Hacked

Last week my internet provider emailed to say 80% of my monthly data allowance had been used in just a few days.  They said it was all from ‘uploads’.  By process of elimination, I switched off all devices from my home network one by one and the uploading stopped as soon as I disconnected my Mybook Live from my wireless router.  

I am now wanting to reconnect the MYbook Live but I want to do so safely.  I have changed the admin password.  I can’t see anything in the user manual about keeping your data safe when using MyCloud.  It’s like the user manual seems to take it for granted that it is secure. But my experience shows it’s not always secure.

Are there any additional steps I can take to prevent another hacking incident?

thanks

Jaime

How do you have the My Book Live set up on your router?  Are you using DMZ, port forwarding, SSH, FTP?

Hi Bill

Thanks for your messge.

I’m a home/private user, so it is just plugged into my router, as per the set up instructions on the side of the box, and then I downloaded the recommended software for linking the drive to the devices on my home network (which consists of an old HP laptop, a MacBook, a couple iphones and an ipad.)  There is also a samsung smart TV and another laptop (from my work) which connect to my home network, but I never connected the WD Mybook to either of those items.

I checked the HP laptop and Windows Firewall seemed to be running okay.

I ran malware bytes on this old HP laptop and it showed a few things being quarantined, so maybe that could have been the problem.

But to answer your question, no I have not set up a DMZ, or port forwarding.  I am not conscious of using any SSH or FTP - except occasionally via web clouds such as Microsoft Onedrive, i-cloud, and very occasionally “dropbox” or its successor, I forget the name.  (Sorry if those items don’t actually count as SSH or FTP, I’m not sure if that’s the correct context).

At first I thought the hacker might have gained access through my using the WD Photos app on my iphone.  But the more I think of it, I wonder if it isn’t more likely the hacker got through the windows firewall on my old HP Laptop, in which case I will just stop using that old laptop.

thanks again if you can help.

Jaime

Jaime_Bridle wrote:

…I downloaded the recommended software for linking the drive to the devices on my home network (which consists of an old HP laptop, a MacBook, a couple iphones and an ipad.) 

If the My Book Live is connected via RELAY, and your devices above were using the My Cloud connections, it’s possible they were consuming your internet bandwidth, depending on where your ISP measures the data.

If your iPhones were connecting via Cellular, then that would of course count for data usage…

The only avenue the WD uses for connections is an internal web server process for the remote applications.

It’s possible to modify the apache configuration and track the logs of data usage.

1 Like

In asking the previous questions, I was looking for potential points of entry.  Bits of malware are never just bits of malware.  That junk can slow your pc down and give access to it.  If it’s quarantined then good.  But I would regularly run a virus scan (once a week should do) to make sure that you’re not collecting other malware/viruses. 

I would also go through your Programs in Control Panel and make sure that you don’t have something installed that could be causing you problems.  That doesn’t mean you just arbitrarily start uninstalling.  So, you may need to Google search program names in order to find out what they belong to.

If what you’re concerned about is the overall performance of your pc’s as you use the device, then you need to consider what Tony is saying.  Also, if you’re using the WD My Cloud app on your home network, which is fine, you should consider just using shares to access media on the My Cloud.  With the app, you’re essentially going out and back into your network, when you don’t need to.

1 Like

Hi Bill and Tony

Thanks for both your messages.

I didn’t understand all of it, but I think I understood most of it! :smiley:

I don’t run any web servers.

I’m not sure what a relay connection is but I definitely do not use the MY CLOUD app in my home network and only very occasionally used the mobile apps when out and about.

Given everything you have said, my best conclusion is that having the My Book connected to my router, and using the mobile apps, are not risks to hacking in themselves, and should be safe in the future.  

My best conclusion is that some third party must have been using my My Book device as a server, as they uploaded over 30GB in a couple days, while I was away for the weekend.   The uploading stopped as soon as I disconnected the My Book.   Access must have been through that old HP laptop, so I will stop using it in future, or run virus checks if I ever do need to use it.

Thanks again, I appreciate your help.

Jaime

You’re not running the web server Tony is referring to.  When users are accessing their My Book Lives or My Clouds from outside their home network, they are usually using our remote servers to do the accessing.  That’s what Tony is talking about. 

I added that if you are using the My Cloud Desktop app to access your My Book Live from inside your network, you are going out over the internet, and then back into your network from our servers.  It’s not bad, but it can slow things down depending on your internet speed.  That’s why I was saying that it would be better to just map your shares to access your data on the My Book Live within your network. 

Unfortunately, I’m not sure what you mean by uploading when the drive is connected to your network. One of our agents would have to take a look at that to know for sure.

Hi Bill

Thanks for your additional message and for clarifying Tony’s comment.  

My comment on the uploading was a reference to my original problem:

For my home internet broadband package, I have a monthly allownance of 30GB.  Three days into the new monthly allowance, I received an email from my ISP sayinag 80% of my monthly allowance had been used up.  Then the next day, another email saying 90% and by the time I got through the ISP call centre, it was 100%.

The ISP could monitor my data usage based on downloading, and uploading.  They reported that my monthly allowance had been used up as a result of steady uploading of significant amounts of data over the previous few days.

I don’t use any games and don’t do any internet activity that involves uploading significant amounts of data.  On the advice of the ISP, I disconnected devices from my router, one at a time, to see when the uploading stopped.  As soon as I disconnected the MyBook Live from the router, the uploading stopped.

So this suggested some third party using my home network for some unknown purpose.  Sure enough, a malware scan of an old laptop I had on, showed some items being quarantined.  But the MyBook Live seemed to have an association with the ‘theft’ of my monthly data allowance, since the problem stopped as soon as I disconnected it from the router.

I really like my MyBook Live, it makes my home network really functional for storing media all in one place.  So based on your previous messages, I have concluded that the weak point into my network was probably through my laptop and not throught the MyBook LIve hardward or related software.

Thanks again for your helpful advice.

Jaime

You wouldn’t by any chance be doing any bit torrent downloading would you?  Cause you have to let your pc be used to upload as well.  Thems the rules.

Ha ha, no! There is a local DVD shop that should have gone out of business years ago but I keep it going!

:smiley:

[Mod - Original subject: MyBook LIve attacked again]

Sorry for the subject header but I don’t know how else to describe the situation.

Once again, my home network appears to have been compromised, with my monthly data allowance disappearing through the night.  My ISP reports that there is significant upload activity, hundreds of MB per hour, constant over the past few days.  

Just like the last time a couple weeks ago, the problem stops instantly when I disconnect MyBook Live from my home router.

Has anyone else experienced this problem, either with WD or other external hard drives? I don’t assume the problem is specific to WD products, but I don’t know appropriate search terms to try and find a general solution just using google.

In my mind, an important factor is the steady ongoing uploading overnight when all other devices (1 lenovo thinkpad, 1 macbook pro, iphone and ipad, apple TV device and smart tv) are all switched off.

The only device on my home network that is linked to the MyBook Live is the macbook pro. (I have not configured any connection between the MyBook Live and the lenovo laptop).  A couple days ago I realised that the macbook firewall was not turned on, so I have now turned it on.  But perhaps the hacker accessed the Mybook Live via the macbook pro, before the firewall was turned on, and maybe that’s all it takes for the hacker to have continuous access to the Mybook Live throughout the night even when the macbook is switched off. I’m just theorising. Is that a plausible theory?

thanks in advance if anyone has any suggestions.

Jaime

please disregard, I think it may be something else.  My ISP did say that the uploading stopped as soon as I unplugged the Mybook live, but when I investigated further, it seems that was not strictly the case.  Thanks again for the previous advice

Jaime