- Amanda Holden’s bad coronavirus advice sheds light on the struggle of being immunocompromised Friday 9:03 PM
- The World Health Organization is now fighting coronavirus misinformation on TikTok Friday 8:43 PM
- Police are using coronavirus misinformation to trick people into turning in drugs Friday 8:11 PM
- People can’t stop touching their faces–and the CDC really wants them to Friday 7:31 PM
- A TikTok of a girl getting an abortion is going viral—and the internet is divided Friday 3:06 PM
- FCC proposes $200 million fine for T-Mobile, others over data sharing Friday 3:03 PM
- Which ‘Love is Blind’ couples are still together? Friday 2:01 PM
- Review: ‘The Invisible Man’ reboot is thrilling but basic Friday 1:25 PM
- Sex workers speak out after OnlyFans leak Friday 1:21 PM
- Normani addresses Camila Cabello’s racist social media posts Friday 1:07 PM
- Mike Huckabee’s defense of Trump’s coronavirus response will make you nauseous Friday 12:06 PM
- Gmail’s email filtering may affect what candidate emails you are seeing Friday 11:08 AM
- Woman shares aftermath of domestic abuse: ‘This is only to raise awareness’ Friday 10:40 AM
- Skai Jackson gets restraining order against Bhad Bhabie after death threat Friday 10:19 AM
- Taylor Swift shades Scooter Braun in ‘The Man’ video Friday 10:15 AM
Infamous researcher hacks academic journals, Rickrolls readers
He’s hoping to highlight a possible security issue.
This year we covered how a science journalist published a bogus study about the dietary benefits of chocolate online, mainly to prove a point about how terrible journalism is when it comes to covering health. While he may have been right that health journalism is often shoddy, his stunt to prove it was met with quite a bit of criticism.
Now the same man, John Bohannon, is back and this time he’s coming after scientific journals. By taking advantage of a lag in domain name payments, Bohannon was able to hijack a journal and post “Never Gonna Give You Up” by Rick Astley. Yes, he Rickrolled the visitors of academic journals.
The project came about when the major academic journal, Science, tasked Bohannon to get to the bottom of an apparent scam involving spoof websites (though it’s not clear whose idea it was to Rickroll everyone in the process). He published the code he used to pull off his stunt, along with a list of hijacked journals here.
“Fraudsters are snatching entire Web addresses, known as Internet domains, right out from under academic publishers, erecting fake versions of their sites, and hijacking their journals, along with their Web traffic,” Bohannon wrote in an article on Science.
Bohannon wrote that often this hijacking occurs when people set up domain names spelled similarly to the original name and dress the site up in a convincing way. For example, one might buy sciencmag.org, hoping to catch people who misspelled the address in their search bar, Bohannon explained.
But now people are stealing the entire domain name, probably by taking advantage of late payments to the Web host. Then the hijackers can get access to personal information like passwords and credit card information as visitors pay for content on the site.
He said the hard part was identifying vulnerable journals, but once he did snagging the name was as easy as buying a website online. Worse yet, there’s no easy way for visitors to identify if a site’s been hijacked either.
Of course the fix is pretty easy—journals simply have to pay their bills on time.
But for journals that have been sluggish to acclimate to online publishing, something as simple as paying a bill on time can fall through the cracks.
“Many publishers still rooted in the print world have never completely gotten used to the details of running a website,” Stewart Wills, the former Web editor of Science, told Bohannon. “It’s not surprising that a bill comes in and falls through the cracks. [But] you need to practice due diligence, hire adequate staff, or use an external website vendor.”
Bohannon ended with a chilling thought. Articles available online are indexed with digital object identifiers (DOI numbers.) They’re like the Dewey Decimal System of online publishing. He said that following doi.org’s domain registration expiration, the site went down. Thankfully no one hijacked it in the interim because if they had, “We’d have to pay a ransom or create an entirely new system,” Phil Davis, a consultant for academic publishers, told Bohannon. “Going back to print publishing is simply not an option for science journals.”
It’s not clear if Bohannon will get the same flak for this stunt that he did with the chocolate study. He said that no readers were likely inconvenienced by the Rickroll since he did it on a journal which had switched its domain name a year prior. The backing of Science and his good-natured humor for this venture also helps. But hopefully his troll-inspired shenanigans in the name of journalism will get some journals to sit up and take notice, for both the security of their content and their readers.
Cynthia McKelvey covered the health and science for the Daily Dot until 2017. She earned a graduate degree in science communication from the University of California Santa Cruz in 2014. Her work has appeared in Gizmodo, Scientific American Mind, and Mic.com.