Hackers Are Erasing Western Digital Hard Drives Remotely

An array of ATMs and point-of-sale terminals can be hacked with a wave of your phone, according to research released this week about vulnerabilities in near-field communication card readers. And flaws in a well-intentioned Dell firmware update mechanism left 128 recent, popular PC models, including high-end devices with extra security protections, vulnerable to attack. 

This week, French authorities indicted four former executives of the surveillance firm Nexa Technologies (previously Amesys) for allegedly being complicit in torture and war crimes. The charges are the result of the company allegedly selling spyware to authoritarian regimes in Libya between 2007 and 2014.

Meanwhile, notorious antivirus pioneer John McAfee died in prison, reportedly by suicide, outside Barcelona on Wednesday after a Spanish court ruled that he could be extradited to the United States to face tax evasion charges. And a United States takedown of Iranian media sites raises important questions about global free speech precedents.

If you’ve been feeling Amazon breathing down your neck lately, take some time this weekend to remind yourself about the diverse array of data the company collects on its users and consider options to protect your own information.

And the Pentagon finally released its long-anticipated report on UFOs. It’s important for what it says—and what it doesn’t.

And there’s more. Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.

The whole point of using a network-attached storage device is to have a hard drive where you can back up important data and then access the files over the internet while you’re out and about. But unknown hackers are turning Western Digital My Book NAS hard drives into nightmare backup tools by compromising users’ devices and then deleting all the data from them. The My Books are controlled by an app, WD My Book Live, which allows customers to access their data remotely and manage their NAS. But users worldwide are reporting that their devices have been hijacked and wiped. When they attempt to log in and gain access, the remote management dashboard says “Invalid password.” Western Digital told Bleeping Computer in a statement that it is actively investigating the situation. So far, though, victims who have lost data are simply out of luck. The devices in question are at least six years old and received their most recent firmware update in 2015. “Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device,” the company said. “At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device.”

Seven months ago, former president Donald Trump fired-by-tweet the last director of the Cybersecurity and Infrastructure Security Agency, Chris Krebs, for agreeing with intelligence agencies’ conclusion that the 2020 election had been secure against foreign meddling. Since then, Krebs has yet to be replaced—even as the United States has faced some of the worst cyberattacks on government agencies and critical infrastructure in history, including the SolarWinds intrusions, the mass compromise of Exchange servers by China’s Hafnium hackers, and the ransomware attack on the Colonial Pipeline. And yet this week US Senator Rick Scott (R-Florida) announced that he would block the appointment of a new CISA director, the eminently qualified Jen Easterly, until Vice President Kamala Harris visits the southern border—delaying the appointment until after the Senate’s summer recess. Fellow officials and cybersecurity practitioners, appalled by the highly politicized delay to a critical post for US national security, spoke out on Twitter. “The cyberthreat facing America is too real and too immediate to be using the nomination of one of the most important cyberofficials as a hostage to an unrelated policy matter,” Senator Angus King (I-Maine) said in a statement. “This is a spectacular dereliction of duty by Sen. Scott,” tweeted former Facebook CSO Alex Stamos. “Have a great summer!”

Cryptocurrency exchange Binance announced this week that it had worked with law enforcement to help trace cryptocurrency used in the operations of the Cl0p ransomware gang, six of whom were arrested by the Ukrainian police in Kyiv last week. According to Binance, the ransomware operators were also running their own money-laundering-focused cryptocurrency exchange, helping to cash out the criminal proceeds of Cl0p’s hacking operations as well as those of other groups. In total, the Cl0p gang laundered no less than half a billion dollars, according to Binance and two blockchain analysis firms it worked with, TRM Labs and Crystal. In fact, the six operators arrested last week may represent the money laundering component of Cl0p’s operations more than its actual hacking team. Despite last week’s arrests, Cl0p added a new company to its ransomware victim list on Tuesday of this week.

Amazon Web Services announced on Friday that it has acquired the end-to-end encrypted chat app Wickr. The service offers secure communication and collaboration for individual users as well as companies, governments, and military customers. Wickr had raised close to $60 million in funding since its founding in 2012. AWS says it will continue to operate Wickr in its current form and offer the platform to AWS customers. “This gives security conscious enterprises and government agencies the ability to implement important governance and security controls to help them meet their compliance requirements,” AWS vice president and chief information security officer Stephen Schmidt wrote on Friday.


More Great WIRED Stories