Last week, we broke the story of Elsevier’s peer review system being hacked. As we reported, that led to
faked peer reviews and retractions — although the submitting authors don’t seem to have been at fault. As of now, eleven papers by authors in China, India, Iran, and Turkey have been retracted from three journals.
After our post, Elsevier’s Tom Reller filled in some details in a post at Elsevier Connect:
What happened here is that in late October, one of the editors of Optics & Laser Technology (JOLT) alerted our EES team that reviewers for two of his assigned submissions had been invited but not by him. Our team immediately launched an investigation and discovered that someone had been able to retrieve the EES username and password information for this editor.
It’s still unclear what motivated the hack, which others are referring to as “editorial spoofing.” While we don’t like to speculate, we’ve gathered some clues that point in a certain direction: The hacker doesn’t seem to have been working on behalf of the authors submitting manuscripts, but instead may have been trying to gain more citations for particular papers. We’ve seen two other inventive but ultimately doomed attempts at that: Journals accepting papers as long as the authors cite previous work in that journal, and citation cartels. Is this another?
Here’s what we know. We’ve seen the original peer reviews from two of the papers, and found something curious. For one manuscript, one reviewer recommends three papers that “should also be discussed in the introduction.” All of those papers share an author. (We’re going to hold off naming that person unless we can confirm there’s something going on here, for obvious reasons.)
For the other manuscript whose reviews we’ve seen, in the same journal, one of the reviewers also recommends one of those three papers as a citation.
This could all be coincidence, of course. We’ve only seen peer reviews of two papers out of 11. Perhaps the shared author really has published all the important papers in the field in question. But it seems pretty unlikely to be due to chance.
To be clear, even if the point of hacking the Elsevier Editorial System was to get more citations, it wasn’t necessarily the shared author who did the hacking.
So how did all of these authors’ papers end up in the review? Elsevier declined to comment, citing an ongoing investigation.
We’ve now been touch with the author, however, who said he or she hadn’t been asked to review for the journal, so would not have submitted a review. The author then offered, at our prompting, an explanation for how his or her papers ended up in the review: The authors of the reviewed paper wanted to review their own work, and citing the shared author’s paper would “improve the reality of the review report and can have an excuse for his own false review when the story is broken.”
The author wasn’t sure, of course. We’re not either. And it’s certainly possible that this is just a cover story about…a cover story.
Still, the author also isn’t working in science anymore, and hadn’t been contacted by Elsevier. So perhaps this was all a coincidence after all– there’s not much reason to improve your h index if you’re not trying to get tenure or grants. But at the very least, it’s an odd coincidence.
The authors of the 11 papers were invited to resubmit their manuscripts, and Elsevier told us that as of late last week, 8 of the 11 papers had been resubmitted. We’ve been in touch with the corresponding authors of two of the affected papers, and as best we can tell, one has resubmitted, and one hasn’t.
The authors seemed a bit confused about what exactly they were supposed to do. One of them wrote the journal and asked if the paper could be deleted from ScienceDirect:
As we all know, it is fatal for a author whose article is retracted.
The answer, as we’d expect, was no. Given the circumstances, however, it’s hard not to sympathize with the authors who, through no fault of their own, as far as we can tell, now have retractions in their records.
“The hacker […] may have been trying to gain more citations for particular papers.” Occam is slashing his wrists with his razor… The real explanation must be significantly simpler. If this happened for one manuscript or for many manuscripts from a single lab, the guilty party would be obvious. I have a feeling that the added layer of complexity probably does not really change much. Just need to find a connection between the people whose manuscripts have been accepted for publication as a result of this hack. Do I need to add the word “allegedly” to all of this?