The full story of 90 hijacked journals from August 2011 to June 2015

During recent years, the academic world has suffered a lot from the threats of hijacked journals and fake publishers that have called into question the validity and reliability of scientific publications. The purpose of this paper is to tell the in-depth story of hijacked journals. This paper addresses the hijackers themselves, the methods they use to find their victims in the academic world, the methods they use to collect money from unsuspecting researchers by charging them to publish in hijacked journals, how they hide their identities, and how the academic world can best protect itself from these cybercriminals. Without identifying specific journal hijackers, we tell the story of how an assistant professor of computer and information science from Saudi Arabia (who holds a Ph.D. from a Malaysian university) and his team of Word Press experts from Pakistan hijacked at least six journals including journal of technology, BRI’s Journal of Advances in Science and Technology, Magnt Research Report, Scientific Khyber, Saussurea, and created one of the four fake websites for Texas Journal of Science. We also tell the story of how some conferences are integrated with hijacked journals, and how a cybercriminal with a fake address in United Arab Emirates used the pseudonym “James Robinson” to mass hijack more than 20 academic journals (Journal of Balkan Tribological Association, Scientia Guaianae, Journal of American Medical Association, Cadmo, Entomon, Italianistica, Revue scientifique et technique, Kardiologiya, Agrochimica, Terapevticheskii Arkhiv, Ama, Tekstil, Fauna Rossii I Sopredel Nykh Stran, Azariana, PSR health research bulletin, etc.). We also address the European cybercriminal with pseudonym “Ruslan Boranbaev” who hijacked the Archives des Sciences in October 2011 and created the “Science record journals” (to host three hijacked journals Including “Science series data report”, Innovaciencia, and “Science and nature”; and seven fake journals) for the first time in the academic world in August 2011. We tell how Ruslan Boranbaev designed a systematic approach to mass hijack more than 25scientific journals, including Bothalia, Jokull, Cienia e tecnica, Wulfenia, Doriana, Revista Kasmera, Mitteilungen Klosterneuburg, Sylwan, HFSP journal, Natura, and Cahiers des Sciences Naturelles. We also tell the story how this genius cybercriminal, whom we could call the king of hijacked journals, created a fake “web of sciences” portal in 2015 on a dedicated server in France to launch an automated spam broadcasting machine of calls for papers for his hijacked journals. We also present how the Ruslan Boranbaev created numerous online payment portals for collecting the publication charges of hijacked journals, and cheated the Thomson Reuters to provide hyperlinks to the fake website of three hijacked journals in his masterpiece “revistas-academicas.com”. We also tell the story of how someone adopted the Ruslan Boranbaev approach to cheat the Thomson Reuters to create hyperlinks from master journal list of Thomson Reuters to two of his hijacked journals (GMP review: http://www.euromed.uk.com, Allgemeine Forst und Jagdzeitung: http://www.sauerlander-verlag.com). Finally, we present the most comprehensive list of hijacked journals available, including all of those that we have detected from August 11, 2011 to June 15, 2015. The full story of 90 hijacked journals from August 2011 to June 2015 74 Geographica Pannonica • Volume 19, Issue 2, 73-87 (June 2015) Background The current atmosphere in academia demands professors, lecturers, postgraduate students, and researchers publish as many journal papers as possible (Jalalian, Mahboobi, 2014; Jalalian, 2014a). Some of the policymakers in various academic areas consider research findings to be of value only if they are published in an internationally indexed journal. Starting on August 11, 2011, the online hackers and cybercriminals opened a new line in their business, i.e., building fake websites that mimic reputable journals that are mostly indexed by Web of Science (WOS), a Thomson Reuters product, and that have their Impact Factor calculated by Journal Citation Reports (JCR) (Jalalian, Mahboobi, 2014). In early 2012, Mehrdad Jalalian, detected this systematic academic misconduct and unofficially introduced the term “hijacked journal” to the academic world (Jalalian, Mahboobi, 2014; Jalalian, 2014a). During the recent years, journal hijackers have created numerous counterfeit websites for other scientific journals, mostly the print-only ones (Jalalian, Mahboobi, 2014). The cybercriminals broadcast calls-for-paper spams to millions of email addresses of authors and lecturers (Jalalian, Mahboobi, 2014; Jalalian, 2014a). Following the cybercriminals’ successful marketing of hijacked and fake journals, they introduced a second product in 2013, i.e., bogus impact factors and misleading metrics that were compiled by unknown organizations (Jalalian, Mahboobi, 2013; Jalalian, 2015a). Also, some of the journal hijackers targeted scientific conferences and published dozens of conference papers in their hijacked journals for an extra payment by the authors. Irrespective of their technique of recruiting (i.e., cheating) authors, it is obvious that the articles that are published in hijacked journals without the benefit of peer reviews will be incorporated in the literature reviews of future research, and, in this way, the hijacked journals violate and undermine the validity and reliability of published research and complicate the open access movement (Jalalian, 2014a; Jalalian, 2014b). A second significant problem is the validity and reliability of the metric values and other indexing measures developed by scientific indexing databases, because the people who operate and maintain these databases do not know how to remove citations of articles that are published in hijacked and fake journals (Jalalian, 2014a). It seems the journal hijackers have attacked the reputation and money of researchers and also the reliability of research findings and metric measures in legitimate networks, such as Web of Science (WOS), Scopus, Google Scholar Citation, and Index Copernicus (Jalalian, 2014a; Jalalian, 2015a). We should mention that, in this paper, we have removed the sensitive information related to the cybercriminals, such as their real names, their real email addresses, and any other information that could be used to identify them, as it was not the purpose of this research to identify the journal hijackers. Throughout this paper, we used the word “[redacted]” to avoid presenting any sensitive information. However, most of the technical information we presented in this article are available from “whois” information of the registered websites, and are available for public. History of hijacked journals On August 11, 2011, a cybercriminal registered the expired domain “sciencerecord.com” to misuse it as a place for a mixed project of three hijacked journals and seven fake journals, including hijacked journals: Science Series data report, Innova Ciencia, and “Science and nature”, and fake journals: America scientist, International research journal of humanities, International research journal of engineering and technologies, International journal of medical discovery, International journal of professional artist, Pioneer architects &urban designers, and International research journal of basic and applied sciences. However, he launched those hijacked and fake journals in January 2012, after his other work “Archives des sciences” that was online in 2011.We should say that a fake journal is different from a hijacked journal in that it has never been registered by a person or organization. In the case of those seven fake journals under the category of science record journals, all of them had fake ISSN numbers that never have been assigned to any journal by ISSN organization. On October 23, 2011, the same person who had registered the expired domain for science record journals, registered the domain “sciencesarchive.com,” which he intended to be mistaken for the authentic website for a Swiss journal entitled “Archives des Sciences” (Jalalian, Mahboobi, 2014; Jalalian, 2014a). During 2012 and 2013, other journals have been hijacked, but they numbered to a few cases such as Tekstil, Pensee, Jokull, and Revistas Academicas journals. In early 2014, a cybercriminal using the pseudonym “James Robinson” and a fake address in Dubai, United Arab Emirates, brought a new phenomenon to the world of academic publishing, i.e., “Mass journal hijacking”. He created fake websites for too many academic journals, including the “Journal of the American Medical Association” (one of the world’s leading journals in publishing high-quality medical research), the Journal of the Balkan Tribological Association, Scientia Guaianae, Cadmo, Entomon, Revue Scientifique et Technique, Agrochimica, Terapevticheskii Arkhiv, Ama: Agricultural Mechanization in Asia, Africa & Latin America, Fauna Rossii I Sopredel Nykh Stran, Kardiologiya, PSR health research bulletin, Teoriiai


Background
The current atmosphere in academia demands professors, lecturers, postgraduate students, and researchers publish as many journal papers as possible (Jalalian, Mahboobi, 2014;Jalalian, 2014a).Some of the policymakers in various academic areas consider research findings to be of value only if they are published in an internationally indexed journal.Starting on August 11, 2011, the online hackers and cybercriminals opened a new line in their business, i.e., building fake websites that mimic reputable journals that are mostly indexed by Web of Science (WOS), a Thomson Reuters product, and that have their Impact Factor calculated by Journal Citation Reports (JCR) (Jalalian, Mahboobi, 2014).In early 2012, Mehrdad Jalalian, detected this systematic academic misconduct and unofficially introduced the term "hijacked journal" to the academic world (Jalalian, Mahboobi, 2014;Jalalian, 2014a).During the recent years, journal hijackers have created numerous counterfeit websites for other scientific journals, mostly the print-only ones (Jalalian, Mahboobi, 2014).The cybercriminals broadcast calls-for-paper spams to millions of email addresses of authors and lecturers (Jalalian, Mahboobi, 2014;Jalalian, 2014a).Following the cybercriminals' successful marketing of hijacked and fake journals, they introduced a second product in 2013, i.e., bogus impact factors and misleading metrics that were compiled by unknown organizations (Jalalian, Mahboobi, 2013;Jalalian, 2015a).Also, some of the journal hijackers targeted scientific conferences and published dozens of conference papers in their hijacked journals for an extra payment by the authors.Irrespective of their technique of recruiting (i.e., cheating) authors, it is obvious that the articles that are published in hijacked journals without the benefit of peer reviews will be incorporated in the literature reviews of future research, and, in this way, the hijacked journals violate and undermine the validity and reliability of published research and complicate the open access movement (Jalalian, 2014a;Jalalian, 2014b).A second significant problem is the validity and reliability of the metric values and other indexing measures developed by scientific indexing databases, because the people who operate and maintain these databases do not know how to remove citations of articles that are published in hijacked and fake journals (Jalalian, 2014a).It seems the journal hijackers have attacked the reputation and money of researchers and also the reliability of research findings and metric measures in legitimate networks, such as Web of Science (WOS), Scopus, Google Scholar Citation, and Index Copernicus (Jalalian, 2014a;Jalalian, 2015a).
We should mention that, in this paper, we have removed the sensitive information related to the cybercriminals, such as their real names, their real email addresses, and any other information that could be used to identify them, as it was not the purpose of this research to identify the journal hijackers.Throughout this paper, we used the word "[redacted]" to avoid presenting any sensitive information.However, most of the technical information we presented in this article are available from "whois" information of the registered websites, and are available for public.

History of hijacked journals
On August 11, 2011, a cybercriminal registered the expired domain "sciencerecord.com"to misuse it as a place for a mixed project of three hijacked journals and seven fake journals, including hijacked journals: Science Series data report, Innova Ciencia, and "Science and nature", and fake journals: America scientist, International research journal of humanities, International research journal of engineering and technologies, International journal of medical discovery, International journal of professional artist, Pioneer architects &urban designers, and International research journal of basic and applied sciences.However, he launched those hijacked and fake journals in January 2012, after his other work "Archives des sciences" that was online in 2011.We should say that a fake journal is different from a hijacked journal in that it has never been registered by a person or organization.In the case of those seven fake journals under the category of science record journals, all of them had fake ISSN numbers that never have been assigned to any journal by ISSN organization.
On October 23, 2011, the same person who had registered the expired domain for science record journals, registered the domain "sciencesarchive.com,"which he intended to be mistaken for the authentic website for a Swiss journal entitled "Archives des Sciences" (Jalalian, Mahboobi, 2014;Jalalian, 2014a).During 2012 and 2013, other journals have been hijacked, but they numbered to a few cases such as Tekstil, Pensee, Jokull, and Revistas Academicas journals.
In early 2014, a cybercriminal using the pseudonym "James Robinson" and a fake address in Dubai, United Arab Emirates, brought a new phenomenon to the world of academic publishing, i.e., "Mass journal hijacking".He created fake websites for too many academic journals, including the "Journal of the American Medical Association" (one of the world's leading journals in publishing high-quality medical research), the Journal of the Balkan Tribological Association, Scientia Guaianae, Cadmo, Entomon, Revue Scientifique et Technique, Agrochimica, Terapevticheskii Arkhiv, Ama: Agricultural Mechanization in Asia, Africa & Latin America, Fauna Rossii I Sopredel Nykh Stran, Kardiologiya, PSR health research bulletin, Teoriiai Praktika Fizicheskoi Kul'tury, Azariana, Italianistica: Rivista di Letteratura Italiana, etc.We have some information that support the James Robinson is also behind of the hijacked journal "Epistemology" the Tomas Pub journals (Tomas Publishing), and other journals; however, we need more supportive information.Regarding the "Tomas Publishing", it was a full fake publisher with the same strategy and concept that we have seen behind two other fake publishers (Revistas Academicas, and Science Record Journals).The full scale fake publisher Tomas Publishing was a fake brand and place for hijacking six scientific journals including Der Präparator (Praparator), Education, Systems Science, Politica Economica (Journal of economic policy), Philippine scientist, and Chemical modelling.We assume that the Tomas Publishing was the first job of the mass journal hijacker "James Robinson".
Another cyber criminal who used the pseudonym "Ruslan Boranbaev", is the person who hijacked the first academic journal (Archives des Science) in October 2011, and registered the first domain for ten hijacked and fake journals under the title of "Science record journals" on August 11, 2011.Later, he designed a systematic plan for hijacking too many journals and hiding his identity.He also used the fake copyright of "Academic Information Press" under each of the science record journals, and under hijacked journal "Pensee" later, but never used that fake copyright under his other works.
Among the science record journals, the "Science Series Data Report" had an irregular ISSN and was the former title for "Fisheries research data report" (ISSN: 0264-5130), but its information was available on the master journal list of Thomson Reuters together with the second journal, Innova Ciencia.The science record journals had a stormy presence in the academic world till September 2013; we guess those journals might stole hundreds of articles from scholars around the world.We should note that the cybercriminal behind the science record journals used the manuscript templates of the "Canadian Center of Science and Education (CCSE)" and owned a laptop with brand "Sony".Indeed, he is not only the man who hijacked the first academic journals in the world (including Archives des science, Wulfenia, and science record journals), but also he has been behind of about 25 hijacked journals.Science record journals, Archives des sciences, wulfenia, and Pensee were the first and beginner jobs by the Ruslan Boranbaev and he left them all; however, he learned from his weaknesses and mistakes and later, in his second performance he used very expert and systematic approach to hijack too many other academic journals including Sylwan, Ciência e TécnicaVitivinícola, Revista Kasmera, Doriana, Natura, and others.
Another sad story that began in July 2014 was the story of an Assistant Professor of computer science and information systems from Saudi Arabia, along with his team members from Pakistan, who created fake websites for at least six journals including Journal of technology, BRI's Journal of Advances in Science and Technology, Magnt Research Report, Scientific Khyber, Saussurea: Journal de la Société botanique de Genève, and one of the four fake websites for Texas Journal of Science.We know that he is originally from Pakistan, his official and routine email address is [redacted], he holds a Ph.D. degree from university [redacted] in Malaysia, and he owned a laptop with brand "HP" during 2013-2015.Thanks to his excellent contribution to the quality of the scientific publications, he was promoted to a managerial position in the university [redacted] in Saudi Arabia.The question is that what he is really teaching to his postgraduate students!During January-June 2014 (and later in 2015), some the journal hijackers tried to convince authors of conferences papers to publish the full text of their papers in hijacked journals as a "value-added service" if they would pay a publication fee of a few hundred Euros (over and above the conference fees) (Jalalian, Mahboobi, 2014; Jalalian, 2014a).This deceptive approach is known to have occurred at an inactive monograph entitled "Reef Resources Assessment and Management Technical Paper", a De Gruyter journal entitled "Chemical and Process Engineering" that is a quarterly scientific journal with a 50-year tradition in Poland, "Fourrages", "Allgemeine Forst und Jagdzeitung", and "Revue Internationale de Psychologie Sociale".
Finally, the most recent and notable project in the history of hijacked journals is that in early 2015, Ruslan Boranbaev designed an automated call for paper spam system under the title of "Web of Sciences".Also, his latest work was hijacking the journal HFSP in May 2015, a few days before we write this paper.

Literature review
We searched the literature and contacted the people who maintain some of the hijacked journal lists on their personal weblogs and asked them if they have published journal papers on the topic of hijacked journals.Since very few journal papers have addressed the issue of hijacked journals, we present the list of all such papers in chronological order.After unofficially reporting the first cases of journal hijacking in 2012, a 2013 research reported another academic scam: Fake impact factors (Jalalian, Mahboobi, 2013).The authors addressed the progressive threat of hijacked journals, fake publishers, fake impact factor companies, and misleading metrics in a short paper entitled "New corruption detected: Bogus impact factors compiled by fake organizations" (Jalalian, Mahboobi, 2013).In February 2014, an Iranian journalist published an article entitled "Hijacked Journals and Predatory Publishers: Is There a Need to Re-Think How to Assess the Quality of Academic Research?"(Jalalian, Mahboobi, 2014).That article was the first comprehensive academic document on hijacked journals, and it listed some of the techniques the journal hijackers use to create fake websites mimicking real journals, to broadcast call-for-paper spams, and to hide their identities.The article also suggested some ways to detect and avoid hijacked journals; however, the new generation of journal hijackers is more expert than ever, and they are using new methods to hijack journals, collect publication charges, and hide their identities.
Later, in June 2014, a report entitled "Hijacked Journal List 2014" listed 19 hijacked journals and fake publishers.At that time, this was the most comprehensive list of hijacked journals available.However, just one year later, the number of hijacked journals is in the dozens.In August 2014, "Research Information" (Cambridge) published an interview with Mehrdad Jalalian and a paper entitled "Journal hijackers target science and open access" (Jalalian, 2014a).The author answered four main questions on hijacked journals, i.e., "1) How do hijacked journals occur?2) What problems do they cause?3) How can you identify hijacked journals?and 4) What can authors, readers, publishers, and others do about hijacked journals?"(Jalalian, 2014a).
In 2014, Serbian scholars Lukić et al. in their article "Predatory and Fake Scientific Journals/Publishers -A Global Outbreak with Rising Trend: A Review" discussed the problem caused by questionable journals and hijacked journals (Lukić, et al., 2014).In November 2014, Mehrdad Jalalian published a short article entitled "Hijacked journals are attacking the reliability and validity of medical research" and reported seven cases in which medical journals had been hijacked and warned the legitimate scientific community about the destructive effect of hijacked journals on the validity and reliability of medical research (Jalalian, 2014b).In December 2014, Mehdi Dadkhah and Aida Quliyeva wrote a short paper entitled "Social engineering in academic world" and stated that forgers use current practices of social engineering to trick their victims (Dadkhah, Quliyeva, 2014).They also reported some cases of social engineering attacks in the academic world.In March 2015, Mehdi Dadkhah and colleagues discussed a new problem, "the fake conferences" in their article entitled "Fake Conferences for Earning Real Money" (Dadkhah, et al., 2015a).According to the authors, setting up fake conferences has become an effective way of getting researchers' articles and publishing them in hijacked journals (Dadkhah, et al., 2015a).In May 2015, Mehdi Dadkhah and Mohammad Davarpanah Jazi published a letter to the editor entitled "Anare Research Notes Journal Is Hijacked" in the International Journal of Pharmacy and Pharmaceutical Sciences (Dadkhah, Jazi, 2015a).
"How Can We Identify Hijacked Journals?" is the title of another paper by Mehdi Dadkhah and colleagues in June 2015 that says most of the victims of hijacked journals to date were from developing countries (Dadkhah, et al., 2015b).They also mentioned that the titles of many of hijacked journals did not express a particular subject area, and that helped the hijackers publish articles in all areas of science."An Introduction to Journal Phishings and Their Detection Approach" is the title of technical paper by Mehdi Dadkhah and colleagues published in June 2015 (Dadkhah, et al., 2015c).In this paper, hijacked journals have been introduced as a new type of phishing attacks because of the great use of techniques related to such attacks.Another article (in press) by the same authors, entitled "Hiring an Editorial Member for Receiving Papers from Authors" addressed a new technique by journal hijackers, i.e., "call for editor" in hijacked journals (Dadkhah, Jazi, 2015b).They stated that some of the journal hijackers were "pretending their fake website belongs to a real and prestigious journal" and began to accept new editorial board members by sending multiple calls for editorials to respected and famous academic people, adding their names to their editorial boards, and misusing those names and the people's reputations to engender trust in other researchers and potential authors.
In June 2015, Mehrdad Jalalian published a rapid communication entitled "The story of fake impact factor companies and how we detected them" (Jalalian, 2015a).In that article, he presented the story of some of the main bogus impact factors including Universal Impact Factor (UIF), Global Impact Factor (GIF), Citefactor, and even a fake Thomson Reuters Company (http://www.isi-thomsonreuters.com), that are mostly originated from the South Asian country [redacted].Finally, "A second chance for authors of hijacked journals to publish in legitimate journals" is the title of the most recent article about hijacked journals in June 2015 (Jalalian, 2015b).That article discusses the logics behind allowing the victims of hijacked journals to publish their article somewhere else, but in a real journal without being concerned of duplicate publication (Jalalian, 2015b).

The journal hijackers; who are they?
Indeed, investigating the identity of journal hijackers was not the purpose of our scientific research on hijacked journals.However, we used the technical information of any registered domain of hijacked journals that is publicly available in their "whois" section, and other technical information to find the similarities between the different hijacked journals and to help us to decide whether or not a journal has been hijacked.Some of the journal hijackers have used various techniques and approaches, including marketing, social engineering, collecting publication fees, hiding their identities when they register the domain names of the fake websites, and using the same webhosting companies or servers to host the content of their websites.Researching every single case of hijacked journals and putting all of the information together gave us a clearer image of the phenomenon of journal hijacking, and we found that just a few people are behind most of the dozens of hijacked journals.
As we mentioned earlier in the section on the history of hijacked journals, three of the persons of interest in the world of journal hijackers are "the man behind the pseudonym "James Robinson" who uses a fake address in Dubai, United Arab Emirates, an East European IT scientist (that we know he is an expert web designer because of his works) whom we call "king of hijacked journals" and he uses the pseudonym "Ruslan Boranbaev", and an Assistant Professor of the Saudi Arabia university [redacted] and his team of WordPress experts from Pakistan.The so-called "James Robinson", however, is a man who used a systematic approach to accomplish his criminal goals, but the design of his hijacked journals show that he clearly has average or less knowledge of what happens in the academic world, and his "limited" knowledge and expertise related to web design and online journal management systems resulted in his creating lowquality web pages for the affected journals.In fact, he used the beginner level of Open Journal Systems (OJS) software, a product that was developed by the Public Knowledge Project (PKP), a non-profit research initiative.The only notable thing about "James Robinson" is that he is the man who mass hijacked too many journals.He was very careful to hide his identity, but he forgot to remove his footprints from his work especially when he used other pseudonyms for registering fake websites, using some random emails in filling the OJS contents (i.e., in the process of uploading the stolen articles to the counterfeit websites), and using the same server for hosting many of his fake websites.
The third person of interest in the world of journal hijackers, "Ruslan Boranbaev", deserves to wear the crown as the "king of the cybercriminals who have hijacked journals".As we stated earlier, he is the man who registered the domain "sciencesarchive.com"on October 23, 2011,to hijack the Swiss journal "Archives des Science" the first time such a foul act had been committed in the history of academic world.He also hijacked the journal "Wulfenia", and created the mixed hijacked-fake publisher "Science record journals" in August 2011 to host three hijacked journals and seven fake journals.Later, he created fake websites for many other journals, such as Pensee, Bothalia, Jokull, Ciência e Técnica Vitivinícola, Doriana, Revista Kasmera, Mitteilungen Klosterneuburg, Sylwan, HFSP journal (his May 2015's product), Cahiers des Sciences Naturelles, and Natura.Among all of the journal hijackers, the king of hijacked journals is special for some not-so-special reasons.First, he has hijacked almost as many journals as "James Robinson".Second, he did so using several techniques that are his hallmarks.Those hallmarks have given us a clear understanding of what he has done in the criminal field of hijacking journals and how he went about his dishonest and unscrupulous work.One of his main hallmarks, which later were used by "James Robinson", the Saudi Arabia professor, and others, is that he used services that hide the identity of the person who registered the domain name.We know that he is also a reseller of the domain registration company [redacted], an ICANN accredited registrar and a trusted name in the world of information technology since 2001.He also uses the service of "Whoisguard" to hide his identity but we can easily see his footprints on his earliest hijacking jobs (Archives des Sciences and Wulfenia).
Another notable finding in the journals hijacked by "Ruslan Boranbaev" is that he designed several payment portals (such as leadingpublishersportal. com, novelscientificfinding.com, and taylorspublications.com) to collect money from authors and readers (publication charges and subscription fees).Using the online payment portals, he is paid by credit cards, and he never discloses any personal information that would be required for direct wire transfer to his bank account.However, he collected publication fees for his beginner journal-hijacking jobs (Archives des Sciences and Wulfenia) using a bank account in Armenia.Another main feature of the journals hijacked by "Ruslan Boranbaev" is that he did not simply use email software, such as Microsoft Outlook; rather, he used an online service that is used mainly for automated broadcasting of mass emails and spam to make sure the IP number of the servers of his hijacked journals would not be blocked in the Internet for broadcasting spam.Also, as another layer of security, "the genius journal hijacker" uses dedicated servers to host his fake websites.Nowadays, he also uses the [redacted] service as another layer of security.
"Ruslan Boranbaev" has launched another brilliant service in his factory of mass journal hijacking, i.e., "Web of Sciences!"Yes, this is exactly the title of the new service provided to the world of journal hijackers in 2015 by the so-called "king of hijacked journals".By reg-istering the domain "webofsciences.com"and hosting it on a dedicated server in France, while using a mailing list research facility in England, he has introduced an automated system for collecting the email addresses of academic people around the world!Their names are related to specific keywords, and he can automatically send call-for-paper spams to them.By adding this service to his work, he is using a method that none of the real academic publishers has used to date, which indicates that he is using scientific methods and a systematic approach to do his dishonest work.The novel ideas of "Ruslan Boranbaev" are not limited to what we have presented so far; his masterpiece is creating a fake publisher entitled "Revistas Academicas", when he added four international journals, including Natura and Doriana, under the title of Revistas Academicas and cheated the Thomson Reuters and convinced them to create hyperlinks from the master journal list of Thomson Reuters to the counterfeit website "revistas-academicas. com".Later, Mehrdad Jalalian called Thomson Reuters and informed them about the hyperlinks to hijacked journals from their database, and they removed the hyperlinks.

Interesting cases of hijacked journals
This section presents the latest update of hijacked journals and consists of all of the hijacked journals we detected till June 15, 2015.Reading the story of some hijacked journals will inform readers about how they came into existence, how they are managed, and the approaches they use to cheat and steal money from academic researchers; we expect that the readers will want to use this information to avoid such hijacked journals in the future.Since telling the full story of each of the dozens of hijacked journals may not be of interest to the readers and since a journal paper with its word and page number limitations is not the appropriate place for it, only the interesting stories that have some educational value are presented here.Even so, we did list all of the hijacked journals we detected in Table 1.It is also important to note that some of the hijacked journals have more than one fake website address, as evidenced by what happened to the Texas Journal of Science, Archives des Sciences, Wulfenia, Afinidad, and the Jokull journal.Also, some of the fake websites for single journals are registered by the same journal hijacker, and some of them are registered by different individuals.

Cases group 1: Afinidad journal and its three fake websites
According to the Journal Citation Report (JCR, Thomson Reuters), Afinidad is a bimonthly journal published by "Asociacion de Quimicos del Instituto Quimico de Sarria" in Barcelona (Spain) that cov-ers Chemistry science.The Afinidad journal has been hijacked four times using four different counterfeit websites, i.e. "http://www.afinidad.org"(registered in November 2013), "http://www.afinidadjournal.es"(registered in January 2014), "http://www.bdssmgdl.org"(registered in January 2014) and "http://www.afinidadjournal.org"(registered in January 2014).The domain "afinidad.org"was registered first by Francis B. Afinidad in December 2000, using the email address [redacted] as the domain registrant.We have no idea what the purpose and content of this website were during 2000-2005, but it seems that Mr. Afinidad was a distinguished researcher in a university in the U.S. It seems he did not used his website for long time and the website has been offline at least since February 2005.We know that the domain name was for sale in 2011, and a journal hijacker bought it on November 26, 2013, and hide his identity using the service provided by [redacted].According to the who is technical detail, the hijacked journal on "Afinidad.org"used "ns830.websitewelcome.com"and "ns829.websitewelcome.com"as the Name Servers.The journal hijacker used the Joomla open-source content management system (CMS) to design the pages of the hijacked journal.Figure 1 shows the text that was available on the homepage of the hijacked journal on December 23, 2013.The hijacked journal (the fake website at afinidad.org)was active at least until December 2014, but, currently, it is inactive.It seems that the hijacker stole both the articles and money of the academic researchers and ran away.
The second counterfeit domain for the Afinidad journal was "Afinidadjournal.es".This domain was registered on January 14, 2014, by a journal hijacker, using the pseudonym "Jane Madlan" and the email address [redacted].We believe that the pseudonym "Jane Madlan" and its related email address belong to the mass journal hijacker "James Robinson", whose story was presented earlier in this paper.The domain used the servers named "ns1.md-30.webhostbox.net"and "ns2.md-30.webhostbox.net"from the time of registration to the present time.In contrast to "Afinidad.org,"which used Joomla CMS, the fake website of "Afinidadjournal.es"used the open journal system (OJS) to manage the content of the website.Again, in contrast to the first fake website, the second fake website set the "robot.txt"file on the root or the server to be inaccessible by any robots that could archive the content of its pages.
Figure 1 shows that a link to the profile of the real journal in the master journal list (MJL) of Thomson Reuters was available from the homepage of the fake website to show readers that the journal was listed with Thomson Reuters; however, we checked Thomson Reuters, and there was no link to the fake web-site in the MJL, but there was a link to the real journal website at "http://www.aiqs.es."Our research showed that the exact Uniform Resource Locator (URL) for the real journal is "http://www.aiqs.es/catala/afinidad. asp".We contacted the staff in the editorial office of the real journal, and they confirmed that "Afinidadjournal.es" is a fake website, and the contact details of the journal are "lidia.sirera@iqs.es"andlidia.sirera@aiqs.es.The current URL for the legitimate journal is "http://www.raco.cat/index.php/afinidad".
We also found a "hijacker against hijacker" story between the two hijackers who created two different fake websites for Afinidad journal.On January 6, 2015, we received an email from a researcher who had contacted the "Afinidad.org"website and asked which website was real, "Afinidad.org"or "Afinidadjournal.es".We should mention that we did not edit the content of the web pages (wherever we presented them in this paper) or their email replies.The hijacker behind the "Afinidad.org"responded to the author as follows: "Respected Author, Thanks for your kind message, please note that http://afinidadjournal. es was not journal real website which was a fake.Do not send papers to that site.Submit your papers directly to our email ID at afinidadjournal@gmail.com,Thanking You".
As we mentioned earlier, there are four counterfeit websites for the Afinidad Journal.The third and fourth counterfeit websites for this journal are "http:// www.afinidadjournal.org"and "http:///www.bdssmgdl.org".Both of these domains were registered by the mass journal hijacker "James Robinson" on January 12, 2014, using the registrant email address [redacted] and the pseudonym "James Robinson" exactly two days before he registered the second domain "afinidadjournal.es"for Afinidad journal.As we see, this is the only case in the history of hijacked journals that three fake websites are created for a single journal within two days.At the time of registration of third fake domain, he set the Name Servers of this website to [redacted] servers, but three days later, he set them to "ns1.md-30.webhostbox.net,ns2.md-30.webhostbox.net",exactly the Name Servers that were used for the second counterfeit website.He also used the service of [redacted] to hide his identity on January 15, 2015.It seems that, after registering the ".org" domain for Afinidad journal, he thought it would be better to register the".es"domain (the domain extension that is specific to Spain).The obvious intent was to have the authors think that the ".es" domain for that journal was the real website of Afinidad in case they had concerns that the ".org" domain was fake.As has been noted so far in this paper and as we shall continue to see from here to the end of the paper, the journal hijackers are quite good in their social engineering techniques!Finally, on May 5, 2015, we checked the website of "afinidadjournal.org," and it seemed that the website currently is being used for testing purposes for other journals that have been hijacked by "James Robinson".

Cases group 2: Archives des Sciences and Wulfenia
We tell the story of these two hijacked journals together because we believe they were hijacked by the same person.Also, they were the first journals in the academic world to be hijacked, together with the three hijacked journals in the list of science record journals * Using the word "Researches" shows the hijacker behind Afinidad is not a native English speaker (In English, the words "research," equipment," and "literature" are considered to be collective nouns, and the plural versions are never used) (Jalalian, Mahboobi, 2014;Jalalian, 2014a).As we mentioned earlier, Archives des Sciences is the first journal in the world that cybercriminals hijacked (Although before registering fake website for it, the same cybercriminal had registered the website for science record journals in August 2011), and the cybercriminal did so by creating the fake domain "sciencesarchive.com"for it on October 23, 2011 (Jalalian, Mahboobi, 2014; Jalalian, 2014a).The same person created a second fake website for this journal by registering the domain "archiveofscience.com" on September 2, 2012; and this person was the man we called the King of hijacked journals.In designing the website for this hijacked journal, his Majesty, the King of hijacked journals, stole the peer review template form from the Canadian Center of Science and Education (CCSE) (Jalalian, Mahboobi, 2014), a reputable publisher in Canada.He also got the idea of 35$ discount for wire transferred publication fees, from that Canadian publisher, that seems the website of CCSE was an origin of his copypaste jobs in creating and managing the first hijacked journals.The first counterfeit website later was redirected to a second counterfeit website, i.e., "archiveofscience.com",just one day after "Ruslan Boranbaev" registered the second fake domain for that hijacked journal.Having hijacked several other journals, e.g., Sylwan, Doriana, Nature, Kasmera, and other, the King failed to maintain his love for his very first work, "sciencesarchive.com"and he did not renew that domain after the first two years.The domain of his first hijacked journal was made available for sale in January 2014, shortly after the redemption period.
The domain "sciencesarchive.com"used the Name Servers "ns3043.hostgator.com"and"ns3044.hostgator.com"when they were registered, but, later, they were moved to "ns1.ipage.com"and "ns2.ipage.com,"which were exactly the same servers that were used by the second fake website, "archiveofscience.com".On September 4, 2014, the registrant and administrative email of the second fake website were changed to sciencesarchive@gmail.com, and the name of administrator of the domain was changed to the pseudonym, "Ruslan Boranbaev" with a fake address in the United States.That pseudonym also was used to register a fake website for Wulfenia journal and some of the online portals for collecting the publication charges of the hijacked journal "Achieves des Sciences".The second domain for the hijacked journal also expired, and the King never renewed it.All of the articles that were submitted by authors to both of the fake websites also were gone; however, someone from Israel has owned the domain of the stolen journal since December 4, 2014.
Regarding the Wulfenia journal, the cybercriminals registered three fake domains, i.e., "wulfenia-journal.at,""wulfeniajournal.com,"and "multidisciplinarywulfenia.org" for the journal on August 2, August 5, and September 13, 2012, respectively.We believe that two of them, i.e., multidisciplinarywulfenia. org and wulfeniajournal.at,were hijacked by "Ruslan Boranbaev,"and the other one, i.e., wulfeniajournal.com, was registered by "James Robinson" or someone who uses a similar technical approach.Among the three fake websites, two of them have gone offline, but the "multidisciplinarywulfenia.org"website is still doing its work.
The way the hijacked journals Archives des Science and Wulfenia collected publication charges from authors is notable.The person of interest used several types of payment methods by which the authors could pay the journal hijackers, including wire transfer to two bank accounts in Armenia, e-currency transfer service "Alertpay", and online payment by credit cards through a payment portal (novelscientificfindings.com).It seems that to make sure the identity of "the genius king" was not discovered, he used a thirdparty account number as the operator instead of his own bank account number.The "Alertpay" money transfer system also protects the identity of the recipient.Also, rather than using the online payment portal of other companies, "Ruslan Boranbaev", in 2012, created his own online payment portal at http://novelscientificfindings.com.However, his first online payment portal, was gone, and he created other online payment portals for his other fraudulent sites.He also registered a second portal on "taylorspublications.com" for online payments by authors of Archives des Science and Wulfenia.It seems that hijacking the journals Archives des Science and Wulfenia, and his work on "science record journals" acted as his self-training course to test and improve his abilities on all aspects of hijacking journals, hiding the identity, stealing articles, and collecting money without revealing his name.Thus, he developed his own style and approach in all aspects of hijacking journals, and he used his experience to successfully hijack the journals Sylwan, Revista Kasmera, and Ciência e Técnica Vitivinícola, as well as his 2013 and 2015 masterpieces:"Revistas Academicas" and the fake "Web of sciences".
Cases group 3: Bothalia, Pensee, Jokull, Ciência e Técnica Vitivinícola, Doriana, Kasmera, Mitteilungen Klosterneuburg, Sylwan, HFSP journal, Cahiers des Sciences Naturelles, and Natura The first hijacked journal among these cases was "Pensee".The acceptance letters and the technical detail of the domains under this category are essentially the same, and all of them used the same online payment portals to collect the publication charges.None of these domains accepted money via wire transfer, Paypal, Western Union, or any other method that would allow the payer to identify the recipient; rather, all of the domains required that payments be made online using a credit card.The person of interest created several online payment portals, including "researchpioneers.com"."leadingpublishersportal.com", "safeareapay.com","knowledge-insights.org", and "researchergate.com" to collect the publication charges of the Revistas Academicas journals, one of the Jokull hijacked journals(the one that uses the domain "Jokulljournal.com"rather than the one that uses the domain "jkljournal.com"),Ciência e TécnicaVitivinícola, and Sylwan.We also found that our King of hijacked journals also created many other websites and online payment portals to be used for his other business, which is fake online shopping centers that pretend to sell herbal medicine, Viagra, and other healthrelated products; the customer pays the price, but the goods never come!Indeed, we have some information that supports the people behind academic scam are also involved in other similar jobs; the owner of multiple big publishers of tens of questionable journals in North America is involved in online gambling and the founder of one of the most famous fake impact factor companies in India seems to be also involved in online escort service using the porno and escort website of [redacted].Maybe these pieces of information can be used in psychological and behavioral analysis of the academic cybercriminals in future by cyber psychology researchers.
The hijacked journal Sylwan has an interesting story.We think that Sylwan was the most active hijacked journal in 2014.The technical detail we found in hijacked journal Sylwan were the golden keys that gave us valuable information that showed all of the journals in this group have been hijacked by the same person (i.e., the same acceptance letters, the same online portals for collecting the publication charges, the same web design, the same call for paper spams, etc.).The domain "sylwan.ibles.org"was registered on July 31, 2008, for the first time, and it became inactive and expired in 2010.On April 25, 2014,it was registered again by "Ruslan Boranbaev" to be misused in hijacking of the journal Sylwan.In our investigation of the web pages of the Sylwan journal, we found a specific web page at "http://www.sylwan.ibles.org/artykul.html".The web designer of that website used the term "artykul.html"instead of "article.html" in that URL.We considered this information as a key to the confirmation of the mother tongue of "Ruslan Boranbaev" because web designers sometimes use their mother tongue in choosing filenames.
Among the journals in this category, the South African journal "Bothalia" has a unique story.This jour-nal experienced a double attack by the same hijacker who created two fake websites for it, but it seems (not confirmed yet) the real journal was victorious in changing the ownership of one of those fake websites to the real journal.The first fake domain (Bothalia.com) was registered by "Ruslan Boranbaev" on July 29, 2013, and he hide his identity as the registrant of that domain on the same day using the service of [redacted],however, beginning on August 20, 2014, he used [redacted] to hide the identity of the owner of the domain.Later, in December 2014, the journal admin detail changed and the domain was redirected to the website of the legitimate journal.We did not contact the real journal, but it seems that the South African publisher of the journal "Bothalia" was victorious in defeating the hijackers, or for any other reason, the fake domain is redirected to the real journal.However, "Ruslan Boranbaev", seeking revenge, decided to create a second fake domain entitled "bthla-journal.org"for the affected journal.
Other famous hijacked journals in this category are "Mitteilungen Klosterneuburg" and "Pensee"; and the newest one in this category is the HFSP journal that has been hijacked in May 2015.We think that hijacking of the journal "Pensee" acted as the Renaissance in the history of hijacked journals as it was the technical advance from the first cases of journal hijackings to the era of modern and scientific approaches in journal hijacking.Also, the journal "Pensee" provided us some key information that linked Ruslan Boranbaev to the "Science record journals".
Finally, the main notable work among the journals in this category is "Revistas Academicas".After his amateur work of gathering three hijacked journals and seven fake journals under the title of "Science record journals" in during 2011-2013, Ruslan Boranbaev registered the domain "revistas-academicas.com" on October 16, 2012, using a fake address in Dublin, Ireland, to launch the most dangerous project to date in journal hijackings.This website began by hosting four hijacked journals with the first three being Thomson Reuter's indexed journals, i.e., "Natura" from The Netherlands, "Doriana" from Italy, and "Cahiers des Sciences Naturelles" from Switzerland.He also added two completely fake journals to the revistas academicas: Mexican Journal of International Studies, and Mexico Journal of Multidisciplinary Sciences.Having a mixture of hijacked journals and fake journals under the same title was exactly what he did before on his 'Science record journals" in August 2011.The most notable thing about the "Revistas academicas" is that "the genius king of hijacked journals" convinced Thomson Reuters to provide a hyperlink from their master journal list to the fake websites of the first three journals (revistas-academicas.com).This made the authors feel that website was the real website of those journals, and Thomson Reuters validated those websites.We called Thomson Reuters' office and provided them with proof that "revistas-academicas.com" is a counterfeit website that was created by journal hijackers.Subsequently, Thomson Reuters removed the hyperlinks to the fake website of the journals Doriana, Natura, and Cahiers des Sciences Naturelles.However, there is still a big concern about the standard operating procedures (if there are any) in Thomson Reuters when they add the link to a website from their master journal list.The big question is that how they add hyperlinks to fake websites simply after a journal hijacker asks them to do so!We also found that the same problem happened on the hijacked journal "GMP review" from England, and "Allgemeine Forst und Jagdzeitung" from Germany.On May 17, 2015, we contacted the Thomson Reuters to remove the hyperlink to the fake website of GMP review (http://www.euromed.uk.com).We should say that both of the England and Germany journals are hijacked by the same person and it seems the journal hijackers learn from each other.
The King also upgraded the equipment of his journal hijacking factory by creating another portal that uses technical research on the Internet to acquire the email addresses of academic people around the world by misusing the name of the University of [redacted] in England.An example of the online laboratory for development of call for papers spam for the hijacked journal "Revista Kasmera" on the fake 'web of sciences' portal was available during May 2015 on the link http://r.webofsciences.com/2ksmifmu4uesbf.html.

Was it the full story? Did we miss any interesting case?
We stop telling the stories of the hijacked journals at this point.There are still a lot shocking stories about this phenomenon, including cybercriminals who can be compared with James Robinson and the Ruslan Boranbaev, especially those who "intentionally" hijacked some journals to integrate them with specific conferences, but we prefer to keep silent about those cases.Telling their stories could uncover the identity of some famous individuals, including professors and lecturers, managers of some of the English editing companies who are actively involved in publishing the articles of their clients in hijacked journals, some of the executive directors of international conferences (who unintentionally integrated their conferences with some of the hijacked journals and tried to publish the full text articles of their authors in hijacked journals), some IT technicians, some postgraduate students, and some Ph.D. scholars.We prefer to think about the reasons the academic world is infected by the virus of hijacked journals and fake publishers than to waste our time and energy to identify the journal hijackers or any other cybercriminals by name.

Hijacked journal list 2015
We already have given a lot of thought to hijacked journals, and the hijacked journal list 2015 (Table 1) is the second list after we published the first list of hijacked journals in June 2014.Other lists of hijacked journals have been developed and is being maintained by tens of other scholars in their weblogs.However, we believe that publishing a list of hijacked journals and also a list of questionable journals is just a short-term medicine for the progressive threat to the validity and reliability of published science.We believe that the new hijacked journals will publish tens or hundreds of articles before they are detected and added to any list of hijacked journals.The same story is true for the questionable journals.The great man of the history of literature, the Iranian ancient poet "Ferdowsi" criticizes using antidotes after death in his epic poem and story "Rostam and Sohrab" by saying that it is "too late for herbicide".Therefore, we believe it is better to vaccinate the academic world against the poisonous effects of both the hijacked and questionable journals before it is too late.We specifically mean that developing a list of "GOOD JOURNALS" is a far better and more effective way to achieve that goal than publishing lists of "BAD JOURNALS" (That refers to the questionable journals), "HIJACKED JOURNALS" (that refers to the legitimate journals that their online identity is stolen by cybercriminals), and "FAKE PUBLISHERS" (that refers to the publishers of journals that are not registered officially by real persons or companies).Developing lists of quality journals and evaluating the quality of the academic journals on each of the main aspects of scientific publishing, such as the editorial workflow, peer-review process, data quality, readability, searchability, accessibility, and other aspects, is our current concern and the topic of our research.Asking the researchers and authors to stick only to the list of quality journals will automatically protect the academic world against any threat by questionable journals, hijacked journals and fake publishers.
We believe that the quantitative measures (Impact factors, H-index, etc.) are not developed to evaluate the quality of scientific journals; but to be used for library and information science research; and their metrics should not be presented on the first page of scientific journals, otherwise they will mislead the researchers, authors, and even the research policy makers.We also know that it is the most difficult job to develop criteria for evaluating the quality of scientific journals when it is a matter of quality, not quantity and metrics.By saying that we believe the qualitative approach in evaluating the quality of scientific journals has advantages over the metrics and quantitative measures, we mean that even a new journal that considers all of the standards of high-quality peer review, editorial workflow, and publishing, can also be treated as a top-quality journal even though it may be in its first year of publication.
Speaking on hijacked journals, another piece of information that we are going to share with academia is that we believe that the authors who published in hijacked journals should have a second chance to publish their articles in legitimate journals (Jalalian, 2015b).Finally, we close this discussion by presenting the current list of hijacked journals (Table 1).