In its search for some meaning to attach to this, Symantec says it has found a Wikipedia reference to Habib Elghanian, "who was executed by a firing squad in Tehran, sending shock waves through the closely knit Iranian-Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000-member strong Jewish community of Iran which continues to this day."
In citing this reference to Elghanian, however, Symantec immediately "cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate any party." That means the creators of Stuxnet might be leaving a few false clues to make the world think Israel created it while the truth might lie elsewhere. Nothing's known for sure.
In the report, Symantec goes no further in its statements on this issue. And in sticking to sheer technical detail, Symantec notes that programmable logic controllers "are often programmed from Windows computers not connected to the Internet or even the internal network."
In addition, the PLCs themselves are unlikely to be connected to the Internet, the report says. And in presenting what it acknowledges is a "possible attack scenario" that is "speculative," Symantec notes, "As each ICS is quite custom, the attackers will first need design documents. These design documents may have been stolen by an insider or even retrieved by an early version of Stuxnet or other malicious binary."
How successful has Stuxnet been in spreading? As of Sept. 29, 2010, there have been about 100,000 infected hosts, according to Symantec's estimate,. About 60% of these are in Iran, with the remaining in Indonesia, India and Azerbaijan, with the rest of the world seeing only small numbers.
"On August 22, we observed that Iran was no longer reporting new infections," says Symantec. "This was most likely due to Iran blocking outward connections to the command-and-control server, rather than a drop-off in infections."
Read more about wide area network in Network World's Wide Area Network section.