[goatkarma]

20 years of working in HE IT.

Random unaffiliated Scihub users in China contacting our University IT helpdesk after the phished accounts Scihub was using to proxy an article had reached it's EZproxy download limit and the 'you have been blocked' message they receive instructed them to contact our helpdesk!

[nicoburns]

You might be making quite the assumption that those account credentials were phished, rather than voluntarily donated to Scihub. Support for the project is pretty wide (probably well above 50% of academics), so I'd expect credentials from almost every university to be donated to them.

[goatkarma]

It is definitely a possibility. Our Security team have a quite rigourous follow-up process and that's never been raised but absolutely not out the realms of possibility. However some accounts for users in non academic departments have been used previously too. I can guarantee Sandra in HR has no interest in open science :-D

I should note that I am a huge advocate for OA and thinks the who journal ecosystem is a rotten house of cards waiting to tumble. I just see the direct impact of phished accounts at my institution..

[nguoi]

I think you should have indicated that you weren't certain in the original accusation.

[goatkarma]

I'm not sure if you caught the above comment but I can be certain that professonal services staff (HR, admin etc) who's accounts have been used by Scihub definitely did not give their credentials voluntarily. They have zero interest in Scihub or access to material.

[buboard]

are u sure they were really "phished"? scihub would have no problems finding volunteers who would 'phish themselves'

[HorstG]

And after donating credentials, the donor and IT are better off just claiming the password was "phished" (winkwink) when caught.

[gsich]

"proof"