A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.

The number of infected users of “web hard drives” – the South Korean term for the online storage services that allow uploading and sharing of content – has reportedly reached 600,000.

Malware designed to hide files was allegedly inserted into the Grid Program – the code that allows KT users to exchange data in a peer-to-peer method. The file exchange services subsequently stopped working, leading users to complain on bulletin boards.

The throttling shenanigans were reportedly ongoing for nearly five months, beginning in May 2020, and were carried out from inside one of KT’s own datacenters.

The incident has reportedly drawn enough attention to warrant an investigation from the police, which have apparently searched KT’s headquarters and datacenter, and seized evidence, in pursuit of evidence the telco violated South Korea’s Communications Secrets Protection Act (CSPA) and the Information and Communications Network Act (ICNA).

The CSPA aims to protect the privacy and confidentiality of communications while the ICNA addresses the use and security of information and communications networks.

The investigation has reportedly uncovered an entire team at KT dedicated to detecting and interfering with the file transfers, with some workers assigned to malware development, others distribution and operation, and wiretapping. Thirteen KT employees and partner employees have allegedly been identified and referred for potential prosecution.

The Register has reached out to KT to confirm the incident and will report back should a substantial reply materialize.

But according to local media, KT’s position is that since the web hard drive P2P service itself is a malicious program, it has no choice but to control it.

P2P sites can burden networks, as can legitimate streaming - a phenomenon that saw South Korean telcos fight a bitter legal dispute with Netflix over who should foot the bill for network operation and construction costs.

A South Korean telco acting to curb inconvenient traffic is therefore not out of step with local mores. Distributing malware and deleting customer files are, however, not accepted practices as they raise ethical concerns about privacy and consent.

Of course, given files shared on P2P are notoriously targeted by malware distributors, perhaps KT the telco assumed its web hard drive users wouldn’t notice a little extra virus here and there.