They got baited by the spies presenting themselves as investors, it fits imo. Furthermore I think people who are well-practiced in HUMINT and academics/researchers building up a legal case against a hacking group don't really overlap that much.
I recall reading a similar article regarding Citizen Lab where the researchers were also baited through interviews for new positions or capital/sponsorship in their relevant studies.
Edit, found the previous HN article (this is the same article but on a different site, the NY Times article is no longer accessible):
The article this discussion is about starts with a mention of Citizen Lab. It's true that the first sentence doesn't directly mention Citizen Lab, but it's tied together starting with the 8th paragraph.
In the same way you do it in Silicon Valley - pretend to be a member of a VC fund with a lot of money. Plenty of people have been duped into giving up secrets and product ideas to fake and real VC members.
Create a fake identity, fake company, then contact the researcher claiming you want to hire him/her. Get the researcher to come to a restaurant and secretly record the meeting while using leading questions to try to force the researcher into saying unpleasant things.
> How does one go about luring cybersecurity reaserchers?
Given the overwhelmingly male demographic of people who describe themselves as "cybersecurity researchers", probably with $2000 escorts and hotel rooms rigged with cameras.
It's not rocket science, literally one of the oldest espionage compromat tricks in the book.
How does one go about luring cybersecurity reaserchers?
Surely a cybersecurity researcher is not you’re average mark?
Luring is generally something an adversary does to an one who is unsuspecting.
I wouldn’t go so far as to say the us of the word is dishonest, but it sure seems to be leaning toward hyperbolic, or histrionic.
Maybe targeted would be a better word?