Not signed in (Sign In)

Not signed in

Want to take part in these discussions? Sign in if you have an account, or apply for one below

  • Sign in using OpenID

Discussion Tag Cloud

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

Welcome to Math2.0
If you want to take part in these discussions either sign in now (if you have an account), apply for one now (if you don't).
    • CommentRowNumber1.
    • CommentAuthorMark C. Wilson
    • CommentTimeAug 31st 2012

    I hope this hasn’t happened in mathematics. Perhaps mathematicians play for lower stakes than researchers in some better funded fields. It is sad that research has become so competitive and universities are seen primarily by politicians as engines of economic transformation. I expect more such cases to occur. It seems to have been a vintage year for Retraction Watch.

    http://retractionwatch.wordpress.com/2012/08/24/korean-plant-compound-researcher-faked-email-addresses-so-he-could-review-his-own-studies/

  1. Unfortunately, this kind of things already happened in math at least once (but the fraudulent people were maybe caught before actual publication of the paper, I am not sure in the case I learned about). Since we are as sensitive to publication pressure as other fields, it would be surprising that these frauds were less frequent in mathematics than in biology.

    • CommentRowNumber3.
    • CommentAuthorMark C. Wilson
    • CommentTimeSep 24th 2012
    • (edited Sep 24th 2012)

    Prophetic words - http://retractionwatch.wordpress.com/2012/09/24/iranian-mathematicians-latest-to-have-papers-retracted-for-fake-email-addresses-to-get-better-reviews/ I see more evidence that evaluation should be separated from publication, and follow it rather than precede it. If the “prestige” of journals can be seen for what it is and resources can be reallocated, perhaps we will be able to concentrate on certification and significance more systematically.

    • CommentRowNumber4.
    • CommentAuthorMark C. Wilson
    • CommentTimeDec 11th 2012

    Now this one is really nasty: http://retractionwatch.wordpress.com/2012/12/11/elsevier-editorial-system-hacked-reviews-faked-11-retractions-follow/ I know hackers are very resourceful, but surely a huge company like Elsevier should offer better security than a free open source editorial system. Does it?

    • CommentRowNumber5.
    • CommentAuthorHenry Cohn
    • CommentTimeDec 12th 2012

    I wish we knew the full story behind this latest incident. I’d guess (like some of the commenters on Retraction Watch) that it wasn’t hacking in any technical sense, but rather a form of social engineering, where someone registered under a false name, their identity was never verified, and then they got sent papers to referee. Elsevier’s system may be poorly designed in encouraging editors to draw referees from a pool that one might expect to be verified but aren’t.

    The attack itself was probably pretty easy. The Elsevier Editorial System (EES) allows anyone to register as an author, and it seems that the same system is used for managing reviewers. If I went and registered as Famous Mathematician X, but didn’t go on to submit a paper, then I would control an account with the name X but nobody would notice since I wouldn’t be doing anything with it. If an editor later wanted to ask X to referee a paper, they might notice that he had an account already and assign the paper to that account. In fact, EES presumably automatically brings any existing account under that name to the editor’s attention. If they looked carefully, the account might look suspicious (e.g., using a gmail address rather than a university account), but probably not suspicious enough to investigate. And once the account has been used for one review, the track record of prior reviews will look pretty convincing.

    There’s an obvious principle here: don’t trust someone’s identity just because they say so. However, it’s not clear what should be considered a reasonable proof of identity in an academic context. For example, doing extra verification on every account that doesn’t use a university e-mail address would make this attack harder to pull off, but by no means impossible. (For example, every university is full of poorly secured computers that do or could run e-mail servers.)

    What I’d love to know is how often things like this actually happen. I’d guess that they are pretty rare, but perhaps not…

    • CommentRowNumber6.
    • CommentAuthorzskoda
    • CommentTimeDec 13th 2012
    • (edited Dec 13th 2012)

    No, it is indeed hacked (at least in the case which I know). In the sense, that the person who hacked it had the access to the secret editorial information within the system, hence the assigned editor’s name, the assigned referee name etc. so he could sent emails to the referee pretending he is the editor, and/or to the editor pretending he is precisely the chosen referee etc. and sending the info (from the editor) to the actual referees that their report is no more needed, so that no conflicting reports appear.

    • CommentRowNumber7.
    • CommentAuthorHenry Cohn
    • CommentTimeDec 14th 2012

    Hmm, interesting. According to http://elsevierconnect.com/faking-peer-reviews/, in the Optics & Laser Technology case, someone got an editor’s password, logged into their account, and did things like assign referees. (Is this the case you mean, or are there others?) This seems difficult to prevent, since Elsevier is depending on the editor’s own e-mail account to authenticate them (you can send password reset links there, for example), and many e-mail providers are not so difficult to break into using their lost password mechanism. In principle, you can certainly make this quite a bit harder, for example by using two-factor authentication. However, implementing tougher security policies would annoy a lot of editors.

    • CommentRowNumber8.
    • CommentAuthorzskoda
    • CommentTimeDec 14th 2012

    No, I mean the J. Geom. Phys. case.