The US National Center for Biotechnology Information website is an invaluable resource for finding scientific studies and papers. Recently, it also became a promotional vector for a potential phishing site offering pirated movie streams.
Screenshot: NCBI
As Gizmodo discovered earlier this week, the science database was coming up in the first page of results for searches that included the word “watch” and the title of most movies currently playing in theatres, such as Black Panther, Fifty Shades Freed and Oceans 8. (I was trying to rent Thor: Ragnarok, OK?) A site-search of NCBI through Google for “full movie” returned nearly 40 pages of results, none more than a day old.
Given NCBI’s trustworthy reputation and .gov top-level domain, it tends to appear high in Google search results. After all, the overwhelming majority of content submitted to NCBI requires peer review by the scientific community. This high-ranking search score made it a valuable target for bad actors peddling pirated movies, who exploited a personal resume profile tool on NCBI called sciENcv.
While genuine submissions go through rigorous approval, sciENcv profiles can be made by anyone, and once made they can create pages called BioSketches – a document usually five pages or less listing your scientific qualifications, references and published works. In short: A resumé.
On the NCBI site, there appear to be no limits on the number of BioSketches any user can create, and even basic anti-spam features such as a confirmed email address aren’t required to start posting these pages – which share the ncbi.nlm.nih.gov domain and are indexed by search engines. Anyone seeking to leverage NCBI’s high trust score to push unrelated content could abuse this exploit. Some user profile pages show dozens of BioSketches which appear to link out to movie streams.
To guarantee even better results, the “Personal Statement” sections of these BioSketches were littered with the sort of SEO-bait word salad that plagued the early web.
Screenshot: NCBI
Though I haven’t (and don’t intend to) check every link associated with this sneaky loophole, one of these disguised links pointed to a site which McAffee’s TrustedSource utility lists as a “medium risk” for “potential illegal software”. The stream itself required the creation of an account, and the signup page redirected me to an unrelated, secondary website also containing potential illegal software according to TrustedSource. It’s likely these links are all generated by the same person or group of people using NCBI as an unwilling partner to dupe people into visiting a network of malware or phishing sites.
We’ve reached out to NCBI for comment but had not heard back at time of writing. It appears they have begun removing some of these junk CVs.