Gotta feed GPT-4 somehow. The only question is, is it GPT-3 doing the phishing?
posted by phooky at 6:00 AM on December 22, 2020 [4 favorites]

> penguinrandornhouse.com

Nice, first weaponized use of keming I ever heard of...
posted by kleinsteradikaleminderheit at 6:11 AM on December 22, 2020 [19 favorites]

Kerning indeed.
posted by tiamat at 6:14 AM on December 22, 2020 [1 favorite]

“Ultimately, how do you monetize a manuscript that you don’t own?”

By translating it for a large non-English market without strong copyright protection and beating the authorized publisher to that market.

There are a lot of failures of imagination going on in this article.
posted by mhoye at 6:16 AM on December 22, 2020 [15 favorites]

This sounds like the concept behind a Paul Auster or Don DiLillo manuscript that the editor rejects after the first draft.
posted by bendybendy at 6:20 AM on December 22, 2020 [2 favorites]

A patent registration for a new concept or idea or product based upon research is/can be worth a LOT of money...
posted by IndelibleUnderpants at 6:21 AM on December 22, 2020

This sounds like the concept behind a Paul Auster or Don DiLillo manuscript that the editor rejects after the first draft.

Maybe this is proof of concept then ...?
posted by carter at 6:22 AM on December 22, 2020 [1 favorite]

mhoye, that's an interesting theory, though I'm not sure how much of a jump you get unauthorized translations that way rather than waiting for publication. Also, the article didn't mention unauthorized translations showing up (the phishing has been going on for a couple of years), though maybe the NYT didn't check for that.
posted by Nancy Lebovitz at 6:34 AM on December 22, 2020 [1 favorite]

Not all hacks are for money. A lot of hackers treat it like a game and never make any effort to monetize their exploits. I can imagine a hacker who wishes they were a successful writer doing this.
posted by justkevin at 6:48 AM on December 22, 2020 [2 favorites]

While reading this I began thinking about the cutthroat demand for new content on streaming services like Netflix, Apple TV, Hulu, etc. A nefarious content executive or buyer could create a few layers of abstraction between an international literary phishing scam and an out-of-the-gate bid on release day for a debut book with strong script potential?
posted by colossal at 6:52 AM on December 22, 2020

Has somebody tried this with George R. R. Martin yet?
posted by srboisvert at 7:11 AM on December 22, 2020 [13 favorites]

Nice, first weaponized use of keming I ever heard of...

ReplyAll has a wonderful episode about phishing where several staff members get fooled by a @gimletrnedia.com address.
posted by little onion at 7:15 AM on December 22, 2020 [4 favorites]

They say the manuscripts don't show up on the black market. I could see publishing having a hard time finding them in languages where even the author's name (if attached at all) would not be searchable using the Roman alphabet. It also includes both well-known and debut authors, so if it's that, it's probably only in China, and it's more or less for the content only rather than the cachet of getting to market first with a certain thing. So if that's your racket I just don't see the point of going to all that trouble for unpublished (but almost definitely will be published) novel manuscripts when the world is full of content that would be much easier to steal and harder to get caught stealing.

The article mentions scouts but doesn't really explain why it's the best explanation. There is a lot of pressure on young scouts to get hold of manuscripts before they're published or even acquired. If an editor is seriously thinking about acquiring a book but hasn't yet, THAT'S when the scout wants it, and unless they're directly affiliated with the publisher or agency, there's no real above-board way to get it. The traditional way is via ~relationships~ (being friendly enough with in-house and in-agency people that you want each other's career to succeed so you bend the rules for each other). That's gotten harder and harder over the years, as productivity expectations at publishers, like the rest of the corporate world, have increased without any extra support or time allotted. Editors need to save the "let's have a drink or coffee and talk shop" time for agents, and vice versa. A scout has a good chance of being more tech-savvy and more cutthroat than the average book publishing person.

It also occurred to me that these could be used in one of those "let's see what happens if I change the name and submit this so I can prove that publishing is racist against white people/regular racist/obsessed with status" things but I think a scout is more likely.
posted by lampoil at 7:18 AM on December 22, 2020 [3 favorites]

This sounds like the concept behind a Paul Auster or Don DiLillo manuscript that the editor rejects after the first draft.

Borges or Eco, too
posted by Caxton1476 at 7:22 AM on December 22, 2020 [1 favorite]

Not crazy about how many times this article was like "they not only targeted famous authors, but also bigtime losers whose work is completely worthless!"
posted by theodolite at 7:44 AM on December 22, 2020 [5 favorites]

Whoever the thief is, he or she knows how publishing works, and has mapped out the connections between authors and the constellation of agents, publishers and editors who would have access to their material.

If you dive into the acknowledgements pages of these authors books, the authors themselves often call out editors, agents, researchers, etc. Doing this across multiple works from the same author or the same publisher, cross reference with google and LinkedIn and you’ve got a web of players to impersonate.
posted by dr_dank at 7:45 AM on December 22, 2020 [3 favorites]

Not extremely simple, but quite feasible with modern computing power.

Mail.app -> Preferences -> Composing -> Mark addresses not ending with correctcompanydomain.com.

Voilà, modern computer power engaged.
posted by sideshow at 7:47 AM on December 22, 2020 [2 favorites]

>Not extremely simple, but quite feasible with modern computing power.

Mail.app -> Preferences -> Composing -> Mark addresses not ending with correctcompanydomain.com.

Voilà, modern computer power engaged.

This only works when sending mail; it doesn't make any kind of visual difference to received mail.
posted by hanov3r at 7:48 AM on December 22, 2020

Mail.app -> Preferences -> Rules -> Add Rule -> [Not at my computer but set the color of the email to a something other than the default if the to/from doesn’t match your corporate email domain]

Violià, modern computer power even more engaged.
posted by sideshow at 7:55 AM on December 22, 2020

But, the only real solution is to train your employees against social engineering attacks. All the technology solutions in the world won’t protect you if “Bill in Accounting” can call up somebody inside and get them to remind him the account password because he’s away from his password list on his desk and his boss Mary reaaally needs those TPS reports etc etc etc.
posted by sideshow at 8:03 AM on December 22, 2020 [1 favorite]

Not crazy about how many times this article was like "they not only targeted famous authors, but also bigtime losers whose work is completely worthless!"

Honestly, I'm just glad anyone is thinking of us at all.
posted by some loser at 8:36 AM on December 22, 2020 [24 favorites]

Given the quality of most first draft manuscripts, it's a pity this phisher couldn't have the ability to disappear them entirely.
posted by PhineasGage at 8:42 AM on December 22, 2020 [1 favorite]

I don't understand what the scouting scouts do is for. Can someone explain it in a way a golden retriever would understand?
posted by Pembquist at 8:45 AM on December 22, 2020

Do they even know that you can get paid a low, low wage to read the slush pile? Why do it for free?
posted by fiercecupcake at 9:09 AM on December 22, 2020 [2 favorites]

I receive these phishing emails every so often and they come off like automated questing, pumping out emails to whatever has an @ and logging who opens, who clicks through, who's likely to be a real person, etc. They do the kerning thing all the time.

Graduating to grabbing manuscripts just seems like step two in this process, testing social engineering methods within likely respondents. Makes sense to me that you'd randomize this process, otherwise it becomes a fairly obvious directed attack and would trigger a defense. (Especially if they managed to snag a high value manuscript, like GRRM's The Winds Of Winter, or a portion of whatever Rowling is working on next. Harry Potter and Everyone Is The Gender I Personally Want Them To Be, presumably.)

My own assumption is that this is rote corporate/international espionage stuff, laying the groundwork for when it's actually needed. The Big Chungus Publisher I'm related to basically saw this happen when Fire & Fury became a thing way back in 2017. We weren't given details, of course, but those of who knew folks within the piracy and network departments definitely got the impression that a buuuunch of tentacles had all just sprung to life.

When I was reading stuff about the 2016 election DNC and RNC hacks, it all sounded very familiar. So I wonder if it's even the same outfits doing the phishing, maybe even as fun downtime in between high-stakes political targets.
posted by greenland at 9:49 AM on December 22, 2020 [3 favorites]

I don't understand what the scouting scouts do is for.

Film and TV, mostly. In addition to the obvious reasons they'd want the manuscript sooner than other scouts, Hollywood also cares a lot more than publishing about whether there's something coming that might be similar to what you or a competitor already has in the portfolio. It also explains why they'd want debuts when (sorry but) the pirate market wouldn't—the general public can't know they want something they've never heard of, but getting things no one knows about yet is the whole point for a scout.
posted by lampoil at 10:43 AM on December 22, 2020

But, the only real solution is to train your employees against social engineering attacks.

We only say this because the tools are trash. Email clients should definitely warn you if you’re about to send mail to someone you haven’t before, or that look suspiciously close to addresses you have, and they don’t.
posted by mhoye at 11:04 AM on December 22, 2020 [1 favorite]

first weaponized use of keming I ever heard of...

MeFi's own
posted by nickmark at 11:04 AM on December 22, 2020 [5 favorites]

Why is scouting for film and TV rights something you'd need to skulk around for, though? Isn't it neutral-to-advantageous for publishers/agents/writers to get their manuscripts in front of buyers? Or is this just about the competition research angle?
posted by trig at 11:54 AM on December 22, 2020

Our company mailserver adds "[EXTERNAL]" to the subject when the email didn't come from the company mailserver; feel like more companies should do something like that.
posted by Aleyn at 12:18 PM on December 22, 2020 [1 favorite]

Not crazy about how many times this article was like "they not only targeted famous authors, but also bigtime losers whose work is completely worthless!"

As a bigtime loser, I’m sad that no one is phishing for my incomplete detective novel. :(

Also, Random Penguin House would have been an amazing name for a publisher, such a missed opportunity.
posted by betweenthebars at 12:19 PM on December 22, 2020

You skulk to see it first. If you wait until someone shows it to you, other people are seeing it too. Scouts aren't the only people in the book business who care about being first, but they may be the ones for whom being first is the most fundamental part of their job.

You may not believe me that it's a good enough reason to be this sneaky about it, and speaking for myself I agree with you. But I know that scouts try to see manuscripts that aren't yet ready/authorized to be shown because scouts have asked me for manuscripts that aren't yet ready/authorized to be shown.
posted by lampoil at 12:34 PM on December 22, 2020 [2 favorites]

I think this is probably the work of a one person with nothing to lose, enjoying their last days. It appears (to me) as one person who has been stuck in one place for a long period of time and likes to be first in a way that is probably very personal and cannot be shared. They are probably in a long term care environment with limited supervision, perhaps a chronic illness home. As long as this person is alive and interested, this will continue.

Who are the bed-bound literature hounds with excellent technical skills, no fear and lots of money that we know about? This person is working alone.

Given that they are imitating the gimme gimme style of publishing insiders, it's likely someone who worked in that industry as an editorial assistant or editorial coordinator for someone who taught them control.
Something happened, probably in 2008/09. This person went into tech, skilled up, got rich, and has now been waylaid with no end in sight.

Is this article likely to bring this person to the surface? Unlikely, this person is probably unlikely to want to be in the position of reading paper books sent directly by publishers like all those damned reviewers!
posted by parmanparman at 12:38 PM on December 22, 2020 [2 favorites]

The World We Live In...
posted by Windopaene at 3:59 PM on December 22, 2020

>> sounds like the concept behind a Paul Auster or Don DiLillo manuscript that the editor rejects after the first draft.

> Borges or Eco, too

what am i chopped liver
posted by Reclusive Novelist Thomas Pynchon at 5:34 PM on December 22, 2020 [19 favorites]

This seems to have happened to a friend of mine a few days before the article came out. Baffling.
posted by gottabefunky at 9:52 AM on December 23, 2020

This is classic field work by time-traveling/parallel universe-hopping anthropologists, collecting before Alexandria burns.
posted by bigbigdog at 5:21 PM on December 23, 2020 [2 favorites]