A South Korean media outlet claims that local telecom KT has allegedly intentionally infected some of its consumers with malware due to their extensive usage of peer-to-peer (P2P) downloading programs. Based on reports, the number of affected users has now risen to a staggering 600,000 individuals.
The telecommunication firm allegedly designed the malware to hide files and had reportedly been introduced into the Grid Program, which allows KT users to exchange data peer-to-peer. The file exchange services eventually stopped working, prompting users to protest on bulletin boards.
This process has allegedly continued for nearly five months, starting in May 2020, and was carried out from within one of KT’s data centres.
The incident reportedly drew enough attention to warrant an investigation by the police, who searched KT’s headquarters and data centre and seized evidence. The police claimed the South Korean telco violated South Korea’s Communications Secrets Protection Act (CSPA) and the Information and Communications Network Act (ICNA).
The CSPA seeks to preserve communications privacy and confidentiality, whereas the ICNA is concerned with the use and security of information and communication networks.
KT apparently has a separate team for malware development.
The police inquiry apparently revealed an entire team at KT dedicated to detecting and interfering with file transfers, with some employees assigned to malware development, others to distribution and operation, and wiretapping.
Thirteen KT and partner personnel were allegedly identified and referred for possible prosecution. Concerned parties and news outlets have contacted the company to confirm the incident, but they have yet to respond.
However, local media reported that KT believes it has little choice but to manage the online hard drive P2P service since it is a harmful program.
P2P sites, as well as genuine streaming, can place a strain on networks, prompting a fierce legal battle between South Korean telcos and Netflix over who should pay for network operating and building costs.
Thus, a South Korean telco attempting to reduce annoying traffic is not in sync with local standards. However, distributing malware and deleting client files are unacceptable because they violate privacy and consent.
Considering that data exchanged via P2P are commonly targeted by malware distributors, KT may have anticipated that its web hard drive users would not notice the virus.