Compared to the code of other sophisticated worms, Stuxnet was pretty basic in many of its capabilities, though it's unlikely one person could have written it all alone, according to information presented in talk at the Black Hat security conference in DC in January by Tom Parker director of security consulting services Alexendria, Va. Based Securcon.
"There are a lot of skills needed to write Stuxnet," Parker said. "Whoever did this needed to know WinCC programming, Step 7, they needed platform process knowledge, the ability to reverse engineer a number of file formats, kernel rootkit development and exploit development. That's a broad set of skills. Does anyone here think they could do all of that?"
"This was probably not a western state. There were too many mistakes made. There's a lot that went wrong," he said. 'There's too much technical inconsistency. But, the bugs were unlikely to fail. They were all logic flaws with high reliability." -- Threatpost
The programmers that created Stuxnet or tailored it to attack Iran's nuclear facilities should have been embarassed by their "amateurish approach to hiding the payload," according to Nate Lawson, founder and chief security researcher for Root Labs which specializes in cryptography, software protection and kernel security development and analysis.
Lawson compared the concealment routines to "what Bulgarian teenagers were doing in the early '90s."