2020 was a big year for the CyberNews Investigation team. We dove deep into a wide range of topics affecting every consumers and businesses, including a popular PayPal scam involving Facebook and the 73-year-old that man that beat the scammers, our discovery of hidden backdoors in affordable routers, uncovering a shady app developer network, hijacking printers, and hacking (with permission) three journalists from the UK’s Daily Mail.
Even better than the investigations was the reception we got from readers like you who gave personal accounts of their own stories, asked critical questions, and helped us spread the news to raise awareness of these important issues. So let’s look at the 7 investigations our readers loved the most for 2020.
#1 The boomer that beat the scammers
If all had gone well, the scammers that tried to steal 73-year-old John Richards’ money would’ve gotten away with £3,450 (about $4,670). But, with some help from his bank Metro bank and his own intuition, Richards was able to turn the tables on the scammers and take £1,380 ($1,860) from the scammers instead.
There are quite a few PayPal scams out there, but this one involved using Facebook, disposable bank accounts, and a complicated chargeback scheme from PayPal.
Read the full story on how Richards beat the scammers and came out on top. You can also watch the video, including the interesting interview with Richards, below:
#2 We discovered PayPal vulnerabilities, but they ignored us
The CyberNews Investigation team discovered six vulnerabilities and bypasses and navigated PayPal’s arduous disclosure program on HackerOne. However, instead of receiving thanks or even a bounty for alerting PayPal of these issues, we got largely ignored and even punished on HackerOne.
This caused huge, in-depth discussions on forums like Hacker News and Reddit.
#3 Wavlink and Walmart’s Jetstream routers have hidden backdoors and criticial vulnerabilities
You guys really loved this — it became our most-shared article on the site (currently at 12,938 social shares). In this investigation, CyberNews’ own Sr. Information Security Researcher Mantas Sasnauskas worked with fellow cybersec researchers James Clee and Roni Carta to discover hidden backdoors in “affordable” Walmart routers from Jetstream, as well as the popular Wavlink routers.
These issues, by the way, could allow an attacker to remotely access those routers, monitor all the traffic going through it, and even compromise any device that’s connected to that wifi network. Yikes.
“Many kudos to the CyberNews team for this excellent research.”Reader comment
In fact, the reception from this investigation was so huge, and the questions around it so many, that we hosted an entire AMA about router security and received more than 500 questions and comments.
Read our in-depth investigation into how we discovered it, the company behind these routers (they’re both from the same parent company in China), and how it impacts you.
You can also watch the video below, including an interview with the three researchers:
#4 The secret network of shady Android app developers
In one of our earlier investigations, we discovered that 101 apps on Google Play, with a combined 69 million installs, were in fact all created by the same person or group.
Although these 101 apps were all listed under 27 different app developers, we discovered that they were all from the same group. We also worked with the mobile security firm Pradeo to understand the scope of this scam network.
Read the full investigation to see how we discovered this shady app network and why they’re doing it.
#5 The beauty camera apps (that might be stealing your data)
In our very first investigation published on CyberNews, we looked at how the most popular beauty camera apps on Google’s Play store, with more than 1.4 billion installs, were rife with privacy and security issues.
These suspicious apps had previously been caught scraping and sell users’ data, plaguing them with nonstop, malicious ads, redirecting them to phishing websites, or evening spy on their users.
“Thanks for your hard work…Trust me, there are many, many, many of us who, whether we know it or not, depend on people like you to sort through the byzantine code monkey pandemonium in search of genuine threats to ourselves and our children. Keep it up, please!”Reader comment
Get the full story on how we performed this investigation and how you can protect yourself from shady camera apps.
#6 How (and why) we hacked Daily Mail journalists
One of the most fun we had here occurred when the Daily Mail, one of the leading newspapers in the UK, asked us to hack three of their journalists.
They wanted to see how easy it would be for hackers to get into their accounts with just a target’s name. In this ethical hacking experiment, we showed them just how much can be done by hackers (the good ones like cybersecurity researchers, or the bad ones like cybercriminals) with minimal information.
Read here for how it all went down, and our successes (and failures) in employing four attack methods to hack the Daily Mail journalists.
#7 Yes, we really did hijack 28,000 printers in the name of cybersecurity
Imagine 27,944 printers, all around the world, all printing our guide on how to secure these printers. That’s exactly what we did in this ethical hacking experiment, where we wanted to raise awareness of vulnerable printers with weak security.
In fact, our analysis showed that approximately 500,000 printers were vulnerable to various cyberattacks. While all we did was print a brief version of our printer security guide, cybercriminals can add them to botnets for DDoS attacks or even enter the corporate network (if it’s a business printer).
“The experiment did a good job of showing how vulnerable your network endpoints can be if you are not taking all the steps to secure privacy.”Reader comment
You should real the full investigation to see how we hacked these printers and how to make sure it doesn’t happen to yours. You can also watch the video summary below:
So that was all from 2020, our first full year investigating important cybersecurity issues affecting everyday consumers and businesses. So what’s on our plate for 2021?
As we build our investigation team and increase our scope, we’re going to be uncovering much bigger issues, including the software, hardware, people and organizations affecting your online privacy and security.
To find out about it first, turn on notifications for CyberNews and be sure to subscribe to our newsletter.