Slashdot Mirror
Investigation Reveals How Easy It Is To Hijack a Science Journal Website (sciencemag.org)
sciencehabit writes: With 20,000 journal websites producing millions of articles — and billions of dollars — it was probably inevitable that online criminals would take notice. An investigation by Science magazine finds that an old exploit is being used on academic publishers: domain snatching and website spoofing. The trick is to find the tiny number of journals whose domain registration has lapsed at any given time. But how do they track their prey? Science correspondent and grey-hat hacker John Bohannon (the same reporter who submitted hundreds of computer-generated fake scientific papers in a journal sting) proposes a method: Scrape the journal data from Web of Science (curated by Thomson Reuters) and run WHOIS queries on their URLs to generate an automatic hijack schedule.
He found 24 journals indexed by Thomson Reuters whose domains were snatched over the past year. Most are under construction or for sale, but 2 of them now host fake journals and ask for real money. And to prove his point, Bohannon snatched a journal domain himself and Rickrolled it. (It now hosts an xkcd cartoon and a link to the real journal.) Science is providing the article describing the investigation free of charge, as well as all the data and code. You can hijack a journal yourself, if you're so inclined: An IPython Notebook shows how to scrape Web of Science and automate WHOIS queries to find a victim. Science hopes that you return the domains to the real publishers after you snatch them.
He found 24 journals indexed by Thomson Reuters whose domains were snatched over the past year. Most are under construction or for sale, but 2 of them now host fake journals and ask for real money. And to prove his point, Bohannon snatched a journal domain himself and Rickrolled it. (It now hosts an xkcd cartoon and a link to the real journal.) Science is providing the article describing the investigation free of charge, as well as all the data and code. You can hijack a journal yourself, if you're so inclined: An IPython Notebook shows how to scrape Web of Science and automate WHOIS queries to find a victim. Science hopes that you return the domains to the real publishers after you snatch them.
Academic publishing long since passed from being a respectable enterprise, or even a respectable business, and now sits somewhere between an adult emporium and an App Store. The race to the bottom in standards, quality, ethics coupled to the soaring price and universal and ruthless exploitation(*) of academics has given the industry the reputation of midnight casino chain. And lo and behold, here arrive actual criminals, looking to rip off joints, as well as asking for protection money if not outright laundering funds. And like any shady operation, publishers shouldn't expect much help from police to help keep their opium emporium running.
(*)Such exploitation can be, much in the same way as a drug addict's addiction, a matter of contentious perspective. Academics themselves are not blameless for allowing this situation to arise.