Social Engineering – Baiting

Baiting…  OK, not the stuff you go to the local tackle shop and buy before you go fishing for the weekend…. or a piece of cheese in a mousetrap.

Baiting involves dangling something you want, to entice you to take an action the hacker wants.

It can be in the form of a music or movie download on a peer-to-peer site, a free cd or DVD through the post or attached to a publication.  Or a nice shiny USB drive.

Baiting is not just a ploy of the criminals.  If you believe the stories it can be a USB flash drive left out in the open for you to find; if you’re an Iranian Nuclear scientist.  Then once it is used or downloaded, the person’s computer is infected with a cyber program like Flame or Stuxnet.  Malware credited with damaging the control systems on centrifuges in Iran’s nuclear plant and allegedly co-developed by the Americans NSA and Israeli Mossad.  Or it was purely the brainchild of Israel’s military intelligence agency Aman and Unit 8-200, and endorsed by the White House. if you believe the book by Dan Raviv and Yossi Melman.

The program Flame was built first — a Trojan horse code designed to penetrate the Iranian nuclear sites and “suck information about the (uranium-enriching) centrifuges and how they operate,” Melman said. Once the Israeli and US cyber experts got that information, they were able to build Stuxnet.

So, state funded baiting.