Last month, the City of London Police’s Intellectual Property Crime Unit issued a warning to universities and students about using the pirate website Sci-Hub. Not only does Sci-Hub host stolen intellectual property but the way it operates, by accessing university networks using the log-in credentials of registered users, sometimes obtained through phishing attacks, means the hidden dangers of the site go far beyond breaching copyright law. Personal email accounts, personal financial information, university research, department budgets and confidential staff information can then become accessible.
In its statement, a spokesperson from the London Police’s Intellectual Property Crime Unit, said: “With more students now studying from home and having more online lectures, it is vital universities prevent students accessing the stolen information on the university network. This will not only prevent the universities from having their own credentials stolen, but also those of their students, and potentially the credentials of other members of the households, if connected to the same internet provider.”
Several UK universities, including Manchester University and University College London, have already acted on this advice and issued warnings to staff and students. Sci-Hub is already blocked by Internet Service Providers in 11 countries - Austria, Belgium, Denmark, France, Germany, Italy, Portugal, Russia, Spain, Sweden and the US - because of its unlawful activity. In addition, The Washington Post reported that the U.S. Department of Justice was investigating Sci-Hub. According to the Post, the investigation, which has both criminal and intelligence-gathering elements, is being undertaken because there is a suspicion that the founder of Sci-Hub may be working with Russian intelligence.
We were therefore surprised to read a comment piece in The Bookseller extolling the site’s virtues, particularly as pirate websites also threaten the research process. They have no regard for ensuring the accuracy of scientific articles, that published papers meet ethical standards, or to retract or correct articles if problems arise. Working alongside organizations like the Committee on Publication Ethics and industry groups such as STM, academic publishers and societies safeguard the scholarly record and proactively work to correct inaccuracies, plagiarism or falsification of data and results.
Such wide-ranging challenges make cybersecurity a matter of concern to many different audiences in higher education and research, so it is only via collective action, with librarians, information security officers and publishers working together, that these threats can be effectively tackled. This is why the Scholarly Networks Security Initiative (SNSI) was formed. The initiative brings together librarians, publishers, those working in IT security, and solution providers to raise awareness of the threats caused by pirate sites and to promote new ways of working to address these risks.
Academic publishers can also do more to ensure researchers do not feel the need to use pirate sites. Initiatives like GetFTR, a free to use solution that enables faster access for researchers and students to the published journal articles they need, are helping to address this.
There are no easy answers to these challenges, but it is clear we must work together to safeguard the integrity of scholarly communications and the security of personal data.
Dr. Nick Fowler is chief academic officer at Elsevier, Steven Inchcoombe is chief publishing officer at Springer Nature); they are co-chairs of the Scholarly Networks Security Initiative (SNSI).