The January 26, 2010, edition of the New York Times includes two op-ed pieces on Stuxnet. In "25 Years of Vandalism," William Gibson (author of Neuromancer and coiner of the word "cyberspace") traces the history of hacking to 1986. He also claims that it is less likely that Stuxnet is "a cyberweapon purpose-built by one state actor to strategically interfere with the business of another" than "a piece of hobbyist 'street' technology." If he's right, this is probably even worse news than I thought. It seems likely that hobbyist crackers - who are probably more numerous and even less discerning than governments - can adapt each others' code more readily than the kind of sophisticated worm Stuxnet has been described as elsewhere.
Indeed, the other op-ed, "From Bullets to Megabytes" by Richard A. Falkenrath, former "deputy homeland security adviser to President George W. Bush," describes Stuxnet as a "sophisticated half-megabyte of computer code." Falkenrath's analysis of the fallout from Stuxnet is also more sophisticated on mine, touching on the likely effect on relationships between governments and the global information technology industry as well as raising questions about the legality of the authorization of the use of such malware by the U.S. President.
It's a scary place out there.
Ken Pimple, PAIT Project Director