/1 Rhet-compromised - I'll be talking about this project (/w @billhd) tomorrow at a fac meeting, so here's a geocoded map of 100+ college/universities with websites compromised by digital agents of papermills. In most instances the attacks are active: https://batchgeo.com/map/91abaece19af291b89dfb01f8d46d425

/2 Key takeaway: agents working to benefit papermills have crossed over from ethically questionable yet still legal practices to practices of systematic and illegal electronic intrusion

/3 The sheet documents attacks that benefit 14 papermill domains via the use of botnets that primarily target 1) SQL redirect vulnerabilities 2) SQL content injection vulnerabilities 3) discussion thread content injection

/4 So, for one SQL redirect example, https://preventinjury.pediatrics.iu.edu/highschool/application-cover-letter-scholarship/14/ will redirect students that stumble on the compromised *.edu link to a papermill ( http://iqessay.com ). The scale of these redirect compromises takes advantage of search engine optimization (SEO) for *.edu domains &

/5 redirects students to papermills that immediately provide live chat, and will not identify when asked if they are, for example, the writing center.

/6 But beyond these botnet compromises and their scale, we want to point out that one of the most disturbing trends is the degree of "compromised recomposition" on university websites. This includes instances where legit university papers are *linking* and *promoting* papermills

/7 For example, WVU's College of Business & Economics scholarship page lists some legit resources for students, but on the right hand column they also link to an essay contest run by the papermill Essayontime which reads like a harvesting scam. https://business.wvu.edu/students/scholarships

/8 This isn't an isolated incident. We found essayontime links across other university resource websites linked in the geocode. At no point do these resource pages or essay contests identify that they are affiliated with a papermill.

/9 What next? First, the attacks are ongoing. Since we began to monitor this problem three months ago we have seen new SQL injections and old ones get patched. We recommend talking with university IT about the problem, and with instructors/students about active papermill #rhetops

/10 Second, these systematic attacks and papermill disinfo campaigns are related to larger disinfo campaigns we are currently facing. Thinking back on important papermill work by Ritter, @rmhoward, and others, these are teachable instances. Have students locate, identify &

/11 analyze these local instances. My own university has had compromises, and I am sure many others reading this thread have as well. Finally, as a WPA... If you have a student that used a papermill, dig deeper and find out if they were actively deceived. Report forthcoming

P.S. As @hypervisible talks about regularly, companies like @turnitin, Proctorio rake in the *billions* policing students & student work, but why is *that* the focus and not *offensive attacks* on edu networks by actors working on behalf of papermills and the like?