Science journals getting hacked

Can you tell if you're looking at an authentic website? Fraudsters have been stealing web addresses of journals to get money from academics.
20 November 2015

Interview with 

John Bohannon, Science correspondent


A number of high-profile groups and corporations have been "hacked" recently, and the world of science isn't immune either. Journalist John Bohannon has found that fraudsters are cyber-stealing the Internet domain names of research journals and then setting up fake websites bearing a close resemblance to the real thing, which they're then using to extract money from well-meaning researchers. He told Chris Smith how they're doing it...

John - When you, a normal person, go on the internet and try to read an article, what happens is when you type in, for example, into your browser.  A request gets sent on the internet to a bunch of computers called domain name servers and they do one simple job.  They take that name, in this case, and they look up a string of numbers called the IP address. once they find it then they send your request to another computer, which is actually controlled by Nature, the journal.  Every server on the internet has its own string of numbers, it's like an address, a phone book. 

Once your request arrives at the server it says, "Oh, hey! Someone wants to read this article."  It parses your request and sends you the correct web page and that's what you see.  And all that happens in the blink of an eye, and it usually works just fine.  So here's the catch; if you forget to pay the bill for the registration of your domain - it happens about once a year and it's only ten quid - then there's a narrow window of opportunity where a criminal can slip in. As long as they've been tracking you, and they know that this little opportunity exists, they can actually snatch that domain right out from under you by buying it.

Chris - And when you say domain, that is the web address of the journal you think you are going to, to get the paper that you want to read and, in fact, someone has bought that from under the person who really legitimately owns it, and hijacked it?

John - Yes, exactly. And there's no way you could know, because you just type in "" into your browser and it's going to show you something, and you have no idea that, what might have happened, is it went to some criminal's computer server and what they've done is made a clone of the Nature website.  Usually it's pretty harmless, because people just want to read an article, and it's no big deal; but if it's a scientist, for example, visiting an open access journal and wanting to publish there - they're going to give credit card information, they're going to send real money; they might give away their password to the real web site.

Chris - Is there any evidence that criminals are exploiting the system in this way.  They are saying to scientists "right, send us your money because we are going to publish your paper, this is what it costs, so you have to pay."

John - So this tip came in, just this summer, that this might be happening, and Science put me on the case. I looked systematically across 12,000 journals, and I found 24 whose web domains had been snatched and, of those, two of them have cloned journals.  So, I know of two cases, right now, where hijackers have opened up for business, and they are actually making money.

Here's what I find truly insane.  In one case, there's a journal, completely fake, they snatched the domain and hijacked the journal and they've opened for business and, for 150 US Dollars, you can get your research published in this journal and it actually does appear online.  There are like dozens of articles from scientists from all over the world, on all kinds of topics that are now published there. And so you might ask yourself  "well, why bother?" 

The sad thing is it's beneficial for both parties.  So the hijackers are getting easy money, they don't actually have to run a real journal.   If you are running a real journal you have to do what's called "peer review," which means you need to chase down experts on this topic; get them to really read and criticise the article; find out if it's really up to snuff.  They don't have to do any of that.  But it's also beneficial for the scientist, because now they've got a publication to their name in a journal which, in this case, is indexed by Thomson Reuters through their big database called the "Web of Science."  It's really prestigious, and so it could very well be that everyone's benefiting. Except Society of course.

Chris - Surely the journals that are being hijacked have got something to say about this.  They must know?

John - Yes, and they're very troubled about it but it's so hard legally to address this problem because the hijackers could be anywhere in the world, and the companies that do the domain registration are also all over the world and they don't really have much leverage. 

You could launch a fraud case, for example, maybe in the country where the hijackers registered the domain, but they could just slip away long before that gathered steam, and you would be out of a lot of money.  Most journals are doing nothing, and the ones I have talked to are just planning on sort of quietly switching to a new domain.

Chris - What would you like to see done about this, John?  Or what can we do about it?

John - Well, in general, journals need to clean up their act when it comes to websites, they are doing a pretty sloppy job.  And for the public, the general take home is, if you visit a website you might not necessarily be seeing what you think you're seeing.  Someone else could be actually controlling that website.


Add a comment