How pirate websites undermine research integrity
Academic librarians are well-positioned to raise awareness about illegal websites and their impact on research, writes Mark Seeley
Last October, cybercriminals stole personal and sensitive data from millions of files on servers at the widely used British Library in London. In the process, they encrypted or destroyed large portions of the institution’s server estate, locked users out of the network and, on their way out, destroyed system infrastructure to hinder recovery efforts.
When the British Library refused to pay a £600,000 ($761,000) ransom, the hackers posted on the dark web a cache of files containing personal and sensitive data belonging to library users and employees. The British Library will spend up to an estimated £7 million ($8.88 million) to restore the damage, the Financial Times reported in January.
Overlooked amid the extensive damage is how such cyberattacks can negatively impact the research process. The British Library’s online services remained compromised for months, shutting out educators and researchers around the world from using its digital services. But there’s also harm that’s far less talked about – the potential damage to research integrity.
Unlike publishers, pirate websites have no incentive to confirm the accuracy of the articles they illegally harvest or ensure the research meets ethical standards. There’s also no incentive to retract or correct an article if a problem arises. And they do arise: more than 45,000 retractions have been identified by Retraction Watch since the database launched in 2010. Publishers, working with organizations like the Committee on Publication Ethics, proactively work to correct inaccuracies and root out plagiarism or falsification of data and results.
The dissemination of inaccurate content that is not retracted or corrected comes at a time when trust in research is more important than ever due to the increase of misinformation and the increasing use – or misuse – of artificial intelligence.
The unsecured backdoor that leaves academic institutions vulnerable to cyberattacks is the widespread use of illegal websites that provide illicit access to scientific research articles. Pirate websites including Sci-Hub, Library Genesis, Z-Library and Anna’s Archive use stolen or leaked credentials to illegally access publishers’ content. The City of London’s Police Intellectual Property Crime Unit issued a warning in 2021 against using Sci-Hub – sometimes called “Pirate Bay of Science” – which gives users illegal access to millions of scientific research articles.
Here’s how it works. When university educators, researchers and students download academic papers from these illegal sites, they expose their institutional credentials and put the digital security of their institutions at risk. Hackers swoop in and steal the compromised credentials through phishing and other schemes to breach the academic institutions’ networks. These bad actors then make off with sensitive data, damage information technology infrastructure and often demand a ransom to return the data.
The British Library incident is one of the latest in a growing number of cyberattacks on academic institutions. Globally, the education sector experienced nearly 500 cyber incidents between 2021 and 2022, ranking fifth among industry sectors. Hackers target academic institutions around the world to take advantage of their cache of sensitive and personal data, and frequent lack of advanced cybersecurity. In December 2023, for example, cybercriminals hacked into Memorial University in Newfoundland, Canada and Kaunas University of Technology in Lithuania.
Librarians at academic institutions are well-positioned to be on the frontlines in educating administrators and raising awareness about these illegal websites and their impact on research. As a 2021 survey of librarians around the world commissioned by The Scholarly Networks Security Initiative found, respondents were primarily concerned with the security of data belonging to students, colleagues and their institutions. Their lowest priority was protecting research data. The respondents also stated they believe their library’s top concerns are the theft of staff and students’ personal data, the sharing of the institution’s login credentials and phishing emails.
Awareness needs to be raised within academic institutions and libraries about the ethics of using these illegal websites and the danger they pose to research integrity. This is a significant risk that demands a unified response. In the wake of the cyberattack on the British Library, the institution releaseda report on the damage to its operations and infrastructure, and the lessons learned. Among the British Library’s recommendations is a call to raise awareness throughout the organisation of cybersecurity threats, from ensuring its senior officers and board members understand the risks to regularly training all staff on evolving cybersecurity needs. Worryingly. understanding the link between the use of illegal scientific research article providers and research integrity was not on the list.
To the British Library’s recommendations, SNSI would add providing comprehensive, top-down education and training about how the use of these illegal websites can directly affect the credibility of scientific research articles. Librarians should play a leading role in this effort, in collaboration with executives and administrators, to protect the future of scientific research as well as their academic institutions’ sensitive data and information technology infrastructure.
Mark Seeley is Executive Chair of the Scholarly Networks Security Initiative
