Hacker News new | comments | show | ask | jobs | submit login

Several years later, and even with the code, researchers are not able to summarize a complete list of what stuxnet definitely does.

What I see here is that the word "sophistication" is misunderstood by a lot of people.

Stuxnet took control of multiple layers of complex production environments. There are numerous "0day" kits in the code.

It's not like an effort like a search engine or most other organized software projects, because there are logistical dependencies of the worm itself in those exploits. If it was a US-israel effort (I think it almost definitely was, but who cares) then consider how much discipline and effort it takes to keep TWO govt groups of hackers coordinated enough to keep those exploits fresh, whilst simultaneously building a dependable worm.

Another thing, a lot of the actual machinery and shit isn't very well known, and this is worth mentioning because it's not like you can go spin up an emulator for this shit to test out your massively devastating two-country worm on.

Stuxnet of course made the best of this by using lots of different exploits in different situations, giving it the biggest attack surface it could, that's low hanging fruit anyways.

I think stuxnet doesn't impress people because maybe they think it's just a bunch of bugs in old shitty software, but it's so much more than that. It's bugs in software that only a few hundred or maybe a few thousand people have ever seen, much less pentested, on machinery that's rare and sometimes even unique to the location, the infrastructure of the place is based on rough intel at best, and oh by the way, your spy hackers need to coordinate with this other group on the other side of the planet.

Start brainstorming how you'd pull it off, and I think it'll become more imrpressive as you do.

Personally, I think it's the most incredible display of skill and prowess in malware thus far. The years I've spent disassembling, reversing, tracing, filtering, researching... A lifetime of hacking doesn't even knock the dust off of a project like that.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: