User Tag List

Results 1 to 14 of 14
  1. #1
    Join Date
    Apr 2001
    Location
    Florida/New York
    Posts
    21,817
    Thanks (Given)
    965
    Thanks (Received)
    1561
    Likes (Given)
    2932
    Likes (Received)
    5520
    Mentioned
    2 Post(s)
    Tagged
    3 Thread(s)

    Lost 2 terabytes of data - POOF!

    In my entire nerd life I never had any computer or device compromised in any way, and I am always extremely strict about keeping my home network secure since I rely on it every day. Well, well, well, that wasn't enough this time. I woke up to find out that my network attached storage drives were all wiped out completely. I just sat at the desk looking at my computer screen for 10 minutes in total shock. And I am evidently joined by potentially millions of other users that use a specific NAS by Western Digital, as this attack struck all of those drives in a single day, wiping all of them of all data. In my case, that was over 2 terabytes of photos dating back 15 years.

    Fortunately, I am also strict about keeping backups, so I have the data safe, but this network drive is mirrored, which provides redundancy in case there is a failure. I have this drive disconnected from the internet, and it's behind a firewall, and yet this worldwide attack found a way to remotely send an SSH script through to execute a factory restore on the device. None of my computers on the network was compromised, and Western Digital does not know yet how this happened.

    So, if anybody here is using a Western Digital Network Attached Storage device, disconnect it immediately. This attack occurred yesterday worldwide between 3:00PM ET and 4:00PM ET.

    It's going to be a long night


    Facebook | YouTube | Vintage Outboard Catalogs
    Photo prints available of your boat - click here


  2. Thanks David - WI thanked for this post
    Likes Dave Strong liked this post
  3. #2
    Join Date
    Oct 2001
    Location
    NE Louisiana
    Posts
    23,506
    Thanks (Given)
    290
    Thanks (Received)
    1200
    Likes (Given)
    18390
    Likes (Received)
    14420
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Holy cow!!! I do use external WD drives... But I cut off my router when I am not on.

    That is nuts, WTF? Hope you have a back up!

  4. #3
    Join Date
    Jul 2006
    Location
    Wisconsin
    Posts
    5,320
    Thanks (Given)
    1000
    Thanks (Received)
    763
    Likes (Given)
    9057
    Likes (Received)
    5971
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I have a MyBookLive online at the shop... went to work last night after I read this and unplugged the LAN cable... the computer was off but the LAN light was flashing (and nobody but me has access to it) so I figured the worst but this morning everything is still there. I shut down the drive.

    Thanks for the warning!

  5. #4
    Join Date
    Jun 2007
    Location
    Singapore/Melbourne/Italy
    Posts
    9,097
    Thanks (Given)
    1008
    Thanks (Received)
    354
    Likes (Given)
    4297
    Likes (Received)
    1953
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Scream And Fly View Post
    In my entire nerd life I never had any computer or device compromised in any way, and I am always extremely strict about keeping my home network secure since I rely on it every day. Well, well, well, that wasn't enough this time. I woke up to find out that my network attached storage drives were all wiped out completely. I just sat at the desk looking at my computer screen for 10 minutes in total shock. And I am evidently joined by potentially millions of other users that use a specific NAS by Western Digital, as this attack struck all of those drives in a single day, wiping all of them of all data. In my case, that was over 2 terabytes of photos dating back 15 years.

    Fortunately, I am also strict about keeping backups, so I have the data safe, but this network drive is mirrored, which provides redundancy in case there is a failure. I have this drive disconnected from the internet, and it's behind a firewall, and yet this worldwide attack found a way to remotely send an SSH script through to execute a factory restore on the device. None of my computers on the network was compromised, and Western Digital does not know yet how this happened.

    So, if anybody here is using a Western Digital Network Attached Storage device, disconnect it immediately. This attach occurred yesterday worldwide between 3:00PM ET and 4:00PM ET.

    It's going to be a long night

    was the data just deleted as in headers or can you recover the data on the disks with some recovery software?

  6. #5
    Join Date
    Jul 2006
    Location
    Wisconsin
    Posts
    5,320
    Thanks (Given)
    1000
    Thanks (Received)
    763
    Likes (Given)
    9057
    Likes (Received)
    5971
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

  7. #6
    Join Date
    Aug 2007
    Location
    Ft. Lauderdale, Fl
    Posts
    12,397
    Thanks (Given)
    13
    Thanks (Received)
    342
    Likes (Given)
    18
    Likes (Received)
    2872
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I assume this only affects the NAS devices and not the hard drives in a PC or external hard drives hooked up through the USB port, otherwise they would mention it.
    "One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors". Plato .

  8. #7
    Join Date
    Aug 2007
    Location
    Ft. Lauderdale, Fl
    Posts
    12,397
    Thanks (Given)
    13
    Thanks (Received)
    342
    Likes (Given)
    18
    Likes (Received)
    2872
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by powerabout View Post
    was the data just deleted as in headers or can you recover the data on the disks with some recovery software?
    A factory reset basically formats the drive, it would be costly to recover any encrypted data though. There is software out there you can buy to recover data from hard drives, just pull the drives from the NAS device and hook them up to a PC with the software.
    "One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors". Plato .

  9. #8
    Join Date
    Aug 2007
    Location
    Ft. Lauderdale, Fl
    Posts
    12,397
    Thanks (Given)
    13
    Thanks (Received)
    342
    Likes (Given)
    18
    Likes (Received)
    2872
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Scream And Fly View Post
    In my entire nerd life I never had any computer or device compromised in any way, and I am always extremely strict about keeping my home network secure since I rely on it every day. Well, well, well, that wasn't enough this time. I woke up to find out that my network attached storage drives were all wiped out completely. I just sat at the desk looking at my computer screen for 10 minutes in total shock. And I am evidently joined by potentially millions of other users that use a specific NAS by Western Digital, as this attack struck all of those drives in a single day, wiping all of them of all data. In my case, that was over 2 terabytes of photos dating back 15 years.

    Fortunately, I am also strict about keeping backups, so I have the data safe, but this network drive is mirrored, which provides redundancy in case there is a failure. I have this drive disconnected from the internet, and it's behind a firewall, and yet this worldwide attack found a way to remotely send an SSH script through to execute a factory restore on the device. None of my computers on the network was compromised, and Western Digital does not know yet how this happened.

    So, if anybody here is using a Western Digital Network Attached Storage device, disconnect it immediately. This attach occurred yesterday worldwide between 3:00PM ET and 4:00PM ET.

    It's going to be a long night
    I would be Leary using that NAS again, the possibility of them planting a trojan in it at the same time is high.
    "One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors". Plato .

  10. Likes powerabout liked this post
  11. #9
    Join Date
    Jun 2007
    Location
    Singapore/Melbourne/Italy
    Posts
    9,097
    Thanks (Given)
    1008
    Thanks (Received)
    354
    Likes (Given)
    4297
    Likes (Received)
    1953
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by flabum1017 View Post
    A factory reset basically formats the drive, it would be costly to recover any encrypted data though. There is software out there you can buy to recover data from hard drives, just pull the drives from the NAS device and hook them up to a PC with the software.
    still depends on what type of format, the only way to ensure its all gone is to write over with a huge file, thats slow so my bet is the data is still there?

  12. #10
    Join Date
    Aug 2007
    Location
    Ft. Lauderdale, Fl
    Posts
    12,397
    Thanks (Given)
    13
    Thanks (Received)
    342
    Likes (Given)
    18
    Likes (Received)
    2872
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by powerabout View Post
    still depends on what type of format, the only way to ensure its all gone is to write over with a huge file, thats slow so my bet is the data is still there?
    5 passes of zeros.........
    "One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors". Plato .

  13. Thanks powerabout thanked for this post
  14. #11
    Join Date
    Jul 2006
    Location
    Wisconsin
    Posts
    5,320
    Thanks (Given)
    1000
    Thanks (Received)
    763
    Likes (Given)
    9057
    Likes (Received)
    5971
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Western Digital

    Our records indicate that you registered a My Book Live or My Book Live Duo device. To protect your data on the device from ongoing attacks, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet and access your data locally by following these instructions on our Knowledge Base.

    Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

    Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning.

    We understand your data is very important. Some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.

    We are continuing our investigation and will post the latest information about this incident on our Product Security Portal. For further assistance, you can contact our Customer Support team.

  15. #12
    Join Date
    Jul 2006
    Location
    Wisconsin
    Posts
    5,320
    Thanks (Given)
    1000
    Thanks (Received)
    763
    Likes (Given)
    9057
    Likes (Received)
    5971
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Data recovery services

    Western Digital has an important announcement for registered My Book Live or My Book Live Duo customers.

    Immediately disconnect your My Book Live device from the Internet to protect your data from ongoing attacks. You can disconnect the device and continue to access your data locally by following these instructions on our Knowledge Base.

    Some My Book Live devices connected to the Internet are being compromised by attackers and in some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

    We are here to help. Although this product family is no longer sold or supported by Western Digital, we know some of our customers have been impacted and we want to help. If you have lost your data as a result of these attacks, we will provide data recovery services which will be available beginning in July.

    We know how important your data is to you and are committed to helping you protect it. We are launching a trade-in program that will allow you to upgrade from your My Book Live to one of our supported My Cloud devices.

    We will provide details about how to take advantage of these programs in a separate email.

    In case you are concerned about other products and services from Western Digital, our investigation of this incident has not found any evidence that our cloud services, firmware update servers, or customer credentials were compromised. The vulnerabilities being exploited are limited to the My Book Live devices, which were introduced to the market in 2010 and received a final firmware update in 2015. These vulnerabilities do not affect our current My Cloud product family.

    The latest information about this incident will be available on our Product Security Portal. If you need any additional help, please contact our Customer Support team.

  16. #13
    Join Date
    Jun 2007
    Location
    Singapore/Melbourne/Italy
    Posts
    9,097
    Thanks (Given)
    1008
    Thanks (Received)
    354
    Likes (Given)
    4297
    Likes (Received)
    1953
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    I have one too, never registered it and dont have a port to allow internet access.
    Makes me think with the current trend that everything you have has to get registered online is just a gift to hackers.

  17. #14
    Join Date
    Jul 2006
    Location
    Wisconsin
    Posts
    5,320
    Thanks (Given)
    1000
    Thanks (Received)
    763
    Likes (Given)
    9057
    Likes (Received)
    5971
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hello My Book™ Live/My Book Live Duo Customer,

    If you are a My Book Live or My Book Live Duo customer, we are offering the following limited time offer:

    Trade-In Offer:
    Western Digital is offering current registered My Book Live or My Book Live Duo customers a trade-in discount of 40% off a select new My Cloud™ Home personal cloud storage or My Cloud EX2 Ultra 2-bay network attached storage device. For more information regarding the trade-in offer for eligible devices, please visit My Book Live and My Book Live Duo: Trade-In Offer.

    Additionally, if you are a My Book Live or My Book Live Duo customer that has lost data as result of the recent security incident, we are here to help you by offering the following service.

    Data Recovery Service (“DRS”) Offer:
    Western Digital will help to recover your data using the data recovery services provided by a Western Digital-selected vendor. Western Digital will cover all the costs of shipment of the qualifying product to the DRS vendor and for the DRS. Recovered data, if any, will then be sent to you on one or more My Passport™ portable hard drives. For a list of qualifying products and eligibility requirements, please visit My Book Live and My Book Live Duo: Data Recovery Offer.

    At Western Digital, we strive to continually improve our products and customer experiences. To take advantage of either of these services, or if you have any questions, please contact our Western Digital Support Team.

    Sincerely,
    Western Digital

  18. Likes Forkin' Crazy liked this post

Similar Threads

  1. Poof ....
    By Chaz in forum Computer and Forum Support
    Replies: 3
    Last Post: 09-07-2016, 08:52 PM
  2. Replies: 0
    Last Post: 04-07-2011, 07:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Chris Carson's Marine