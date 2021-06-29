'Malicious' Actor Is Wiping The Data Of Countless Western Digital My Book Users
Owners of the Western Digital popular My Book external hard drives aren't having a particularly good week. The company is advising customers to stop using the devices for now after customers mysteriously found their data deleted. According to complaints over at the company's website (first spotted by Bleeping Computer), many users say they woke up to find that the content of their external USB-connected storage drives had been completely wiped. Worse, they couldn't log in to the device's administrative systems to run any kind of diagnosis on the drives:
"I have a WD mybook live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity.
The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck. There seems to be no change to retrieve or reset password on this landing page either."
The problem appears to have begun at around 3PM on June 23, at which point these devices started receiving a remote command to perform a factory reset. This appears to still be happening on a staggered basis. The Western Digital announcement sent out to customers suggests that a malicious actor has found a way to compromise the devices, and is deleting data for their own amusement:
"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."
There's been absolutely no indication given of when customers can expect a fix. Western Digital stopped supporting the My Book Live in 2015 for cost reasons, leaving millions of devices with dated firmware and vulnerabilities. According to user threads at the company's website, some Western Digital MyDrive users who say they disabled all cloud functionality to protect themselves, say their data was wiped anyway. Since much of this data is encrypted, recovering it may prove to be a long shot, meaning that many users who thought they were being smart by backing up their essential files, will have likely lost everything permanently.
It's not that hard for an everyday consumer -- inundated with an endless sea of obligations -- to miss the handful of notifications (if they even existed) that their devices are now neither supported nor secure. Given the millions of shitily-secured network routers and IOT devices that are being connected annually, the scope of the problem (and our collective apathy to it) really can't be overstated. If you know somebody who uses this hardware for backups and storage, you might want to give them a nudge.
#1
NEVER depend on tech.
If you want to be careful, 3 Copies and at least 1 NOT on the computer and NOT on the net.
Part of the failure is that WD stopped supporting the device in 2015. They still worked, so many kept it up, but DIDNT turn off updates.
[ reply to this | link to this | view in chronology ]
Re: #1
As to 3 copies, let me amplify thusly:
Just about the first thing a PFY learns from the BOFH - Grandfather, Father, & Son. Not three copies of one thing, but three generations of copies of everything. Which means, three separate devices, rotating between them each backup period. For most users, once a week is probably enough. Highly critical data, once a day/night. I've even seen one case where it was twice daily! Applying that same scheme to differential backups (with a master copy) is also an acceptable practice.
I'm not so paranoid as to disconnect my laptop from the web when backing up, but I do remove the current generation device whenever I'm not backing up - I've made mistakes and set myself back (and wasted time recovering stuff) more than once, I don't need internet clowns to help me on that score.
And if you attach a really high value to your data, optical media every so often is also de rigueur. Spinning rust can surprise you in an entirely unacceptable manner, trust me on that one.
[ reply to this | link to this | view in chronology ]
2 things
Two notes... first, it's the MyBook Live, the one that is network attached, not the regular MyBook that attaches directly to a computer.
Second, they were originally saying it was an old, fixed bug and people are SOL, but now it has been revealed that it is also a new 0-day.
https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devic es/
2 things
Re: 2 things
"In the aptly named system_factory_restore script in the My Book Live's firmware, the authentication checks were commented out, making it possible for anyone with access to the device to perform a factory reset."
No one would ever do this, so just comment out these lines so we get less support calls...
[ reply to this | link to this | view in chronology ]
Cheap local storage is cheap!
I feel for everyone who lost their stuff, and perhaps I'm just naive, but with the seemingly ever shrinking cost of storage I have never been able to find a downside to backing up all of my stuff to an external drive that is intentionally only local, and never sees the internet. I assume that there are many, many cases in which this might not be practical, but speaking personally, not having my backup drive ever connected to a network is comforting.
[ reply to this | link to this | view in chronology ]
Re: Re: Cheap local storage is cheap!
Drive, heck! All you need is the storage medium.
For instance, I still have the 50 5.25" floppies I backed up my first 10MB hard disk onto...
[ reply to this | link to this | view in chronology ]
Re: Re: Cheap local storage is cheap!
I've been lax (OK, lazy) about backing up the files on my external drives, but I burn stuff to data DVDs. I've heard all the arguments about bit-rot on burnable discs, but I still have CDRs I burned 20+ years ago that work 100% (I burn a checksum file to each disc). All the DVDs I've burned also work. Occasionally I get a bad burn that won't verify, or a disc burned on a different system doesn't want to read on my internal drive, but they always work on some drive.
People laugh and tell me that hard drives are so cheap that I should just be buying another drive to back the stuff up to. When they tell me this, I tell them about my 2TB Seagate drive that died almost exactly a year after a bought it. Or my 1TB Seagate drive that now refuses to read some of the files on it, even though Windows claims that it's healthy.
Sure, I could buy multiple drives and make multiple copies, but the price of even old external drives never seems to drop below $80 or so and believe it or not, there are some people in the world who can't afford to just drop $80-200 on tech that may just die on them and need to be replaced with another drive a few years down the road. Larger drives are cheaper. My friend had a 4TB drive that he loved, right up until it failed and took all his files with it.
[ reply to this | link to this | view in chronology ]
Re: Cheap local storage is cheap!
The problem is this device was marketed at people who are technically literate enough to know about one or both:
1) that backups are good;
2) that they want to be able to remotely access, or share with others, their family photos etc.
But they aren't technically literate enough to understand backups or exposing their stuff on the Internet. Ye Olde "A little knowledge is dangerous" situation.
[ reply to this | link to this | view in chronology ]
Malicious Actor?
Like Scott Baio or Ricky Schroder?
Or they just bad actors and horrible people?
Re: Re: Malicious Actor?

No that asshole they cut out of Home Alone 2 I think.
Re: Malicious Actor?
Perhaps you mean Bojana Novakovic, Molly Ringwald or Laura Antonelli ?
[ reply to this | link to this | view in chronology ]
Re: Re: Malicious Actor?
No that asshole they cut out of Home Alone 2 I think.
[ reply to this | link to this | view in chronology ]
If there was only a copy on the MyBook, it was not a backup, but the primary copy. Also, keep an offline copy of critical files, preferably off site.
Add Your Comment
Helpful hacker says...
"Previously the 2T volume was almost full but now it shows full capacity. "
"No charge for cleaning out that crap you never use anyway. Now, you have 2T of possibilities!"
Add A Reply
Re: Helpful hacker says...
Ahh yes, the BOFH solution to complaints about running out of storage.
Re: #1
My sideways view of reality sees another option no one has considered.
What if the 0 Day was released by a grey hat hacker?
They tried to warn WD & got the standard corporate speak for not our problem.
So there is a large botnet all run on boxen that the maker refuses to help owners secure.
There is a battle between various groups trying to have the most boxen at their command.
The Botnets do horrible things and make the internet a worse place.
But I can send this command to the boxens that tell me they are a WD box & end the botnet permanently.
WD gets a well deserved black eye for creating something so insecure & not just putting out a warning the boxes can be compromised (this isn't the first vuln they knew about) so take them off the net.
The fact they had the steps already programmed that would have made this much harder to pull off, and commented it out boggles the mind.
It's not a nice thing to do but sometimes big problems need solutions that cause pain.
Something something sociopath...
2 things
