Can journals get hijacked? Apparently, yes

science pic.mag.current-issueDid you recently log onto your favorite journal’s website and see this? (For anyone who doesn’t want to bother clicking, it’s the video from Rick Astley’s “Never Gonna Give You Up.”) If so, your favorite journal was hijacked.

In today’s issue of Science, John Bohannon (who recently published a bogus study about the benefits of chocolate) explains how easy it is to take over a journal’s website — so easy, in fact, that he did it himself. And he’s not the only one, he reports:

…I identified 24 journals indexed by Thomson Reuters whose web domains appear to have been recently snatched. (That list, along with all of the code and data from this investigation are at http://scim.ag/hijackdata.)

Taking over a journal’s site is just a matter of waiting until a journal misses a payment on the domain for its web address and it expires, then buying the same domain for yourself and putting up whatever you’d like. In two cases, Bohannon found the hijacked sites were acting as the original publisher, accepting money for articles from trusting researchers.

So he tried it himself, posting the Rick Astley video. He describes his method in the Science article:

Why not buy one of the expired domains immediately, if only to save it? Web of Science listed hart.hr as the domain for Život Umjetnosti (Journal of Contemporary Art) published for the past 50 years by the Institute of Art History in Zagreb. To purchase a .hr domain, I had to hire a European company to serve as my proxy, and I beat the hijackers to it. My prank is very unlikely to have inconvenienced readers. The publisher moved the journal to a new Web domain in June and notified Thomson Reuters, says the editor, Sandra Križić Roban. “They got the information about the new URL,” she says, but as Science went to press, Web of Science still points to the domain that I now control. (I took down the music video, and the site now shows a relevant xkcd cartoon and a prominent link to the real journal and this story.)

For any scientists worried about getting duped, Bohannon has some tips in the article:

First, check the domain registration data online by performing a WHOIS query. (It’s not an acronym, but rather a computer protocol to look up “who is” behind a particular domain.) If the registration date is recent but the journal has been around for years, that’s the first clue. Also suspicious is if the domain’s country of registration is different from the journal’s publisher, or if the publisher’s name and contact information are kept anonymous by private domain registrars.

The story also notes another problem facing journal websites: Fake sites with slightly different web addresses posing as official journals.

Website spoofing has been around since the rise of Internet search engines, but it’s only in the past few years that scholarly journals have been targeted. The usual method is to build a convincing version of a website at a similar address—www. sciencmag.org rather than www.sciencemag.org—and then drive Web traffic to the fake site.

This problem is also becoming more of a concern:

Jeffrey Beall, a librarian at the University of Colorado, Denver, who tracks abuse in scholarly publishing, has so far identified 88 journals that are facing competition from fake imitators on different websites. “The list keeps growing,” he says.

Bohannon learned of journal site hijacking from Mehdi Dadkhah, an IT specialist based in Iran who himself had fallen victim to such a scheme, paying $600 to a fake site to publish his research in an indexed journal. (Thankfully, he recouped his money.) Recently, Dadkhah published a paper on this trend in the Journal of Advanced Nursing, along with tips to detect types of academic “cybercrime.”

Bohannon told Retraction Watch he hopes his story helps journals recognize the problem and take steps to keep their domains safe. He also hopes citizens pitch in to help:

I provided all of the code that I used to hijack a journal. Anyone can do it. I encourage people to be white-hat hackers: Hijack journal domains themselves and give it back to the publishers who messed up. And shame them while you’re at it so others are more careful.

Like Retraction Watch? Consider making a tax-deductible contribution to support our growth. You can also follow us on Twitter, like us on Facebook, add us to your RSS reader, and sign up on our homepage for an email every time there’s a new post. Click here to review our Comments Policy.

4 thoughts on “Can journals get hijacked? Apparently, yes”

  1. Surely the company that sells domain names could give the people who bought the domain better warning that their commercial right to the name was about to expire? Or do these guys just not bother to look at their inboxes? I know people like that.
    Seriously: my name cost me $18 a year. I’m hoping wordpress lets me know when my year is about to run out.

  2. In 2009, the web-site of my publisher, Global Science Books Ltd., which was, at that time, based in the UK, was hijacked. We were later (3 years later) able to recover the hijacked domain name http://www.globalsciencebooks.com but by that time the serious damage to our name and reputation had already been done. In the interim period, we had to purchase another domain name http://www.globalsciencebooks.info . An email reminder had apparently been sent to the company that was hosting our web-site at the time, in the UK, but they “missed” the notice.

    The “fake” web-site plastered a black, almost ominous background and filled the pages with garbled text, intermingling scientific text with regular sentences, so that scientists would almost believe that they had the right page, but would be so put off by what they saw that they would turn away.

    We never found out who was responsible for this “attack” on our name.

    Apart from being banned by two publishers (actually three), this hijacking of my publisher’s web-site has got to have been one of the most painful and destructive events in my professional career. Unless you have a lot of corporate power and funding, a small time publisher does not ever recover from such an event and the reputation and name are lost forever.

    Here is a screen-shot of the difference between original and hijacked pages of the .com site in 2009 vs 2013:
    https://imgur.com/CVaYlRf

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.