Your hard drive crashes – you turn to that expensive NAS you so wisely installed as a backup – and find it’s empty, wiped out by a malicious hacker. It’s happened. But it can’t, if your storage has an air gap around it.
Photographers need backup, and we need protection from malware. Those two goals seem to harmonize, but they can also conflict – in recent incidents, malicious hackers exploited the very storage devices people bought and set up to protect their content.
A nasty incident, covered by DPReview, was the Western Digital My Book wipeout. Many photographers found the remote accessibility of these storage servers useful. But, some suddenly found they’d been totally erased, remotely, by unknown hackers.
Another recent attack targeted NAS systems from QNAP, exploiting vulnerabilities in their software to nail them with ransomware. In this forum thread on DPReview a photographer describes the pain of getting hit. Pay $500 and you might get your photos back – but don’t count on it.
In the Western Digital case, an opening for attack was created by a combination of errors in the software, going back years. Security for web access had been inadvertently reduced in an update. And an internal “factory reset” command would have been password protected – but that protection had been deliberately disabled in the code, for unknown reasons. Someone found out about this command and used it.
The QNAP case allegedly involved a hard-coded back door user name and password, and possibly other malware, pre-loaded in the server’s factory-installed software (according to this writeup). A black eye for QNAP, pure gold for a hacker.
You choose these storage devices for backup because you think they’re safer than just a second hard drive on your PC – they’re separate boxes, designed for the purpose by people who know what they’re doing. They don’t run Windows, so even if malware gets to your PC, it probably can’t squirm from there into the proprietary software running on the NAS.
But your feeling of safety rests on a couple of shaky assumptions: one, that software for a dedicated storage server necessarily meets higher standards of quality and security; and two, that hackers are rational actors who won’t bother with low-value targets.
Storage products are created by technology companies no different from any others – they run out of money, and have turnover; mistakes are made and things go wrong. I wrote code in companies like these, even worked on a mass storage system once, and I know how it goes. Developers do their best, but eventually they’re redirected and that last bug – the real sleeper – is never found. Updates get done by newer guys who don’t understand the systems in detail, and are then pushed out to make revenue goals. Testing is scaled back. Newer products have priority. It’s like any other human endeavor.
The hacker community includes lonely, disconnected people who live to impress their peers with new and challenging exploits. And when you build a castle with flags flying over it, you also create a target for bad people to attack – maybe even with help from the inside.
Oh yeah: the cloud. Many dislike cloud backup, for a variety of reasons. It’s connected to the whole world, and while I haven’t heard of successful attacks on any of the big names, it’s possible – and if it happened you’d get nothing but a corporate apology. Mainly, it costs money, the terms can change, and it’s one more d@mn subscription and password. (And where is your password, by the way – surely not stored on your PC somewhere…? ) If your cloud storage is mounted in your local file system – like OneDrive – it’s accessible to ransomware that gains control of your PC. I found out that OneDrive was messing up my IPTC data, as I explain in this post. So yes, it might be more secure than a personal NAS – but I just don’t like it.
And everyone assumes Windows is the weak link – but it actually has some effective protection against ransomware built it. Microsoft doesn’t promote it, and it’s a bit tweaky to set up, but it’s soundly based on the principle of restricting access to selected folders, so that only those applications you approve can modify or delete files. This previous post has the details.
The term “air gap” might be older than the internet – maybe made up by some federal intelligence guy using ARPANET in the 70s. An “air gapped” computer isn’t physically connected to a network; an “air gapped” network isn’t connected to the internet. My own deep backup – for that rainy day I hope never comes, that Black Swan event that can’t happen, that hard drive crash at the worst possible time – is a USB SSD drive which I keep unplugged, sitting on my desk, connected only to air.
To get around an air gap, you need physical access and an administrative logon, and you have to be above suspicion – or at least be there when no one is around. In other words, you’re Ed Snowden. So – assuming you trust everyone in your household – an air gap should let you sleep soundly.