[SOLVED] I think I was hacked...

[Skeeter243]

I have a HDD plugged in via USB to my wireless router. My router is an Asus zenwifi AX. I noticed some of my pics missing off my HDD and then I noticed a text file. I scanned it with my virus scanner and decided to open it. It was titled "I was here and you should read this." This is what it said:

Learn to lock your external HD from the Internet.

You are lucky I am a semi-nice guy and not going to worse things.

Hugs and Kisses XOXO,

Your friendly neighborhood Grayhat

I thought it was locked from the internet? How did they access my HDD and how do I prevent it? Thankfully, everything they deleted was backed up on other physical drives so I didn't lose anything. I'm worried what else they have access to? For now I unplugged the HDD from the router but I'm not sure what I need to do.

 

[4745454b]

What steps have you taken? You might want to read an article or two about how to secure your wifi.

 

[Skeeter243]

My WIFI is password protected. It is a 20 digit randomized password of letters, numbers and special characters. The router has a cloud app that allows me to access the contents of the HDD which I have since deactivated that.

 

[Skeeter243]

I don't think my WIFI was hacked. I think they may have accessed it since I made it available through the AI Cloud app to access it remotely. From what I can tell from the date of when it appears the hack happened, no strange device accessed my WIFI.

 

[Skeeter243]

Don't mean to make so many posts in a row, but this was enabled on my router:

"Enables USB-attached storage devices to be accessed, streamed or shared through an Internet-connected PC or device."

I think this is how they gained access to the HDD and not through the WIFI network. This I believed happened Thursday but I don't check the storage often and just noticed it today.

 

[Flayed]

Keep your firmware updated regularly on the router

 

[bill001g]

Asus got in trouble a number of year back but that was because they shipped routers with fixed passwords. That is why I think the very first step now requires you to change the userid and password.

I forget if the aicloud still uses the main router admin id and password or if it uses a different one. I never allow this type of cloud thing. If you choose a bad userid and password you can always be hacked. It is always safer to not allow any remote access. These options do not get turned on by default you have to have configured it to allow access to the disk from the internet.

Unless you really need the feature I would not use the aicloud. Any data you store in the cloud you want to always encrypt on your machine and then upload it. That way all the encryption software and keys never leave your machine.

 

[Skeeter243]

Asus got in trouble a number of year back but that was because they shipped routers with fixed passwords. That is why I think the very first step now requires you to change the userid and password.

I forget if the aicloud still uses the main router admin id and password or if it uses a different one. I never allow this type of cloud thing. If you choose a bad userid and password you can always be hacked. It is always safer to not allow any remote access. These options do not get turned on by default you have to have configured it to allow access to the disk from the internet.

Unless you really need the feature I would not use the aicloud. Any data you store in the cloud you want to always encrypt on your machine and then upload it. That way all the encryption software and keys never leave your machine.

I did install the Aicloud on my phone. I do not need it so I deactivated it. The stuff saved on the HDD was not really personal information so I was comfortable having it in the cloud as I do have backups. My main concern was if they breach my network. I think they just got through to the HDD and it wasn't my neighbors or someone in the neighborhood accessing my network.

The password should be good. I use Bitwarden as my password manager and have them randomize my password for the maximum length allowable. I made sure the router password and network password were different. After doing a little searching, I found this thread https://linustechtips.com/topic/116...users-read-this/?tab=comments#comment-1562515 and it seems this a vulnerability with Asus so I disabled all the sharing features listed in the thread. I did change the WIFI password and router password just in case.

 

[Skeeter243]

Doing some more playing around in my router and noticed the Ai Cloud had a weblink specific for more router. I just wanted to try it and my anti-virus through up all kinds of warnings of the website being unsafe. Now that it's deactivated, the website doesn't work. I believe this is how they got into the HDD but I'm still nervous.

I scanned the HDD with my anti-virus to make sure they didn't place some malware on my system and HDD and everything checks out.

 

[nigelivey]

Don't mean to make so many posts in a row, but this was enabled on my router:

"Enables USB-attached storage devices to be accessed, streamed or shared through an Internet-connected PC or device."

I think this is how they gained access to the HDD and not through the WIFI network. This I believed happened Thursday but I don't check the storage often and just noticed it today.

accessed, streamed or shared through an Internet-connected PC or device.

Your app to access your shared HDD has punched a hole through your firewall and opened ports to enable file sharing off your HDD to the internet, how is this secured?

 

[Skeeter243]

accessed, streamed or shared through an Internet-connected PC or device.

Your app to access your shared HDD has punched a hole through your firewall and opened ports to enable file sharing off your HDD to the internet, how is this secured?

I had thought with the password but that appears not enough. Doing some reading and it seems it defaults to allow everyone access when you enable it. I disabled it now so I hope that is enough.

 

[4745454b]

Default is to allow everyone with read/write access? Wow.

 

[Skeeter243]

Default is to allow everyone with read/write access? Wow.

That's what I had seen others write. I believe I turned off all the options to access it remotely. It won't let me access it locally unless I put it to everyone. I don't mind if everyone has access on my local network. It asks for a password when I turn off access for everyone but it keeps saying the password is invalid.

 

[Skeeter243]

I'm not sure how to verify if my HDD is still accessible via internet. I believe I have everything turned off. I just want to be able to access on my network. I did a security check they have in the router app and it came up with this:

I can't seem to access the HDD unless I enable guest access. It doesn't accept my password. How do I make it where I can only access the HDD on my network?

 

[hang-the-9]

I'm not sure how to verify if my HDD is still accessible via internet. I believe I have everything turned off. I just want to be able to access on my network. I did a security check they have in the router app and it came up with this:

I can't seem to access the HDD unless I enable guest access. It doesn't accept my password. How do I make it where I can only access the HDD on my network?

That looks like the drive won't be accessible over the internet. For sharing over your network, that is configured in the router options. Mine is setup that you need to enter the router admin password to do any sort of work on it with the files over the network. I can play things from my TV from the hard drive but if I want to access on my PC, I need the admin password to the router setup page.