Western Digital: Disconnect WD My Book Live External HDDs From the Internet Immediately

[Bill_Bright]

Not if uPnP was used, then the device opened the port itself, possibly without the user even knowing it was happening.

Just another reason to make sure UPnP is disabled. Sadly, some routers have that enabled by default which makes no sense to me.

 

[R-T-B]

Hmm. I wonder if this is related to Chia farming.

Not in the slightest.

 

[MikeSnow]

Not in the slightest.

Well, I could see some "farmers" storing their plots on them, if they could take control. But if you are so sure it's not that, what is the reason this is happening?

 

[R-T-B]

Well, I could see some "farmers" storing their plots on them, if they could take control. But if you are so sure it's not that, what is the reason this is happening?

Look at the CVE posted earlier in this thread. It happens because these drives are swiss cheese.

Also, you don't farm Chia by blanking drive.

 

[MikeSnow]

Look at the CVE posted earlier in this thread. It happens because these drives are swiss cheese.

Also, you don't farm Chia by blanking drive.

The CVE explains, at most, the "how". Not the "why". Also, blanking the drive could be the first step before storing plots there.

 

[R-T-B]

Not the "why".

Why does anyone do anything nefarious? The answer is: They do, logic be damned.

Also, blanking the drive could be the first step before storing plots there.

Without evidence this is quite the leap of logic. If I was doing that, I would use an encrypted container or something to hide what was happening.

The command log shows nothing but a reset command being issued.

 

[Chomiq]

Turns out it was 0-day attack:

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices [Updated]

Western Digital removed code that would have prevented the wiping of petabytes of data.

arstechnica.com

You just can't beat commenting out your own authentication features:

function post($urlPath, $queryParams = null, $ouputFormat = 'xml') {
// if(!authenticateAsOwner($queryParams))
// {
// header("HTTP/1.0 401 Unauthorized");
// return;
// }

 

[newtekie1]

Without evidence this is quite the leap of logic. If I was doing that, I would use an encrypted container or something to hide what was happening.

The command log shows nothing but a reset command being issued.

Yeah, people are probably going to notice that their data is now just gone long before the blanked drive becomes useful for Chia. If they wanted to use it for Chia they would have just used the free space and left the data intact so the owner of the drive doesn't have a massively obvious flag that something is wrong.

 

[Bill_Bright]

I have to say, I am impressed with WD's actions when it comes to taking care of those affected.

Update 6/29/2021, 9:00 PM: Western Digital has published an update that says the company will provide data recovery services starting early next month. My Book Live customers will also be eligible for a trade-in program so they can upgrade to My Cloud devices. A spokeswoman said the data recovery service will be free of charge.

That's above and beyond what they have to do. It is the right thing to do but we all know many companies don't care about what is right.

 

[MikeSnow]

Yeah, people are probably going to notice that their data is now just gone long before the blanked drive becomes useful for Chia. If they wanted to use it for Chia they would have just used the free space and left the data intact so the owner of the drive doesn't have a massively obvious flag that something is wrong.

On the other hand, if people don't notice their device was wiped and don't take it offline after a day or two, it would be an indication to the hacker that they can safely store Chia plots there for a while, over the entire disk space, without fear of losing them soon.

Regardless, according to that Ars Technica article it seems the actual reason was rival hacking groups trying to steal control from each other, so it was a hack wiping another hack, and indeed most likely not Chia related.

 

[lexluthermiester]

On the other hand, if people don't notice their device was wiped and don't take it offline after a day or two, it would be an indication to the hacker that they can safely store Chia plots there for a while, over the entire disk space, without fear of losing them soon.

And if they got caught, that would be an instant set of felonies, federal if they crossed state/national lines. Not a mistake you want to make.

 

[MikeSnow]

And if they got caught, that would be an instant set of felonies, federal if they crossed state/national lines. Not a mistake you want to make.

I'm guessing even just erasing the drives, without storing anything on them, would still be a felony. And obviously some people still made that "mistake". Most likely they live in jurisdictions where they couldn't care less about US laws.

 

[lexluthermiester]

I'm guessing even just erasing the drives, without storing anything on them, would still be a felony.

Correct. Accessing someones technology, without their expressed permission, is a felony regardless of whether or not you alter anything. It becomes an enhanced offense if it can be proved that any level of malice is involved on behalf of the offender.

Most likely they live in jurisdictions where they couldn't care less about US laws.

Perhaps. But should they be identified they will put on a no-fly/no-entry list which means they will not be able to enter the country and if they find themselve here they will be unable to use many forms of public transportation.