Exit question: I’ve asked this before but I’m still mystified by it. If one of the two goals of Stuxnet was to hide its sabotage by making centrifuge operators believe that everything was running smoothly, why was it so easily discovered by cybersecurity experts? Ideally, this thing should have run on Iranian computer networks for years and years, spinning its centrifuges into oblivion at every turn until Iran simply gave up in utter befuddlement at what the problem might be. Instead, it looks as though it ran for about a year (maybe less) before being detected. Is that … deliberate? If so, why? If not, why weren’t stronger measures taken to keep the worm invisible?
We know very little about the actual capabilities of the Stuxnet worm/virus/trojan/malware – pick any word that works for you. What I have seen so far indicates that the sucker is ‘waaaaaay overbuilt for what it has reportedly accomplished so far (one report I read said that the code contained at least four zero day exploits). What other very, very secret things could it be doing – or be patiently waiting to do?
If I were trying to fight this thing, I’d be frightened out of my mind about what I did not know about the full capabilities of Stuxnet. Here’s the Wikipedia article on Stuxnet. Given the evident complexities in the malware that we know of so far, it is not unreasonable to wonder what else is in there that we don’t know about yet.
(Frankly, given the field I work in, I am definitely worried about Stuxnet.)