Talk:Stuxnet

This is the talk page for discussing improvements to the Stuxnet article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1, 2: 90 days

Stuxnet was a Engineering and technology good articles nominee, but did not meet the good article criteria at the time. There may be suggestions below for improving the article. Once these issues have been addressed, the article can be renominated. Editors may also seek a reassessment of the decision if they believe there was a mistake.

Article milestones
Date	Process	Result
January 11, 2011	Good article nominee	Not listed

A fact from this article appeared on Wikipedia's Main Page in the "Did you know?" column on September 28, 2010.

The text of the entry was: Did you know ... that Symantec claims that the majority of systems infected by the computer worm Stuxnet were in Iran?

Military history: Technology / Weaponry / Middle East / North America / United States C‑class

This article is within the scope of the Military history WikiProject. If you would like to participate, please visit the project page, where you can join the project and see a list of open tasks. To use this banner, please see the full instructions.Military historyWikipedia:WikiProject Military historyTemplate:WikiProject Military historymilitary history articles

C

This article has been rated as C-class on the project's quality scale.

This article has been checked against the following criteria for B-class status:
Referencing and citation: criterion not met Coverage and accuracy: criterion met Structure: criterion met Grammar and style: criterion met Supporting materials: criterion met

Associated task forces:
/
	Military science, technology, and theory task force
	Weaponry task force
	Middle Eastern military history task force
	North American military history task force
	United States military history task force

Iran

	Iran portal This article is within the scope of WikiProject Iran, an attempt to build a comprehensive and detailed guide to articles related to Iran on Wikipedia. If you would like to participate, please join the project where you can contribute to the discussions and help with our open tasks.IranWikipedia:WikiProject IranTemplate:WikiProject IranIran articles
???	This article has not yet received a rating on the project's importance scale.

United States Low‑importance

	United States portal This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions. Template Usage Articles Requested! Become a Member Project Talk Alerts United StatesWikipedia:WikiProject United StatesTemplate:WikiProject United StatesUnited States articles
Low	This article has been rated as Low-importance on the project's importance scale.

Computing: Software Mid‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles

Mid

This article has been rated as Mid-importance on the project's importance scale.

This article is supported by WikiProject Software (assessed as Mid-importance).

This article is supported by WikiProject Computer Security (assessed as High-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

The contentious topics procedure applies to this page. This page is related to post-1978 Iranian politics, which has been designated as a contentious topic.

Editors who repeatedly or seriously fail to adhere to the purpose of Wikipedia, any expected standards of behaviour, or any normal editorial process may be blocked or restricted by an administrator. Editors are advised to familiarise themselves with the contentious topics procedures before editing this page.

Collateral damage downplayed[edit]

The excessively lengthy introduction seems to be downplaying the extent with which Stuxnet caused damaged well beyond its intended target. There is also little in the article itself. This needs to be correctedRoyalcourtier (talk) 07:07, 1 January 2016 (UTC)[reply]

There was little to no actual collateral damage actually done. Stuxnet infected a great many computers sure, but once on the machine it literally did nothing but propagate to other computers then it shut down and became inactive. The only incident where it actually had unintended consequences to my knowledge was when it was first discovered and this was caused by a wierd interaction between a small antivirus protection software and the virus causing the computers to reboot. The infection and subsequent shutdown of the program is hardly damage. Learncraft (talk) 07:21, 25 January 2016 (UTC)[reply]

One could make the argument that the time & cost of removal Stuxnet and protecting systems from future infection, changing procedures, closing security holes, updating virus definitions, could be considered "damage". Also whatever costs to Siemens' reputation. i.e. "intangible". However, there's also an argument to be made that a company (Siemens) and a state (Iran) that are using the PLCs to manufacture enriched uranium, possibly for nuclear weapons (and the potential cost in human lives as a result of those efforts), should have, and possibly could have done a better job of protecting their hardware and software from attacks like this. Obviously the creators of Stuxnet knew these vulnerabilities existed, and the manufacturers of possibly weapons-grade uranium either did not, or the did but failed to address them. So one response to the allegation of "damage" might be to instead hold the entities affected responsible for whatever "damage" they incurred. People involved at the extreme end of the "danger" scale need to be extreme on the "security" scale also. It's an interesting assertion ("damage"), but very complex, and would need extensive discussion.Tym Whittier (talk) 18:29, 26 April 2019 (UTC)[reply]

Legality[edit]

There should be a section on legality. At the minimum this was an illegal act of sabotage, but it was quote possibly an act of war. This should be addressed in the article.Royalcourtier (talk) 07:09, 1 January 2016 (UTC)[reply]

I agree with this. A simple statement might suffice however, vs. an entire section.Tym Whittier (talk) 18:17, 26 April 2019 (UTC)[reply]

Could "Both Conditions" Be Made More Clear?[edit]

First I'd like to say this Article is very-will written (one of the best I've read), and with the idea that "better is the enemy of good", I'd like to suggest great caution in changing it. Having said that, this is the relevant passage in the Lede:

"The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users."

I understand one of the two conditions is the presence of "Siemens Step7 software", but I am uncertain as to what the other condition might be. I arrive at a theory that Stuxnet might scan for both the software and the presence of hardware (device driver, maybe), but this is not explicitly stated. The Article would be improved if "both conditions" were explicitly described in the Lede. Also the statement "in the absence of other criterion" make me wonder what that "other criterion" might be.Tym Whittier (talk) 18:15, 26 April 2019 (UTC)[reply]

Trim the lede[edit]

According to MOS:LEADLENGTH we should be enjoying a lede of about 4 paragraphs. The wording here appears to be much longer, and with some specific details that are perhaps unnecessary to readers trying to obtain an overview. Are there arguments against making the lede shorter? Chumpih. (talk) 00:02, 20 September 2021 (UTC)[reply]

Have moved some paragraphs from lede into History which appeared to be an appropriate place for the information. That said, the text moved could perhaps be given a more encyclopedic tone. Chumpih. (talk) 02:03, 5 November 2021 (UTC)[reply]