return to table of content

South Korean telecom company attacks torrent users with malware

Aerroon
63 replies
19h38m

Unsurprisingly, terrible Korean internet strikes again. ISPs try to charge companies insane fees because customers want to connect to their servers. Company decides to use peer-ro-peer instead so the ISP starts installing spyware on customer computers.

Makes me wonder where this myth of "good Korean internet" even came from if everything ends up so bandwidth constrained. Is it because all the customers and services are in the same city so it appears low latency?

I hope everyone involved in this catches criminal charges, all the way up the chain. Completely unacceptable behavior.

godelski
24 replies
15h6m

It's also worth noting the SK has some pretty terrible laws around the internet in general. Distribution of porn is illegal there and they do their best to block it from outside. They are pretty big on cyber defamation and will go after people who make fun of government officials[0]. They have a comparatively low internet freedom score because they do things like fine middle schoolers for having anti-government websites and the president pursues legal action against YouTubers[1].

It's pretty interesting when coming from the west where all the problems are often spoken about in the open. I mean the great American past time is complaining about the government. But in SK there's a lot more trust of the government and similarly, a lot more control by them. And it is a fairly tight knit group and there's only a few companies that dominate the country.

[0] https://www.nytimes.com/2012/08/13/world/asia/critics-see-so...

[1] https://freedomhouse.org/country/south-korea/freedom-net/202...

AtlasBarfed
9 replies
14h48m

It's a lot easier to buy into a government when the most horrid example of one in modern history (arguable, I get it) is only 100 miles to the north with a huge amount of artillery pointed at you.

somenameforme
7 replies
11h34m

South Korea has a far crazier history [1] than I think most realize. This [2] is the first president of South Korea, installed by the US, and then eventually ferried off into exile in Hawaii by the US after a revolution, leading the 2nd Republic of Korea. That was followed by coups and all other sorts of great things, including 4 acting presidents that did not serve more than 50 days a piece, eventually leading to the 3rd Republic of Korea which was another dictatorship who then had his dictatorial powers codified in the 4th republic. Then he was assassinated and you get the the 5th republic where the dictator's friend was put in power. Then you get the 6th republic in 1987 (!!) and that's the South Korea we're somewhat more familiar with.

Even in modern times, I think most don't realize how wacky Korean politics has been. For instance the president from 2013-2017 (Park Geun-hye, daughter of a former dictator) was involved in some sort of weird cult-like grooming controversy where she was being groomed and controlled by what some media called a 'Korean Rasputin.' She was eventually impeached and imprisoned for corruption/abuse of power, and is now serving decades in prison.

And it seems the current president of South Korea has an approval rating in the 30s. So I have no idea how Koreans view their government, but it's really unlike anything I think that we can compare elsewhere. But I suspect "trust" and "integrity" are not the sort of words that'd be on top.

[1] - https://en.wikipedia.org/wiki/History_of_South_Korea#

[2] - https://en.wikipedia.org/wiki/Syngman_Rhee

AtlasBarfed
5 replies
11h18m

And they are facing the demographic cliff of demographic cliffs...

Although what I suspect will happen is that North Korea will fall apart eventually and South Korea will get a demographic surge from immigrating North Koreans.

actionfromafar
4 replies
10h44m

Will China allow NK to fall apart?

autoexec
3 replies
9h38m

Would it be worth it for China to prop them up? I get that they're communism buddies or whatever, but what does China get out of it? What does China really need from North Korea?

snapcaster
0 replies
5h4m

China doesn't want the US military on their border

skhr0680
0 replies
8h29m

From the Chinese and Russian (Soviet) perspective, letting a few Koreans get oppressed is worth it considering the alternative, a land border with the US

codedokode
0 replies
7h7m

China can has influence over North Korea rather than it will be US (don't forget that there are two Koreas because USA and USSR both wanted to rule Korea but couldn't win against each other).

sooheon
0 replies
10h48m

and is now serving decades in prison.

I wish. It's a national tradition to jail and then pardon the president. She's been free for years, and is often kow-towing and gladhanding current administration members.

godelski
0 replies
14h4m

Not to mention when you were also very recently occupied by a neighboring country. And an extremely brutal occupation at that. I mean there's still a handful of women still alive who were sex slaves, it wasn't that long ago. Korea really has had it tough, but I wish that would be a drive for more freedom, not less.

lifthrasiir
4 replies
11h36m

I wouldn't comment over other statements, but...

Distribution of porn is illegal there and they do their best to block it from outside.

Incorrect, it's yet another incorrect meme. Legal pornography is always possible in South Korea, and while the actual threshold varied over time (because you know, there is no objective metric for them anyway so it has to be a function of the approximate social consensus), legal pornography is not necessarily "milder" than illegal pornography distributed via blocked websites. (EDIT: incorrectly put "stronger" there...)

The South Korean treatment of pornography was extremely distorted mainly because of the rampant copyright violation over pornographic materials produced elsewhere. That blocked virtually all attempts to sell legal pornography and profit from it, why would you pay when you already have tons of free porns out there. Technically speaking, a large portion of the current adult population should have been found guilty if foreign producers could sue them, and I can tell you that the name of a certain blocked but still popular pornographic website [1] has became a household name for many males in their 20s and 30s!

And here is where the SK law's technical distinction between legal pornography and illegal obsence material turned out to be handy. Since those websites distributed pornography illegally, you can just consider them obscene and thus exempted from the copyright protection (!). I really hate this situation and like to see the radical change, but I can also see that it would become a massive and uncontrollable international affair otherwise. So that's why those websites had to be banned (to signal that it is indeed illegal), but the ban itself is so weak that it can be easily bypassed (more effective ban would be harder to justify).

[1] I don't like to quote its exact name, but as a hint, it is often followed by "꺼라 turn sth off".

jagrsw
2 replies
7h28m

Thank you for taking time to write this explanation, but otoh it's a lot of words to say that it's "kinda illegal"

lifthrasiir
1 replies
6h47m

"Kinda" may mean so many things that "kinda illegal" is as useful as no information, hence all these elaborations. They also matter for the eventual resolution.

jagrsw
0 replies
6h18m

I beg to differ. Using "Incorrect" to counter the statement that distribution is illegal implies it's largely untrue. While a distinction between "illegal" and "de facto illegal" exists, your own explanation doesn't support such a strong rebuttal.

You acknowledge that legal pornography, while technically possible, faces significant hurdles due to rampant piracy and legal loopholes. This creates a situation where accessing legal pornography is difficult and impractical for most, making the initial statement, that distribution is effectively illegal, more accurate than your initial "Incorrect" suggests.

skhr0680
0 replies
8h40m

I don’t think it’s a stretch to argue that porn is “de facto” illegal in South Korea

petre
3 replies
13h9m

They are pretty big on cyber defamation and will go after people who make fun of government officials

Because cyber defamation would go rampant otherwise and people would end up killing themselves on lost reputation and cyber bullying. You have to understand Korean culture, where reputation and how you're viewed in society is extremely important.

huimang
1 replies
12h22m

You mean the Korean netizen culture where celebrities routinely kill themselves? Where people not only still bully, but rapists can sue their victims for defamation and win?

greesil
0 replies
12h55m

That explains some managers I've had. Yeesh

linearrust
2 replies
2h38m

Distribution of porn is illegal there and they do their best to block it from outside.

Good. Why should any country be a conduit for porn? Most sane countries frown upon and limit things like porn, gambling, drugs, etc. Like we used to until fairly recently.

They are pretty big on cyber defamation and will go after people who make fun of government officials[0]

It's like that in most countries. Other countries can have their own values. Nothing wrong with it.

They have a comparatively low internet freedom score because they do things like fine middle schoolers for having anti-government websites and the president pursues legal action against YouTubers[1].

Freedomhouse is apparently a state propaganda outfit.

'Most of the organization's funding comes from the U.S. State Department[4] and other government grants.'

https://en.wikipedia.org/wiki/Freedom_House

You are linking to a propaganda site created solely to push a political agenda. Germany has an amazing 'freedom' scores but you could go to jail in germany for espousing certain beliefs about certain events in ww2.

That south korea scores low in the freedomhouse index is a good thing. Though it is surprising given that south korea is a militarily occupied vassal of the US.

It's pretty interesting when coming from the west where all the problems are often spoken about in the open.

Are they really? You are conflating 'the west' with the US. Most of 'the west' is not like america. In most of the west, you can go to jail or be punished for speech. Most of the west doesn't have free speech that we do in america.

What's with the neverending 'coming from the west' from foreigners here? So many foreigners here pretend to be americans here? Why?

BiteCode_dev
1 replies
2h30m

In most of the west, you can go to jail or be punished for speech. Most of the west doesn't have free speech that we do in america.

I'm going to assume you don't travel much cause on our side of the pound we can very much speak out loud of many things the US can't.

In fact, we don't have the absurd taboos that force the US to use alternative words. We can:

- Report "He disrespected his colleague, calling him a niger". No need to hide that behind "the n-word".

- We can call pedophilia what it is and debate about how to punish it, instead of using acronyms like CSAM for fear of being labeled in a certain way.

- We can show tits or talk about vagina and not get "porn" tagged all over.

linearrust
0 replies
2h9m

I'm going to assume you don't travel much cause on our side of the pound we can very much speak out loud of many things the US can't.

Pound? What country are you from? Why are people so sneaky? Hiding behind 'the west'.

In fact, we don't have the absurd taboos that force the US to use alternative words.

What? None of what you wrote applies to the US and none of it has anything to do with free speech. It applies to woke social media. What does 'porn tag' have to do with free speech? Besides, my point was being jailed or punished by the government.

We can:

Question the holocaust without going to jail?

autoexec
1 replies
9h51m

the great American past time is complaining about the government. But in SK there's a lot more trust of the government

Are they really more trusting of the government in south korea or is that just what people will say if you ask them?

If my government aggressively went after every youtuber and literal child who dared to say bad things about the government I'd probably lie and say I trusted my government too whenever asked.

yongjik
15 replies
18h54m

South Korea at least used to have blazingly fast internet infrastructure. Of course that didn't make up for shitty banking websites that you could only use by running Internet Explorer and allowing it to install "security plugins" that hook into Windows kernel, but at least the internet was fast, and it did give Korea an edge for its IT industry.

That was, I think, about twenty years ago.

I've been living in the US for 10+ years so I'm not very well informed, but basically the ISP industry ended up in an oligopoly where everybody's friends with the government, and they kept raising prices while neglecting infra upgrade. Until nobody can call Korea's internet "fast" any more.

Now all we've got is shitty websites. (To be fair, they are somewhat less shitty now... you can now access your banking websites on Mac!)

xenospn
6 replies
17h18m

I remember visiting SK back in 2005-6, and the only way to get online was to install an IE plugin.

localfirst
4 replies
16h32m

In early 2000s I used those Korean SIN number generators to access mmorpgs

I stopped when my cousin told me it was illegal

Have a lot of fond memories when there was a mini mmorpg bubble in korea

N-age still going strong it seems in 2024 ! So many rare unique korean mmorpg that will never see the light of the day!

iforgotpassword
1 replies
12h22m

I actually played one of those Korean mmorpgs that that an English version available ~2005 and I remember their website being a mess. It got wildly popular in the west to a point where the server started lagging and was down frequently, so they set up a second one.

Then the cheating got out of hand so they added some anti-cheat software, and shortly after they wanted people to verify their identity by sending a scan of their id/passport. This is when 99% of players left.

sixothree
0 replies
1h12m

Honestly I think the only way to get rid of cheating in online games is to use some form of identity vetting.

I know of one place where there is zero spam and it’s because of the identity vetting infrastructure.

philipov
0 replies
3h44m

SIN like from Shadowrun? Are you SINless now?

Hikikomori
0 replies
3h1m

There were generators? I googled for hours to get Korean wow beta accounts.

VygmraMGVl
0 replies
16h57m

This was true in 2013 as well. I've heard this has changed in the last 5 years or so, though.

seoulmetro
3 replies
14h14m

Korean internet is still extremely fast. It hasn't decreased in price sadly though.

petre
1 replies
13h18m

How can prices decerease when every provider is a chaebol in bed with the government?

AlchemistCamp
0 replies
11h38m

The government could make upgrading the infrastructure and lowering prices a priority.

metadat
0 replies
14h10m

Gigabit links to the home were cheap in South Korea 20 years ago, something like $50USD/month, IIRC. The population is so dense, it was comparatively quick and easy to put in the infrastructure.

Some of the fastest pirate FTP sites in the world were .kr at the time, it was crazy seeing 125MB/sec inter-site transfers back then.

The ops must've set the machines up with a /dev/shm ramdisk or similar for uploads. There were no SSDs those days, so no way to even write at 125MB/sec, unless you had an unreasonably large Raid-0 array of WD Raptor HDDs, also possible.

XorNot
3 replies
8h36m

I think this is sort of how Japan is often thought of as "land of the future" because where was a brief period around the 2000s where new tech adoption sort of got a little ahead of the US, but what people really missed was that they weren't ahead so much as just...kind of different?

And the reality today is that it'll seem practically backwards to a Westerner - i.e. tons of paper forms and bureaucracy for things like banking and rental applications.

sbarre
1 replies
7h9m

I was in Japan in 2008 and the cellphones there were from the future! I remember being awed seeing people watching TV on the subway on their phones..

There was a bunch of infrastructure and services provided by the actual phone company NTT DoCoMo (as opposed to generally over the Internet) that let people watch shows, play games, shop, etc.. all on their mobile devices. Stuff that we do now every day, but this was almost 20 years ago.

They also had phones built for this purpose, like ones that had rotating screens that went into landscape mode (imagine holding a "T"-shaped device) for watching TV..

So it certainly felt like they were ahead, but you're right, it was a very different approach with everything coming from the phone company itself, and one that wasn't set up to stay competitive or stay ahead..

Sakos
0 replies
6h19m

Other examples of this are the Satellaview for the SNES and the 64DD for the Nintendo 64, both of which were only launched in Japan. The Satellaview let you download games and the 64DD let you browse the internet. Apparently they'd also planned to have multiplayer online gaming for the 64DD, but that was never released.

krageon
0 replies
1h28m

On an infrastructure level Japan is literally not even in the same reality as the US. The infrastructure works, everything is clean and works, the toilets are usable and good. The mobile internet infrastructure is honestly fine and most likely better than what you'd be able to get in the US (especially as a foreigner).

It will not seem backwards to a "Westerner" today. The only place where you'd really encounter forms as a human being is in government interactions (and possibly banking), which is not unusual or even particularly backwards.

nayuki
9 replies
19h4m

Another memory from the terrible South Korean Internet is how the national banks required customers to log in using Internet Explorer because of mandatory ActiveX blobs of code.

lifthrasiir
6 replies
17h16m

It makes me sad that all of these started with US's restriction on the export of cryptography, which prompted South Korea (among others) to develop a domestic algorithm that was unsupported by contemporary browsers at that time.

quanto
5 replies
16h38m

The US export restriction applied to other countries as well. The question is what has made Korean internet uniquely bad.

rfoo
0 replies
14h26m

It wasn't unique to Korean.

15-20 years ago Chinese banking website did exactly same things. Maybe they got the idea from SK, don't know. It only ended with widespread adoption of mobile phones and Chrome.

makeitdouble
0 replies
12h55m

One answer is internet banking being way more cumbersome and less advanced in other countries. At that time spending time on the phone or have the customer come spend a miserable time at the agency was the prefered way from the bank's perspective.

To this day many banks won't allow all operations from the online interface.

lifthrasiir
0 replies
16h31m

I think the answer itself is clear to me: SK bit the bullet much earlier than most other countries, having implemented a nationwide ADSL infrastructure by circa 2000. The same thing happened to Japan for example, where early mobile services were so successful that they essentially stagnated further development until SoftBank's introduction of iPhone.

citrin_ru
0 replies
11h36m

Active-X was AFIK a common requirement for banking e.t.c. during crypto export restrictions but once they where lifted almost everyone switched to https. What different about SK is the laws which keep their IT security in the past.

tonetegeatinst
0 replies
16h21m

Can I get a link to a few of those sites? I want to see what happens when I visit using Firefox and tor browser.

TheRoque
0 replies
17h57m

They have such weird constraints. Even Coupang Play refuses to load their video when I'm on Linux, which makes no sense at all.

seoulmetro
1 replies
14h15m

Is it because all the customers and services are in the same city so it appears low latency?

Yes. It's because the internet of Korea is so well done between nearly all areas of the country with great speeds.

But it's true that Korean internet is super fast only within Korea, but the borders are also normal fast borders to other countries so they're just as fast as say a 1gbps connection in Australia.

Good Korean internet is not a myth, they had fibre everywhere by the time rich people in the US or Europe were getting it. Korean internet is good, it's just that their ISPs are also fairly evil like the rest of the world, but they have less freedom constraining their evils.

iforgotpassword
0 replies
12h3m

https://news.ycombinator.com/item?id=40806633

As said, it was good/impressive 20 years ago, now it's just what everyone else has. And SK software is a joke, like the linked post elaborates.

I don't know if it changed during the last 5 years, but when I was there I wanted to use Google maps for navigation and it looked like shit, so after some digging around I found because apparently there are some SK patents that prevent Google from using a lot of modern tech. So no wonder SK people compare that to naver and think their IT tech is top notch, but if you compare it to the "real Google", it's a joke.

It's the same in China actually, but there you simply can't access the western counterparts at all usually.

ryandrake
1 replies
18h53m

According to the news report, KT said it directly planted the malware on its customers that use Webhard’s Grid Service, as it was a malicious program and that “it had no choice but to control it.”

Looks like the major ISP and some cloud service provider are having some kind of ridiculous fight, and they're using their customers' computers as the battlefield. I'd be pretty disgusted if I were a customer.

petre
0 replies
12h59m

They should be dusgusted. KT's market share something like 80% of landline subscribers and 45% of high speed Internet usets. This is Korea's equivalent of AT&T. The National Pension Service owns ~13% of it.

monkfish328
1 replies
9h21m

Wow I've always heard that South Korean internet is supposed to be one of the fastest in the world? How did that go wrong?

h4kor
0 replies
8h30m

Policy failure. South Korea enforced a "Sender Pays" rule for networks, eliminating peering between ISPs. This resulted in companies moving there server to neighboring countries to avoid paying for traffic, which was free before.

More details: https://www.internetsociety.org/resources/internet-fragmenta...

NL807
1 replies
17h45m

How is this not criminal?

OsrsNeedsf2P
0 replies
17h14m

It is criminal. From the article, 13 KT employees and contractors were charged.

pezezin
0 replies
12h6m

Makes me wonder where this myth of "good Korean internet" even came from if everything ends up so bandwidth constrained. Is it because all the customers and services are in the same city so it appears low latency?

Same here in Japan. The funny thing is that both me here and my parents back in Spain have gigabit fibre, yet my parents' connection is much faster than mine.

mrtksn
0 replies
12h9m

Wow, are they trying to have worse internet than DPRK?

Funny how both spectrums of fully controlled market and fully free market can be terrible. Apparently what they did was a crime but it shows the spirit, they though at least that they can do it and get away with it.

lifthrasiir
0 replies
19h0m

Makes me wonder where this myth of "good Korean internet" even came from if everything ends up so bandwidth constrained.

It is not a myth! A decade ago, though. I would still consider it is "good" in terms of objective metrics, but other countries have since caught up.

Is it because all the customers and services are in the same city so it appears low latency?

No, because it would only apply to a quarter of the entire population of South Korea if it were true.

bee_rider
0 replies
18h14m

I imagine keeping at the front of the pack on any infrastructure investment is very difficult. I mean, it’s an investment, you want to give it time to amortize, right?

shiroiushi
15 replies
18h23m

Police officials acted on the information and discovered it came from KT’s own data center south of Seoul. ... They’ve since identified and charged 13 individuals, including KT employees and subcontractors directly connected to the malware attack last November,...

I'm actually very impressed. If this happened in the US, the police wouldn't care about it at all, and would just tell everyone affected that "it's a civil matter" and they'll have to file a lawsuit if they don't like it.

jrflowers
8 replies
18h7m

This makes sense because the US does not have a set of laws that criminalize Computer Fraud and Abuse

shiroiushi
2 replies
18h4m

Maybe you're joking, but they certainly do. They'll happily use them against individuals too.

But against a large company? I'll believe it when I see it.

boomboomsubban
0 replies
17h41m

The US law about this is the Computer Fraud and Abuse Act, it's clearly a joke. We're all in agreement it's not really used against large companies.

None4U
0 replies
17h38m

it's a joke, the name of the law is "Computer Fraud and Abuse Act"

downrightmike
2 replies
16h58m

Kevin Mitnick would disagreed

mensetmanusman
1 replies
16h13m

May he rest in peace.

metadat
0 replies
14h0m

Damn, pancreatic cancer in 2023. I didn't hear until now.

sneak
1 replies
18h1m

Selective enforcement of broad-scoped laws via prosecutorial discretion is how real power works and how the status quo is maintained.

jrflowers
0 replies
16h24m

I like the idea that upon seeing a massive and indiscriminate MITM attack all of the various law enforcement agencies with a remit that includes data would just solemnly bow their heads and not attempt to stop or investigate it because a corporation probably wants the attack to happen.

antonvs
2 replies
9h24m

If this happened in the US

Perhaps this would be a good moment to pause and ask yourself why this hasn’t happened in the US.

black_puppydog
1 replies
3h50m

Perhaps this would be a good moment to pause and ask yourself IF this hasn’t happened in the US. :)

kfarr
0 replies
1h21m

Definitely not the same but I remember late in the days of Napster there were companies that would upload "poisoned" mp3's of popular artist that were not the actual song requested to thwart piracy.

yongjik
1 replies
18h1m

I think you're too optimistic. My reading is that the police is investigating low-level employees and subcontractors. I.e., profit for the corporation, consequence for the employees. And especially subcontractors. (Workplace discrimination against subcontractors has been a hot topic in Korea: subcontractors literally die in factories because they're pushed to handle dangerous tasks while "regular employees" get cushy desk jobs.)

RF_Savage
0 replies
12h46m

Yeah. At they pulled a Sony on a smaller scale and have better relations with the local govt.

The people who ordered it done will be fine.

BillTthree
0 replies
2h31m

https://www.fbi.gov/news/stories/chinese-hackers-charged-in-...

It took 3 years but the FBI published the names of the fellows they believe are responsible for breaching equifax and stealing private data about half of americans

Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei

chunsj
13 replies
18h54m

South Korean internet had been one of the best and fast network in the world; especially up to the point before KT was privatized. After privatization, three internet service providers have been focusing on exploiting profits, not on making better and faster network infrastructure because they don't have to.

pennybanks
12 replies
18h47m

wouldnt competition naturally produce better products if there are 3 providers? from what i remember services from companies, or really any type of services were top notch in korea. due to culture, competition, etc. also noting pricing in general is very high in korea

jjmarr
4 replies
17h29m

https://en.wikipedia.org/wiki/Natural_monopoly

Competition theory assumes that if firms are abusing their market position by overcharging consumers, competitors can enter the market and undercut them.

When you have a market with very high barriers to entry (government regulation + physical infrastructure costs), you can't just start your own internet service provider to undercut existing Korean telecommunications, because you won't make enough money to pay your investment back.

stephen_g
1 replies
13h22m

Yes, this is called a ‘natural monopoly’. It’s the case with most infrastructure - basically there is little incentive for a private company to be more efficient than a public utility, since anybody building competing infrastructure is infeasible, but because they want to make profit there is incentive for them to charge more and to cut costs in other ways (like not investing in more than the bare minimum of maintenance). So it generally tends to work out worse for the customers.

Unfortunately some people genuinely believe the private sector will always deliver services cheaper and more efficiently than the public sector, so all around the world this mistake keeps being made. And the continual failures seem to never affect the firm belief of the adherents to that theory…

achenet
0 replies
10h33m

It's like people who support drug prohibition... ample evidence that something doesn't work won't stop people believing it.

downrightmike
1 replies
16h56m

The EU forces telcoms and ISPs to allow competition on their infra. Decent prices and good service

tchalla
0 replies
15h45m

Germany checks in.

pessimizer
1 replies
18h4m

There's no economic motivation to compete. The motivation is to raise prices slightly, wait for the other two companies to follow suit as a signal, then to raise prices again. If you raise and someone doesn't follow, backtrack to the previous level. This is assuming that they don't just have a meeting and set prices over drinks.

creer
0 replies
16h24m

Right. There are two possible very different strategies - even illegal collusion. There is no reason to compete aggressively until one of the "several" chooses to break ranks and do so.

And if the one that breaks ranks is tiny, that might still not be enough reason for the others. Since there is a good chance they will just fail.

arepublicadoceu
1 replies
18h33m

I’m not sure how is the reality in South Korea but, if my country is anything to go by, these 3 companies are probably a hidden cartel that monopolizes the price and offers while offering the bare minimum.

katbyte
0 replies
13h39m

Hello fellow Canadian?

jamil7
0 replies
12h56m

This has been the argument for decades to justify privatisation of state infrastructure. Anything with high barriers or physical limitations instead just becomes monopolised. It’s a failed experiment at this point. I’d be highly suspicious of the motivations of anyone arguing for this in 2024.

dylan604
0 replies
17h29m

This is one of those situations where rubber hits the road on theory vs real life. The concept of multiple vendors being better for the user seems to not play out as the multiple vendors are still a low number (3 in the current example) which means it's very easy for them to collude even if they never actually get in the same room, chat session, email chain, etc to do the colluding.

LightBug1
0 replies
1h51m

Forgive me, one time: LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOLLLLL

brokenmachine
6 replies
19h6m

Unfortunately, it's not explained in the article how the malware was actually sent to users. I wonder how they did it.

WatchDog
2 replies
17h39m

Yeah, until any details are provided, I would just assume that the ISP already requires that users install some kind of software, and they just pushed the malware through that program.

kijin
0 replies
17h4m

You don't need to install any software to use the internet at home in Korea. You just get a modem that connects to fiber at one end and exposes an ethernet port (or wifi) at the other end. Just connect to that port and you're online immediately.

ISPs also provide TV and a bunch of other services, though, and some of them might require installing specific software in order to use on a PC. Or perhaps they hijacked an unencrypted download of someone else's software, most likely some component of the file sharing service in dispute.

zb3
1 replies
18h40m

Especially because BitTorrent is mitm-resistant (uses hashes).. did they find a 0day in the client?

gavinsyancey
0 replies
17h17m

Or mitm your download of the .torrent file (and/or anchor link site)

NL807
0 replies
17h41m

I reckon they used a good old fashioned honeypot. Seed a torrent of some random popular content that also contains malware payload, and let users download it.

batch12
6 replies
19h34m

Did they exploit a vulnerability or MITM the traffic somehow?

Edit: While looking for an answer, I ran across this article. Apparently they've been fighting for a while (2015):

https://www.opennetkorea.org/en/wp/1529

silotis
4 replies
19h23m

Bittorrent normally hash checks all content against metadata in the torrent file so a simple MITM wouldn't be enough to inject malicious data unless the torrent metadata itself is being sent in the clear.

LightHugger
2 replies
19h1m

I had the same thought, i'm very confused about the details of the attacks.

As an ISP if they detect you doing it, and they control DNS servers, maybe they mark your account for death, and they could like randomly hijack you going to google.com to some download for malware, and unsuspecting user clicks accept? Not sure, i'm curious how they pulled this off.

rightbyte
1 replies
17h55m

Any http exe-file download could be hijacked if you are an ISP. Maybe KT have some "dailup login" app the user needs to login with?

flerchin
0 replies
4h37m

But why would it be http?

cortesoft
0 replies
18h27m

I am wondering if this is one of those "using the term bittorrent for anything peer to peer" cases... maybe Webhard has its own peer-to-peer protocol that is more vulnerable, and they are just calling it bittorrent?

esjeon
0 replies
9h5m

I’m pretty sure it’s not literally BitTorrent, but a distorted version of it to build private paid peer-to-peer networks.

lazydonkey456
3 replies
18h23m

MITM by ISP and the government! Even SK constitution said it is illegal. but they don't give a damn about it.

They are scanning SNI field and manipulate packet to prevent user visit certain sites.

lifthrasiir
2 replies
17h0m

Even SK constitution said it is illegal. but they don't give a damn about it.

This is a popular meme that is also not entirely correct. I should stress that this incident is very different from the usual MITM from ISP and government though. I assumed you are talking about the general MITM because you mentioned SNI (because you can't put malwares with just SNI sniffing).

The constitution only says about the "privacy of correspondence" in the Article 18, and several acts including the Protection of Communications Secrets Act (통신비밀보호법) [1] and the Act on Promotion of Information and Communication Network Utilization and Information Protection (정보통신망 이용촉진 및 정보보호 등에 관한 법률) [2] do have many exceptions that make them legal at least in principle. Indeed, most websites blocked by SK ISPs host either illegal obscene materials (distinct from the legal pornography in the SK legal system) or advocacy for North Korea (illegal due to the National Security Act 국가보안법). I'm not necessarily for such blocks but it is plain wrong to say that they are illegal.

[1] https://elaw.klri.re.kr/eng_service/lawView.do?hseq=7235&lan...

[2] https://elaw.klri.re.kr/eng_service/lawView.do?hseq=38422&la...

lazydonkey456
1 replies
10h29m

So pornography threats national security? I don't think so. "Quis custodiet ipsos custodes?"

lifthrasiir
0 replies
10h16m

Even NK advocacy sites do not threat national security either, but I meant that such restriction is allowed by the law which was ultimately passed the Congress and so you are wrong to claim that it's "illegal". See also my other comment for the background.

Also the watchmen argument against such restrictions is so old at this point that there are lots of counterpoints available for you, if you wish.

quanto
2 replies
16h2m

South Korea information technology (as distinguished from hardware-related technology) is unbelievably bad. Much of it is purely technical: domestic firms like Naver are simply not as good as global incumbents like Google, but also they are terrible compared to other regional players (The Kakao chat app is vastly inferior to Zalo, a Vietnamese chat app). However, just as much is due to poor cultural and interpersonal decisions. This news case highlights such a cultural factor.

Note that KT, while relatively recently privatized, is still a national corporation that is considered a critical national asset under the law (thus if the North attacks, KT towers are first priority to be protected by the South's military). So, it is not as if some rogue SME infected its users with malware; it's a national corporation infecting its users over and not even be sorry about it (as in the article).

Plenty of other comments detail the strange Active X requirement: The national law had dependency on Internet Explorer/Active X. (I do not know of any developed nation having a national legal dependency on a specific corporation's consumer technology at this scale.) Also, many comments on South Korea's purportedly great infrastructure (albeit two decades ago). There is more to this.

Interestingly, if you ask an average Korean, he would say Korea is literally the best nation in IT/internet technology, topping or at least on par with the US. The national propaganda effort that went into forming this collective conscious should not be understated. Even many of the top programmers in South Korea I met strongly believe in this superiority. I wonder if this strong sense of superiority is both (1) preventing SK from improving its actually-lagging tech and (2) act in Dostoevskian-Raskolnikov manners thinking that it is above the law and consensus ("the best can break the rules and set new ones"). Whatever the underlying reason may be, there is a serious techno-cultural issue going on in the country.

One of the biggest banks in South Korea blacklisted Amazon as a financial scammer because it's Prime subscription renews monthly and customers complained after seeing the renewal charge on their credit cards. The ban was national -- no customer of this bank could buy a product from Amazon unless he calls the bank personally and ask the charge to be approved. Again, the issue wasn't technical. It was cultural.

ken47
0 replies
3h37m

many of the top programmers in South Korea

Odd statement. How did you know that the people you met are "top programmers?"

Affric
0 replies
10h22m

lol, that is a scam though

kmeisthax
2 replies
12h52m

Hell Joseon strikes again.

For context, the legal situation of network usage in South Korea is something akin to Ajit Pai's wet dream. Network operators are legally empowered to charge troll tolls on both ends of any connection they want. Infrastructure costs are to be borne by literally anyone BUT the network operators.

To compound this, South Korea is economically an authoritarian hellscape. Large megacorporations[0] own everything and the government is just a clearinghouse and mediator for their interests. Corruption is so rampant that even administrations run by ardent anti-corruption activists wind up being toppled by rampant and widespread corruption.

I guarantee you that not one SK Telecom executive will spend time behind bars for this blatantly illegal conduct. Anyone with the power to put people behind bars in South Korea will be unmade if they touch a chaebol.

[0] These are specifically called chaebols and the group includes LG, Hyundai, Samsung, Lotte, and a few others. Japan used to have something similar, but they ate their rich... and then brutally invaded and colonized half of East Asia.

pezezin
0 replies
11h14m

[0] These are specifically called chaebols and the group includes LG, Hyundai, Samsung, Lotte, and a few others. Japan used to have something similar, but they ate their rich... and then brutally invaded and colonized half of East Asia.

More like the Allied occupation forced them to dissolve the zaibatsu. They later reformed as the keiretsu, and while still immensely powerful, are nowhere the level of the old zaibatsu or the Korean chaebol.

ken47
0 replies
3h44m

I guarantee you that not one SK Telecom executive will spend time behind bars for this blatantly illegal conduct.

I mean, you're assuming that an SK Telecom executive did something illegal. I don't think anyone here is a supporter of corruption, but you're making a huge, completely unjustified leap to say that an SK executive was involved.

poikroequ
1 replies
16h29m

The title is very clickbaity. These are not users downloading torrents in the normal sense. It's users that are using a specific piece of software that happens to utilize the BitTorrent protocol.

BillTthree
0 replies
2h25m

There is an enormous issue here. A service provider committed crimes against customers and their justification is the customers were using a protocol to exchange something. The service provider has no idea what the something exchanged was.

It's similar to arresting someone because they are speaking French. I don't speak French and I don't like people who speak French because sometimes French people say stuff I don't agree with. I don't know what they're saying but I hate it.

michaelmrose
0 replies
19h28m

Just charge them 250 a head for the equivalent for analysis and remediation should only cost about 150M usd plus about 10-20M to administer. Liquidate the executives holdings including stock then the companies assets and it will never ever happen again.

ken47
0 replies
3h31m

Reminds me a lot of the telecom situation in the US. There are lots of people who e.g. hate Comcast but basically have no choice in their area if they want broadband. Granted, a malware attack, is another level of terrible, but isn't it "interesting" how pseudo-monopolists seem to be resistant to meritocratic forces?

hsbauauvhabzb
0 replies
5h56m

How exactly was the malware deployed?

beeboobaa3
0 replies
7h22m

The judiciary actually ruled in favor of KT. It said that Webhard didn’t pay KT network usage fees for its peer-to-peer system and didn’t explain to its users how the Grid Service works in detail

Huh? The users are paying for their network, so they should be free to do with it as they wish. How is Webhard involved in this discussion? This is something the ISP may wish to discuss with its users, if the ISP feels the users are consuming more than they paid for.

Lockal
0 replies
5h6m

As a former resident of Russia, I'm not the least bit surprised. The practice of implementing parasitic scripts there began in 2014, and to date has been continued at the level of the largest provider as well as the monopoly owner of international channels (Rostelecom).

Good luck to the believers that someone there will be punished for this. For everyone else, switch to encrypted protocols.

Copenjin
0 replies
12h52m

Not best Korea anymore.