- How to watch ‘Kidding’ for free 4 Years Ago
- What’s the deal with Bran Stark at the end of ‘Game of Thrones’? Today 6:30 AM
- How to watch TruTV online for free Today 6:00 AM
- Fans call out Madonna for edited Eurovision video Tuesday 9:36 PM
- Partnered Twitch streamer temporarily banned for airing troll’s racist message Tuesday 8:45 PM
- Reddit theory says fans are wrong about who won ‘Game of Thrones’ Tuesday 6:52 PM
- Elon Musk hires ‘absolute unit’ sheep meme creator to be Tesla’s social media manager Tuesday 6:12 PM
- Jason Momoa stands by his Khaleesi after the ‘Game of Thrones’ finale Tuesday 4:05 PM
- Airbnb, 23andMe partner for creepy heritage travel recommendations Tuesday 3:26 PM
- Rep. Katie Porter goes viral again for trouncing Ben Carson (updated) Tuesday 3:26 PM
- This deepfake takes Bill Hader’s Schwarzenegger impression to the next level Tuesday 2:58 PM
- Wanda Sykes rails against Trump and offers much-needed perspective in ‘Not Normal’ Tuesday 2:41 PM
- Man arrested after allegedly threatening to shoot YouTube employees Tuesday 2:13 PM
- Some House Dems are backing away from the Save the Internet Act Tuesday 1:40 PM
- Thousands sign petition calling for Danny DeVito to play Wolverine Tuesday 1:02 PM
Infamous researcher hacks academic journals, Rickrolls readers
He’s hoping to highlight a possible security issue.
This year we covered how a science journalist published a bogus study about the dietary benefits of chocolate online, mainly to prove a point about how terrible journalism is when it comes to covering health. While he may have been right that health journalism is often shoddy, his stunt to prove it was met with quite a bit of criticism.
Now the same man, John Bohannon, is back and this time he’s coming after scientific journals. By taking advantage of a lag in domain name payments, Bohannon was able to hijack a journal and post “Never Gonna Give You Up” by Rick Astley. Yes, he Rickrolled the visitors of academic journals.
The project came about when the major academic journal, Science, tasked Bohannon to get to the bottom of an apparent scam involving spoof websites (though it’s not clear whose idea it was to Rickroll everyone in the process). He published the code he used to pull off his stunt, along with a list of hijacked journals here.
“Fraudsters are snatching entire Web addresses, known as Internet domains, right out from under academic publishers, erecting fake versions of their sites, and hijacking their journals, along with their Web traffic,” Bohannon wrote in an article on Science.
Bohannon wrote that often this hijacking occurs when people set up domain names spelled similarly to the original name and dress the site up in a convincing way. For example, one might buy sciencmag.org, hoping to catch people who misspelled the address in their search bar, Bohannon explained.
But now people are stealing the entire domain name, probably by taking advantage of late payments to the Web host. Then the hijackers can get access to personal information like passwords and credit card information as visitors pay for content on the site.
He said the hard part was identifying vulnerable journals, but once he did snagging the name was as easy as buying a website online. Worse yet, there’s no easy way for visitors to identify if a site’s been hijacked either.
Of course the fix is pretty easy—journals simply have to pay their bills on time.
But for journals that have been sluggish to acclimate to online publishing, something as simple as paying a bill on time can fall through the cracks.
“Many publishers still rooted in the print world have never completely gotten used to the details of running a website,” Stewart Wills, the former Web editor of Science, told Bohannon. “It’s not surprising that a bill comes in and falls through the cracks. [But] you need to practice due diligence, hire adequate staff, or use an external website vendor.”
Bohannon ended with a chilling thought. Articles available online are indexed with digital object identifiers (DOI numbers.) They’re like the Dewey Decimal System of online publishing. He said that following doi.org’s domain registration expiration, the site went down. Thankfully no one hijacked it in the interim because if they had, “We’d have to pay a ransom or create an entirely new system,” Phil Davis, a consultant for academic publishers, told Bohannon. “Going back to print publishing is simply not an option for science journals.”
It’s not clear if Bohannon will get the same flak for this stunt that he did with the chocolate study. He said that no readers were likely inconvenienced by the Rickroll since he did it on a journal which had switched its domain name a year prior. The backing of Science and his good-natured humor for this venture also helps. But hopefully his troll-inspired shenanigans in the name of journalism will get some journals to sit up and take notice, for both the security of their content and their readers.
Cynthia McKelvey covered the health and science for the Daily Dot until 2017. She earned a graduate degree in science communication from the University of California Santa Cruz in 2014. Her work has appeared in Gizmodo, Scientific American Mind, and Mic.com.