Anna Abalkina, a researcher at Ludwig-Maximilians Universität München, recently published an article on Retraction Watch about an especially large kind of academic theft: The theft of a whole academic journal.
To be clear, we are not discussing the theft of a few papers or even of the just the journal’s content. We’re discussing the theft of the journal’s name, website, content and reputation.
According to Abalkina, she was working with Disseropedia, a project of Dissernet that tracks plagiarism in Russian journals. They were tracking several instances of translated plagiarism and gifted co-authorship when their attention focused on the journal Talent Development and Excellence.
There, they realized something was amiss. In 2020, the journal had submitted some 462 articles to scholarly databases, more than they had done in the previous ten years combined. They also noted that, on the website, the name of the journal had been changed to “Journal of Talent Development and Excellence” even though the site’s archive had the previous journal’s content.
Abalkina got in touch with Wilma Vialle, the original journal’s associate editor, and found out that their domain, iratde.org had been hacked and all of the content was stolen. That domain now forwards to an unrelated site but someone with all of the stolen content set up a new website at iratde.com, where they have set up an imposter version of the journal. Meanwhile, the editors behind the original journal are struggling to get set up again on a new domain.
It’s a brazen story but it’s made all the worse by a simple fact: It’s far from the first time that it’s happened.
An Ongoing Problem
As Abalkina pointed out in the original article, John Bohannon at Science Magazine reported on this exact issue back in 2015.
The problem is quite simple. As open access journals continue to rise both in number and prominence, academic publishing becomes less about selling subscriptions to journals and more about research published on websites. However, websites are notoriously vulnerable, they can be hacked, copied or, as Bohannon found out, spoofed.
One of the big challenges is that many journals are careless with their domain names and allow them to expire. Once they expire, they can be snatched up by anyone to be used to redirect to anything.
Bohannon decided to see how many journals had recently lost their domain names and, after analyzing the information of some 12,000 journals indexed by Thomson Reuters, 24 came back has having had their domains recently snatched. Of those 24, most were plucked by more traditional domain buyers (with a third being offered for sale). However, two pointed to imitation journals that were open for business and at least one more pointed to a half-finished website accepting manuscripts.
Finally, in a bid to show how easy it was, he decided to buy up the expired domain of a journal that had recently moved to a new site. Initially, he directed it to the music video for Rick Astley’s Never Gonna Give You Up but, after multiple academic databases didn’t update to the new site, he instead posted a relevant comic and a prominent link to the new domain.
So, while what happened to Talent Development and Excellence isn’t wholly new, the attackers there clearly took it to a new level by both hacking the site and repurposing all of its archived content. Still, it points to a new threat that journals need to guard against today.
An Old Threat with a New Target
Commercial websites have a long history of dealing with domain-related issues. Whether it’s domains that are actively hijacked, domains that are allowed to lapse or imposter domains that can trick casual readers, every website with any popularity (yes, even this one) has had to deal with these concerns.
The reason is quite simple: Money.
These domain parasites go about it in a variety of ways. Some simply hope to flip the domain for a huge profit (often by reselling it to the person that had it last), others just hope to benefit from whatever traffic they can get from it. Finally, some run active scams, impersonating the original site in a bid to trick visitors into either handing over the login credentials or personal data.
However, these scams have traditionally not targeted academic journals. Most journals have relatively obtuse domains and see limited direct traffic. Furthermore, open access journals don’t have information that scammers can easily monetize, such as credit card data, and there simply isn’t much motivation for domain parasites to descend.
Unless, of course, there is.
The rise of open access publishing has, unfortunately, also given rise to what is referred to as “predatory open access publishing” or just “predatory publishing”. Basically, predatory journals are fake journals that, for a fee, will publish almost anything. These can either scam legitimate researchers desperate to find a place to publish their work or capture unethical researchers that just want authorship in a paper so they can better secure their job, get a pay raise or generally move forward in their career.
However, these journals have a problem. They often struggle to be included in the important academic databases. This limits the benefit they can provide those that pay for their services and makes them appear less-than-legitimate to those that look into them.
That, in turn, is where domain hijacking comes in. By hijacking a domain, you can either bluff your way into those databases or, at the very least, give others the appearance that you are. Basically, by wearing the skin of a legitimate journal, even a smaller one, these sites have an easier time both fooling the innocent and convincing the unethical into paying up.
While this scam seems to be relatively rare at this time, it’s likely to grow as academic publishing becomes an increasingly lucrative market.
What Can Journals Do?
Fortunately for journals, they are far from helpless. While this is a major problem that has been vexing the wider web for decades, There are tried and true strategies that can help fight this problem.
- Secure Your Domain: It’s easy to be dismissive or lazy about your domain, especially if it wasn’t expensive to register. That said, it’s important to take it seriously. Make sure you have enabled two-factor authentication on your domain registrar and that you use a strong password. Also, make sure the domain is locked unless you are actively transferring it to another registrar.
- Don’t Let Your Name Lapse: If you can, register the domain for an extended period of time and be sure to enable auto-renew if at all possible. Designate the person that is responsible for the domain and institute checks to ensure that the domain registration is kept up. Also, have a plan for when that person leaves the organization.
- Purchase Typo/Misspelling Domains: If your domain has common typos or misspellings, purchase those. For example, if you type plagerismtoday.com you’ll be redirected to this site. Also, make sure you purchase any additional TLDs such as .com, .net and .org.
- Keep Track of Similar Domains: Use a service such as Domain Tools to keep track of domains that are similar to yours so you can spot confusingly similar domains early, ideally before they are able to set up shop.
- Consider Using the UDRP: ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP) is a policy that allows trademark holders to object to a confusingly similar domain name. The process is straightforward but costs a minimum of $750 in filing fees. Still, it may be worthwhile in many circumstances.
When it’s all said and done, the best course of action is prevention. Keeping on top of your domain, buying common misspellings/typos and following good security practices will do a great deal to prevent issues.
While, to many webmasters, this is fairly basic, journal editors are typically not very experienced in web development, making these easy traps to fall into. Now that they find themselves targeted, it’s important to pass along this information.
Scammers have been targeting websites with these kinds of approaches for quite some time. If a site has decent traffic, a valuable domain or a cache of personal information, there’s always been parasites waiting in the wings to exploit it.
Those scammers have now found a way to exploit academic journals and they’re applying the same tricks and approaches to do so. Fortunately, the same counters can help get your journal safe.
The problem is that, with so many journals and so many domains out there, some are going to fall through the cracks no matter how diligent people are. In Bohannon’s 2015 research, only 24 out of some 12,000 domains had changed hands in the past year. That represents just 0.2%.
Still, those 24 domains can do damage to integrity of the journal system and there needs to be a system by which databases track such changes and push such sites out of them. One of the frustrations Bohannon discussed as the challenge of getting the address changed in all databases, a real problem that only those services can address.
For journals themselves, being diligent and being aware of their rights are the best tools. There are ways to fight back against these kinds of parasites but it requires forward-thinking and an understanding that, as long there is money to be made from these journals, there will be scammers waiting to exploit it.