Did you recently log onto your favorite journal’s website and see this? (For anyone who doesn’t want to bother clicking, it’s the video from Rick Astley’s “Never Gonna Give You Up.”) If so, your favorite journal was hijacked.
In today’s issue of Science, John Bohannon (who recently published a bogus study about the benefits of chocolate) explains how easy it is to take over a journal’s website — so easy, in fact, that he did it himself. And he’s not the only one, he reports:
…I identified 24 journals indexed by Thomson Reuters whose web domains appear to have been recently snatched. (That list, along with all of the code and data from this investigation are at http://scim.ag/hijackdata.)
Taking over a journal’s site is just a matter of waiting until a journal misses a payment on the domain for its web address and it expires, then buying the same domain for yourself and putting up whatever you’d like. In two cases, Bohannon found the hijacked sites were acting as the original publisher, accepting money for articles from trusting researchers.
So he tried it himself, posting the Rick Astley video. He describes his method in the Science article:
Why not buy one of the expired domains immediately, if only to save it? Web of Science listed hart.hr as the domain for Život Umjetnosti (Journal of Contemporary Art) published for the past 50 years by the Institute of Art History in Zagreb. To purchase a .hr domain, I had to hire a European company to serve as my proxy, and I beat the hijackers to it. My prank is very unlikely to have inconvenienced readers. The publisher moved the journal to a new Web domain in June and notified Thomson Reuters, says the editor, Sandra Križić Roban. “They got the information about the new URL,” she says, but as Science went to press, Web of Science still points to the domain that I now control. (I took down the music video, and the site now shows a relevant xkcd cartoon and a prominent link to the real journal and this story.)
For any scientists worried about getting duped, Bohannon has some tips in the article:
First, check the domain registration data online by performing a WHOIS query. (It’s not an acronym, but rather a computer protocol to look up “who is” behind a particular domain.) If the registration date is recent but the journal has been around for years, that’s the first clue. Also suspicious is if the domain’s country of registration is different from the journal’s publisher, or if the publisher’s name and contact information are kept anonymous by private domain registrars.
The story also notes another problem facing journal websites: Fake sites with slightly different web addresses posing as official journals.
Website spoofing has been around since the rise of Internet search engines, but it’s only in the past few years that scholarly journals have been targeted. The usual method is to build a convincing version of a website at a similar address—www. sciencmag.org rather than www.sciencemag.org—and then drive Web traffic to the fake site.
This problem is also becoming more of a concern:
Jeffrey Beall, a librarian at the University of Colorado, Denver, who tracks abuse in scholarly publishing, has so far identified 88 journals that are facing competition from fake imitators on different websites. “The list keeps growing,” he says.
Bohannon learned of journal site hijacking from Mehdi Dadkhah, an IT specialist based in Iran who himself had fallen victim to such a scheme, paying $600 to a fake site to publish his research in an indexed journal. (Thankfully, he recouped his money.) Recently, Dadkhah published a paper on this trend in the Journal of Advanced Nursing, along with tips to detect types of academic “cybercrime.”
Bohannon told Retraction Watch he hopes his story helps journals recognize the problem and take steps to keep their domains safe. He also hopes citizens pitch in to help:
I provided all of the code that I used to hijack a journal. Anyone can do it. I encourage people to be white-hat hackers: Hijack journal domains themselves and give it back to the publishers who messed up. And shame them while you’re at it so others are more careful.
Like Retraction Watch? Consider making a tax-deductible contribution to support our growth. You can also follow us on Twitter, like us on Facebook, add us to your RSS reader, and sign up on our homepage for an email every time there’s a new post. Click here to review our Comments Policy.