For years, "The Spine Collector" has been haunting publishers around the world, attempting to steal manuscripts by famous authors.
As Vulture describes, for years somebody has been attempting to get their hands on upcoming books by the likes of Margaret Atwood, Stieg Larsson, Sally Rooney, and Ethan Hawke by creating fake domain names that appeared - to the unwary - to be those of companies in the publishing industry.
More than 160 fraudulent domains are said to have been registered in an attempt to impersonate real entities and individuals from the world of publishing. The domain names were confusingly similar to genuine domains, often using simple tricks such as replacing a lowercase "m" with the lowercase letters "rn".
For instance, a domain like "penguinrandornhouse.com" could be easily mistaken for "penguinrandomhouse.com".
By sending convincing emails that posed as industry colleagues, the fraudster known as "The Spine Collector" was able to trick publishers and others into handing over manuscripts of books.
We are used to bogus domains being used in phishing and other online attacks, but it has almost always been with the motive of stealing sensitive data or raiding financial accounts. To use such - admittedly simple tricks - to steal unpublished books really is out of the ordinary.
What was also strange was that the books were not being pirated or distributed on the internet. Ransoms were not demanded for the manuscripts' safe return. Indeed, publishers and the authorities were stumped as to what possible motive might be behind the attacks.
Could it be that the attacker was just a reader who had no patience to wait for a book to be properly published?
The truth, if anything, appears to have been even more bizarre.
Filippo Bernardini, a rights coordinator at Simon & Schuster in London, was arrested this week at JFK International Airport in New York. The US Department of Justice claims that Bernardini had been "trying to steal other people's literary ideas for himself" since at least August 2016, using his inside knowledge of the publishing industry to impersonate agents, editors, and others to fraudulently gain pre-publication access to manuscripts.
More details of the charges against Bernardini, and the methods he is alleged to have used, can be found in the US Department of Justice's sealed indictment against him.
Simon & Schuster is reportedly shocked by the allegations against Bernardini, and has suspended him while investigations take place:
“The safekeeping of our authors’ intellectual property is of primary importance to Simon & Schuster, and for all in the publishing industry, and we are grateful to the FBI for investigating these incidents and bringing charges against the alleged perpetrator."
29-year-old Bernardini has been charged with wire fraud and aggravated identity theft, and could face as much as 22 years in prison if found guilty.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 19, 2024
November 14, 2024