Investigation Reveals How Easy It Is To Hijack a Science Journal Website

sciencehabit writes: With 20,000 journal websites producing millions of articles — and billions of dollars — it was probably inevitable that online criminals would take notice. An investigation by Science magazine finds that an old exploit is being used on academic publishers: domain snatching and website spoofing. The trick is to find the tiny number of journals whose domain registration has lapsed at any given time. But how do they track their prey? Science correspondent and grey-hat hacker John Bohannon (the same reporter who submitted hundreds of computer-generated fake scientific papers in a journal sting) proposes a method: Scrape the journal data from Web of Science (curated by Thomson Reuters) and run WHOIS queries on their URLs to generate an automatic hijack schedule.

He found 24 journals indexed by Thomson Reuters whose domains were snatched over the past year. Most are under construction or for sale, but 2 of them now host fake journals and ask for real money. And to prove his point, Bohannon snatched a journal domain himself and Rickrolled it. (It now hosts an xkcd cartoon and a link to the real journal.) Science is providing the article describing the investigation free of charge, as well as all the data and code. You can hijack a journal yourself, if you're so inclined: An IPython Notebook shows how to scrape Web of Science and automate WHOIS queries to find a victim. Science hopes that you return the domains to the real publishers after you snatch them.

The real story here is...

[Lab+Rat+Jason]

Why would you trust a journal that is so incompetent that they can't maintain something as simple as a domain?