Translate into a different language

Friday, November 20, 2015

How to hijack a journal

"Even by the standards of Internet scams, the scheme is brazen. According to a tip sent to Science, fraudsters are snatching entire Web addresses, known as Internet domains, right out from under academic publishers, erecting fake versions of their sites, and hijacking their journals, along with their Web traffic." writes John Bohannon.


Website spoofing has been around since the rise of Internet search engines, but it's only in the past few years that scholarly journals have been targeted. The usual method is to build a convincing version of a website at a similar address— rather than—and then drive Web traffic to the fake site. But snatching the official domain is an insidious twist: Unsuspecting visitors who log into the hijacked journal sites might give away passwords or money as they try to pay subscriptions or article processing fees. And because the co-opted site retains the official Web address of the real journal, how can you tell it's fake? 

After the tip came in from Mehdi Dadkhah, an information technology scientist based in Isfahan, Iran, Science put me on the case. Not only did my investigation confirm that this scam is real, identifying 24 recently snatched journal domains, I discovered how the hijackers are likely doing it. The only hard part is identifying vulnerable journals. Once the targets are identified, snatching their domains is easy. To test my theory, I snatched one myself. For a day, visitors to the official Web domain of an academic contemporary art journal based in Croatia were redirected to Rick Astley's 1987 classic music video, “Never Gonna Give You Up.” (The editors there weren't upset when they learned of the switch because the journal was already moving to a new domain.)

This new style of journal hijacking can flourish only when journals are careless about website administration and security. But the few cases so far should sound an alarm, publishing experts say. “Other businesses invest heavily in cybersecurity, and scholarly journals will necessarily need to follow,” warns Phil Davis, a former university librarian who is now a consultant in the scholarly publishing industry. “There is a lot more than just money at stake. Reputations and trust are on the line.” 

LONG IGNORED BY THE CRIMINAL underworld, academic journal websites are finally getting noticed. One reason is the sheer scale of today's online publishing—more than 2 million digital articles were published by more than 20,000 journals last year. Another may be the money changing hands. Most of this $10 billion industry is still tied up with subscriptions, paid primarily by libraries, but a growing slice comes from gold open-access publishing, the business model in which authors of accepted papers pay up front for their publication. This part of the market took in about $250 million last year and is on course to double in a few years. That cash flow and the amateurish website administration of many scholarly publishers make for juicy targets.

Jeffrey Beall, a librarian at the University of Colorado, Denver, who tracks abuse in scholarly publishing, has so far identified 88 journals that are facing competition from fake imitators on different websites. “The list keeps growing,” he says. But snatching a journal's actual Internet domain is a new twist—one Beall wasn't aware of until Science alerted him to the practice. 

Source: Science Magazine  

If you enjoyed this post, make sure you subscribe to my Email Updates!