Investigation Reveals How Easy It Is To Hijack a Science Journal Website

sciencehabit writes: With 20,000 journal websites producing millions of articles — and billions of dollars — it was probably inevitable that online criminals would take notice. An investigation by Science magazine finds that an old exploit is being used on academic publishers: domain snatching and website spoofing. The trick is to find the tiny number of journals whose domain registration has lapsed at any given time. But how do they track their prey? Science correspondent and grey-hat hacker John Bohannon (the same reporter who submitted hundreds of computer-generated fake scientific papers in a journal sting) proposes a method: Scrape the journal data from Web of Science (curated by Thomson Reuters) and run WHOIS queries on their URLs to generate an automatic hijack schedule.

He found 24 journals indexed by Thomson Reuters whose domains were snatched over the past year. Most are under construction or for sale, but 2 of them now host fake journals and ask for real money. And to prove his point, Bohannon snatched a journal domain himself and Rickrolled it. (It now hosts an xkcd cartoon and a link to the real journal.) Science is providing the article describing the investigation free of charge, as well as all the data and code. You can hijack a journal yourself, if you're so inclined: An IPython Notebook shows how to scrape Web of Science and automate WHOIS queries to find a victim. Science hopes that you return the domains to the real publishers after you snatch them.

The real story here is...

[Lab+Rat+Jason]

Why would you trust a journal that is so incompetent that they can't maintain something as simple as a domain?

Run A Shady Business, Meet Shady People

Academic publishing long since passed from being a respectable enterprise, or even a respectable business, and now sits somewhere between an adult emporium and an App Store. The race to the bottom in standards, quality, ethics coupled to the soaring price and universal and ruthless exploitation(*) of academics has given the industry the reputation of midnight casino chain. And lo and behold, here arrive actual criminals, looking to rip off joints, as well as asking for protection money if not outright laundering funds. And like any shady operation, publishers shouldn't expect much help from police to help keep their opium emporium running.

(*)Such exploitation can be, much in the same way as a drug addict's addiction, a matter of contentious perspective. Academics themselves are not blameless for allowing this situation to arise.

Nobody cares

[ArchieBunker]

If this can happen and no one notices, are these paper sites that important in the first place?

Public access to expiration dates?

[RoverDaddy]

Obviously this works because the domain system has been designed so that domain expiration dates are visible to the public. Is there any compelling public interest in making this so? Perhaps this was one of those decisions made during a more naive, simple time on the internet, that needs to be revisited.

Re: Your sig

[Lab+Rat+Jason]

Seems you put a lot of double speak into something that simply could have been stated as "I don't believe in God"... or did you mean to imply that you, not believing in God, would still prefer to whisper your secrets to your government rather than echo them to /dev/null/?