Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> When mysterious operatives lured two cybersecurity researchers to meetings at luxury hotels over the past two months

How does one go about luring cybersecurity reaserchers?

Surely a cybersecurity researcher is not you’re average mark?

Luring is generally something an adversary does to an one who is unsuspecting.

I wouldn’t go so far as to say the us of the word is dishonest, but it sure seems to be leaning toward hyperbolic, or histrionic.

Maybe targeted would be a better word?




They got baited by the spies presenting themselves as investors, it fits imo. Furthermore I think people who are well-practiced in HUMINT and academics/researchers building up a legal case against a hacking group don't really overlap that much.


I don't know if a lot of academics/researchers would be able to explain even the basic concepts of "MICE" if asked. They're a soft target.


I’m not security expert, so I had to look that up.

MICE: Money, Ideology, Compromise or Coercion (depending on source), and Ego or Extortion (depending on source).

https://en.wikipedia.org/wiki/Motives_for_spying


Somewhat ironically, the Israelis have their own, cruder, initialism for this.


Hence the organizing of entire overseas conferences in order to lure them in.


I recall reading a similar article regarding Citizen Lab where the researchers were also baited through interviews for new positions or capital/sponsorship in their relevant studies.

Edit, found the previous HN article (this is the same article but on a different site, the NY Times article is no longer accessible):

https://www.cbc.ca/news/technology/citizen-lab-toronto-under...

HN discussion: https://news.ycombinator.com/item?id=19006477


The article this discussion is about starts with a mention of Citizen Lab. It's true that the first sentence doesn't directly mention Citizen Lab, but it's tied together starting with the 8th paragraph.


> luring cybersecurity reaserchers

In the same way you do it in Silicon Valley - pretend to be a member of a VC fund with a lot of money. Plenty of people have been duped into giving up secrets and product ideas to fake and real VC members.


Create a fake identity, fake company, then contact the researcher claiming you want to hire him/her. Get the researcher to come to a restaurant and secretly record the meeting while using leading questions to try to force the researcher into saying unpleasant things.


> How does one go about luring cybersecurity reaserchers?

Given the overwhelmingly male demographic of people who describe themselves as "cybersecurity researchers", probably with $2000 escorts and hotel rooms rigged with cameras.

It's not rocket science, literally one of the oldest espionage compromat tricks in the book.


No need to count out the females of SV being lured by that scenario either. Lets not be sexist, when both sexes sex.


Pretty sure escorts also come in the "male" variety.

...not that I would know...


Note that I didn't specify gender of the escort, either way is equally possible once a person's orientation has been identified.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: