I'd second that uPNP is the cause. If it wasn't negotiated between the NAS and the router then there would be no open tcp port 20/21 through which the Chinese script kiddie could attempt hacking (unless you've inadvertently manually opened those ports and forwarded them on to the NAS's LAN IP).