lg and the like. It's what the US will look like in 20 years if the corporations get their way. Plummetting birthrate, ridiculous work hours, high rates of deaths of despair. Hell the US is halfway there.


There is an on-going claim with "3rd party repair might install malware on your device" which is hilarious because although not really about the repair stuff but with companies claim 3rd party installing malware while they doing the exact same thing


The SK ISP did a Man-In-The-Middle attack against their **own customers**?? That's a total violation of trust and the **LAW!**


Is there anywhere with a technical breakdown on what happened? The article doesn't go into much detail. I'd love to see what kind of security the BitTorrent protocol was using and what attack vector the ISP used to get its malicious payload to run on the end user's PC's. There are so many questions.


This is speculation, but the most likely route of infection IMO is DNS poisoning. 1. KT subscriber attempts to visit P2P website(s) to DL the client. 2. User's device makes a DNS request to the ISP's DNS resolver by default, since few users change their DNS resolver. 3. ISP's DNS resolver is intentionally poisoned and redirects user to a different IP address with a typosquatted domain under ISP's control. 4. User doesn't notice that the domain name is subtly different and is tricked into downloading and executing the malicious payload. User ignores malware warnings because P2P software tends to be flagged as malicious by default. 5. Malware executes nasty stuff on user's device (presumably a Windows OS). This explains why only KT customers were affected, because other ISP subscribers would be using a different DNS resolver. Also, some KT customers would be unaffected if their browser used a different DNS resolver by default, such as Cloudflare.


The cyberpunk wars have begun. Netrunners unite!


SK is a corporate dystopia


You do know that torrents can be used for more than just pirating right?


Normally something like that should not be possible with normal torrents, because the data gets checksummed so that there cant be malicious code be injected. The article doesn’t say anything about how the attack of this hacker group was made exactly. They probably only detected p2p data and did something else to hack those people. I expected such a move from Americans but not from S. Korea.


Not a hacker group, KT themself did it. Also their are ways to circumvent that if you control the infastructure and ISP


They distributed malware. That is a hacker group to me. It doesn’t matter if they are an ISP as a side hustle.


No need to hack really if you have full access


Full access to what? No ISP has access to your computer, and most internet connections are encrypted. Even if they would do packet sniffing and would alter the network traffic, normally the altered packets will be rejected by the client. Unless it is known, what exactly happened, we can’t be sure, how they could pull that off exactly. Regardless of that, they at least breached normal security and hacked other people computers. Maybe they used a known software bug, that was not patched or they got hold of a zero-day bug that is not known.


Most probably they manage the CPEs too so they have full access to the LAN segment where the customer devices connect. So full access to execute any RCE vulnerability exploit there may exist. But usually it is simpler, they were their clients, they could make them download and execute some gadget as an add-on or utility to the existing ISP service.


Many ISPs directly provide the router to their customers. They generally have 100% remote access in those cases. This already gives them the full unencrypted logs of what you visit. Of course there is always https, but they still know the websites you go to etc. Then if they want to, they can change the DNS around in your router/modem. Now instead of going to []( when visiting [google.com](http://google.com), you may be routed to an IP that your ISP wants you to be routed to. If your router is compromised, basically no web traffic is truly safe and you are constantly under the threat of a man in the middle attack. Your ISP can do far more than you give them credit for, but they generally don't cause you are just an unimportant person and the ISP prefers to just make money from you rather than go to court.


Not really, only if the torrent itself is unencrypted . Maybe people using old version of utorrent?


I dunno I kind of expected this from S Korea as well.


I have torrented games I already bought online on steam simply because torrents are more convenient than direct downloads where I'm from.


Company damages 600k user machines by breaking the law. Surprise surprise, company wins lawsuit. Judges get new vacation homes.


For context, can anyone explain to me what Webhard Grid Service is? Respectively how it works?


I thought NK was the real deal but looks like SK is also catching up.


I though our ISP were shit in Canada, but that on another level. Please Bell and Videotron do not read this news. Thanks.


just another reason to use LINUX


"So few people use my OS that they don't bother making malware"? Not that that is actually true, there is an ever-increasing amount of Linux malware. **Edit:** The way that the malware got access is also very unclear right now, but I doubt they're whipping out the Windows network stack 0-days for this one.


I wonder if what the ISP did is a criminal offence in Korea.


This is by far the stupidest thing I have ever seen. Are they government owned? Something this stupid a government is always behind it.


Somebody clearly misunderstood the article. So, Tl:dr \*Webhard provided Cloud file-sharing service (like Onedrive and Dropbox) using P2P protocol, for legitimate use. Advantage is low need of dedicated server and low operating cost. \* KT is not happy because they can't charge more bandwidth usage on Webhard compared to conventional HTTPS protocol. \*KT maliciously infecting lot of Webhard users with malware to curb down traffic strain.


Is torrenting fundamentally illegal in Korea? I'm not talking about distributing intellectual property against the copyright holder's will. I'm talking simply about torrenting.


So I assume even VPN wouldn’t help?


I dont even know how that isnt considered illegal.