Talk:Stuxnet/Archive 1

Archive 1

Archive 2

Iran change, pt. 2

I, too, added a minor edit regarding the relationship between Stuxnet and Iran's nuclear program. Prior to my edit, the Stuxnet entry claimed that analysis of the worm pointed to a purposeful attack on Iran's nuke facility. My edit clarified that the Stuxnet attack motive is speculative at the moment. Oneillrb (talk) 12:45, 23 September 2010 (UTC)oneillrb

Source of the Stuxnet

This statement "The US and NATO have cyberwarfare facilities in Tallin, Estonia which may have been involved in the development and deployment of the worm." was removed by me from the article because it's not sourced and made an original research conjecture. —Preceding unsigned comment added by 85.64.171.209 (talk) 13:19, 27 September 2010 (UTC)

Agreed, thanks for removing it. Smartse (talk) 13:31, 27 September 2010 (UTC)

decent Source for basic summary of everything

6 mysteries about Stuxnet Hope it is of use The Resident Anthropologist (talk) 02:59, 28 September 2010 (UTC)

Speculation

I just added the speculation template to the article. I mean, there's an entire section that has "speculation" as the title. Also, is there any proof of this worm targeting Iran? It seems like every article says that Iran may be the target of the worm. It doesn't seem like there's any proof of Iran actually being the target other than a coincidence that many infected systems are located there. Iran itself is not a reliable source, they spew out propaganda with no basis in fact on a regular basis. fintler (talk) 16:37, 28 September 2010 (UTC)

Have you read the article and the references? The article clearly frames the fact that it is all speculation - the speculation template says "Information must be verifiable and based on reliable published sources." which everything in the article is - I'd therefore suggest we remove it. If a reliable source speculates on something then it is fine for us to include it so long as it is made clear it is speculation. Many RSs state that Iran is the likely target (NYT, BBC, Guardian etc.) so we should clearly cover this. Iran's comments are fine IMO, I can't see how we can maintain a NPOV without them. Do you have any suggestions as to how we can improve the article, or are you suggesting we remove anything that is at all speculation? Smartse (talk) 16:49, 28 September 2010 (UTC)

I would prefer that speculation is removed (the mudslinging from all sides... Iran, Israel, USA, etc). An encyclopedia should be based on fact. Just as an example, a statement such as: "the group building Stuxnet would have been well-funded, comprising between five and 10 people, and that it would have taken six months to prepare" is speculation without anything to back it up. I could just as easily say something like this: "The sole Siemens engineer who built Stuxnet used his professional PLC experience and personal interest in windows rootkits to develop the worm over several years using little funding or resources". It seems like all of the news outlets are taking a bunch of opinion statements and attempting to repackage them as fact because they don't really have any facts to go with. The opinion statements, or statements that source the opinions don't belong in an encyclopedia. fintler (talk) 16:58, 28 September 2010 (UTC)

There's obviously a difference there - although both are possible - because a reliable source states the first, whereas you've just made up the second. True it would be good to know the truth, but we'll probably never know who did it so we can only go on what RSs speculate. I don't see the problem with speculation when this is the case. Smartse (talk) 17:31, 28 September 2010 (UTC)

To add to the speculation, has anyone considered that 9001 super hackers from 4chan's double secret /i/ are probably behind all of this as part of Anonymous Iran? ;) fintler (talk) 17:08, 28 September 2010 (UTC)

Now that is speculation, and belongs on a forum, not here! Smartse (talk) 17:31, 28 September 2010 (UTC)

Removed content

I removed: "Kaspersky Labs has released a statement that Stuxnet will lead to creation of a new arms race in the world, while noting that the infections in Iran are off the charts." because I feel this is too sensationalist. "Stuxnet targets not only nuclear facilities but a variety of SCADA-based environments, including non-nuclear power generation and transmission facilities, oil refineries, chemical plants, water management facilities, and factories." because we're nto sure what the actual target is, sure it probably infects all of these, but that's not the same as saying it targets them. "Stuxnet could make Iran the first victim of cyber warfare in history." because this is incorrect, Syria most probably was as part of Operation Orchard. Smartse (talk) 19:57, 28 September 2010 (UTC)

Your removal of the content was not warranted. Kaspersky Labs are experts in the field and their statements are not based on sensationalism regardless of how you feel. If you have a source which explicitly says that Kaspersky Labs is sensetionalist then it is something else. The sources already mention the fact that though Suxnet infects all machines but its target is a specific one. And this is already noted in the body of article. Just because we do not know the target it does not warrant to hide the facts. At the end the sources again put Iran the probable first victim of a real cyberwar as compared to innocuous Denial service attacks or website defacements because stuxnet as per expert who specialize in malware is designed to destroy a physical target.--Pymansorl (talk) 04:36, 29 September 2010 (UTC)

Personal feelings

It is noted in the history of the article that some respected editors are removing material from the article based on their personal feelings and their personal speculation. It is reminded here that wikipedia is an encyclopedia. The materials being removed are backed by sources which quote the best laboratories and experts in the field. The mere fact that this situation is an ongoing one and research into it is continuing to the problem does not warrant to brush it under the carpet and hide the facts. Surely the counter points to the views in the article can be added provided they are sourced and cited. Please refrain from removing cited material from the article based on your personal views. Thank You.--Pymansorl (talk) 04:52, 29 September 2010 (UTC)

Just reverted your last contribution which weaseled US is behind the Stuxnet with no direct sources, just by synthesis of reports made before anyone heard about Stuxnet. 85.64.171.209 (talk) 09:25, 29 September 2010 (UTC)

I agree, it was pure synthesis. --Golbez (talk) 13:13, 29 September 2010 (UTC)

Myrtus/Esther Speculation

I suggest someone include this new york times article under the speculation heading in the article. At the very least it contains some information on the worm. At the most it highlights an interesting clue as to the people who coded the worm. http://www.nytimes.com/2010/09/30/world/middleeast/30worm.html?pagewanted=1&hpw Cheers. LazyMapleSunday (talk) 19:44, 30 September 2010 (UTC)

Current Event

This article needs to indicate it's covering a current event. --173.161.6.33 (talk) 16:14, 29 September 2010 (UTC)

{{current}} isn't placed on articles just because it is a current event, after looking at Template:Current_event#Guidelines I don't think it is required on this article at the moment. Smartse (talk) 19:54, 30 September 2010 (UTC)

"Date"

According to this source: "The malware does contain a date however – May 9 1979. The date coincides with the execution of an Israeli businessman in Iran, but he explained it was also, for example, the birth date of actress Rosario Dawson so could be a red herring." But our article says "The worm contains a component with a build time stamp from 3 February 2010." Perhaps they are talking about two different things? --BorgQueen (talk) 05:39, 1 October 2010 (UTC)

First possible disclosed victim of Stuxnet

Can someone add this to the article [1]?--85.64.157.194 (talk) 14:37, 6 October 2010 (UTC)

60% of computers in Iran?

The article claims that 60% of the affected computers are in Iran. Later in the article it lists the number of computers affected in different countries. There it claims that 6 million Chinese computers have been affected with Iran coming in at only 62 thousand (1% as many). The article isn't self consistent. If the 60% number is going to be left in the article should make it clear that 'early reports indicated that 60% of the effected computers were Iranian' or something to that affect. I would vote to remove it all together. Ender8282 (talk) 22:03, 3 October 2010 (UTC)

Sources report the changing numbers. http://www.infoworld.com/t/malware/stuxnet-worm-iran-mainstream-media-global-nuclear-meltdown-796?page=0,0 "Since the beginning of July, Kaspersky's Internet-based scanner -- which primarily scans personal, not business, systems -- caught 86,000 infected PCs in India, 34,000 in Indonesia, and 14,000 in Iran. Back in July, when Kaspersky first started scanning for Stuxnet infections, India had 8,600 infected PCs, Indonesia had 5,100, and Iran had 3,100." "Symantec's July 16 report says that 40 percent of the infections seen at that point were in India, 33 percent in Indonesia, and 20 percent in Iran. Shortly after, Symantec started intercepting Internet traffic bound for Stuxnet's "phone home" website, and the numbers shifted. The numbers get a little dicey because Stuxnet doesn't always phone home, and because Symantec was only able to collect unique IP addresses -- it couldn't identify individual PCs. Given those caveats, over a 72-hour period Symantec picked up 8,000 infected "phone home" calls from different IP addresses in Iran, 2,600 from Indonesia, and 1,200 from India.

In August and September, Iran, by most reports, seems to have topped the infection charts. But in the past weeks, according to Kaspersky, Iran has cleaned many infected systems, while India has not -- and Russia and Kazakhstan infections grew steadily. Kaspersky infection numbers right now are way up for Bangladesh, Iraq, and Syria, with Iran's infection rate below those in Russia and Kazakhstan. Still, local news reports in Iran confirm Stuxnet is still active, although the details appear overblown."

I think it appropriate to include the info in the article, perhaps in a chart. Sephiroth storm (talk) 10:08, 4 October 2010 (UTC)

Some media reports say that the virus was not meant to spread so widely. See e.g. the analysis at foreignpolicy.com. Blake Hounshell's asks himself: "Why did it spread so widely? John Markoff, the longtime tech reporter for the New York Times, takes on this question in today's paper. "If Stuxnet is the latest example of what a government organization can do, it contains some glaring shortcomings," he writes. "The program was splattered on thousands of computer systems around the world, and much of its impact has been on those systems, rather than on what appears to have been its intended target, Iranian equipment." He only offers one theory, however: "One possibility is that they simply did not care. Their government may have been so eager to stop the Iranian nuclear program that the urgency of the attack trumped the tradecraft techniques that traditionally do not leave fingerprints, digital or otherwise.
A couple points here. One is that Stuxnet does not seem to have had an "impact" on all those systems, for the reason noted in #1 above: It wasn't aimed at them. Second, it may be that the worm's designers needed it to spread within Iran to be effective -- i.e. from one computer to another within the same facility, or between facilities -- but that there was no way to prevent it from propagating further. Finally, there's some debate among researchers as to whether the virus was programmed to "expire" on a certain date, supposedly in January 2009. In other words, it wasn't supposed to spread, but somehow it did anyway, possibly through Russian contractors." http://blog.foreignpolicy.com/posts/2010/09/27/6_mysteries_about_stuxnet
If the virus was programmed to "expire" on January 2009 as some experts believe than this would be the only date where comparisons of country infection rates would make sense. Infections beyond this date may only be accidental, e.g. on computers that run pirated copies of windows with older (wrong) system dates, which are very common in Asian countries. Am I going too far here? --spitzl (talk) 16:18, 4 October 2010 (UTC)

Symantec's analysis determined that the virus is programmed to cease spreading in 2012, not 2009. 108.18.139.146 (talk) 02:29, 7 October 2010 (UTC)

Thanx for the hint. If you have a source for that than we could add this to the article. Cheers --spitzl (talk) 15:36, 11 October 2010 (UTC)

Note about Microsoft Products

As stated in the third paragraph of the article:
Russian digital security company Kaspersky Labs released a statement that described Stuxnet as "a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world. Or, people can simply avoid the danger by not using Microsoft products." Kevin Hogan
I fail to see how the bit about Microsoft is relevant. (I am neither pro Microsoft nor against)
I am not going to remove it without further discussion by others, but I wanted to bring it to attention.
134.39.158.162 (talk) 21:53, 14 October 2010 (UTC)

I can't see the reference to microsoft in the original cited article either. It looks like vandalism to me. 82.144.254.130 (talk) 13:58, 22 October 2010 (UTC)

Good catch: It was vandalism by a hardcore free software fan. --Michaeldsuarez (talk) 14:27, 22 October 2010 (UTC)

Dubious source for Iran scientist claim

Does anyone think that this source given for this edit is reliable? Orange Suede Sofa (talk) 06:47, 1 December 2010 (UTC)

Just about, but this source would be better as it is the original source that that source got the information from and it is certainly an RS. I'll change it. SmartSE (talk) 10:58, 1 December 2010 (UTC)

On second thoughts, maybe debka.com isn't reliable... More reliable sources like the Washington Post and Wired say that he was the head of an unidentified program so we shouldn't be repeating the claims by debka unless other more reliable sources say the same thing. SmartSE (talk) 11:09, 1 December 2010 (UTC)

Rationale for removal of Iran nuclear plant threat information

I removed the sentence about the possibility that this attack was designed to target a nuclear power plant in Iran. There is nothing available to suggest that that one location was the target, from among all the other possibilities (any place that uses that software). It is merely sexier for the news to suggest the possibility, almost always with a question mark at the end of the headline, the tell-tale sign of journalistic conjecture.

"To take one possibility out of many and to claim that [is the explanation] is irresponsible."

--Jeffrey Carr, a cybersecurity expert, here: http://www.aolnews.com/article/big-claims-but-little-evidence-of-cyber-attack-on-irans-nuclea/19644358 --Atkinson (talk) 12:16, 23 September 2010 (UTC)

I agree that is probably unlikely. However, I will replace it with the BBC reference I just added about it likely targeting "high value Iranian assets". The BBC is a very reliable source and I'll phrase it to make sure this is an opinion, rather than a fact. Smartse (talk) 12:21, 23 September 2010 (UTC)

On second thoughts, many reliable sources have linked this to the Iranian nuclear program - the wired article explains this in detail - so I think it is ok to say that there has been speculation about this. I've tried to word it to make sure that it is clear that it is speculation at the moment but please reword it if you wish. Smartse (talk) 14:57, 24 September 2010 (UTC)

NY Times seems to have picked up on the Iran attack angle: http://www.nytimes.com/2010/09/27/technology/27virus.html --Marc Kupper|talk 08:47, 27 September 2010 (UTC)

Most sources quote experts by name who are claiming that the target was Iranian nuclear program. Rationally I also think they are right. Almost all the security experts agree that this is built by a nation state and with a specific aim and target. And almost all infections are in Iran.--Pymansorl (talk) 18:30, 28 September 2010 (UTC)

Iranian President, Mahmoud Ahmadinejad has confirmed that a malware has infected centrifuges at an Iranian enrichment facility, so this seems to support speculation that the Iranian nuclear program was the intended target of the Stuxnet worm. It also confirms that the worm reached its intended target as can be seen from his statements on 29 November 2010: "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," Mr. Ahmadinejad told reporters at a news conference, Reuters reported. "They did a bad thing. Fortunately our experts discovered that and today they are not able [to do that] anymore." http://news.yahoo.com/s/csm/20101130/ts_csm/346249 --Uzi4upal (talk) 11:45, 4 December 2010 (UTC)

Here's a Fox News article that could be mined. Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions by Ed Barnes. Published November 26, 2010. I don't have time to compare this article against Wikipedia but one thing I see in the Fox article that's not in this article is at the very end about "DEADFOO7". Unfortunately, it's not clear who is being quoted at that point in the article. Perhaps it's "Langer" which is probably a mis-spelling of Ralph Langner. --Marc Kupper|talk 00:13, 10 December 2010 (UTC)

Ambiguous pronoun

Currently article reads:

Symantec claims that the majority of infected systems were in Iran (about 60%),[30] which has led to speculation that it may have been deliberately targeting "high-value infrastructure" in Iran[6] including either the Bushehr Nuclear Power Plant or the Natanz nuclear facility.

But the it is unclear. Is it Symantec or the virus? WilliamKF (talk) 23:40, 1 October 2010 (UTC)

Are you serious?

87.74.78.200 (talk) 12:50, 17 December 2010 (UTC)

Copyright problem removed

Prior content in this article duplicated one or more previously published sources. The material was copied from: http://news.yahoo.com/s/csm/20101130/ts_csm/346249. Infringing material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.) For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, but not as a source of sentences or phrases. Accordingly, the material may be rewritten, but only if it does not infringe on the copyright of the original or plagiarize from that source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. Pnm (talk) 15:40, 28 December 2010 (UTC)

I fixed it. --spitzl (talk) 13:16, 29 December 2010 (UTC)

I think we can all agree...

This is now a High-Importance Computing Article Fluppy (talk) 13:50, 16 January 2011 (UTC)

Other sabotage attempts

The Americans are known to have conducted sabotage operations against the Iranian nuclear program in the past.[2] (Interestingly, the centrifuge sabotage was reported in 2007, and Stuxnet was reportedly created 2 years ago, perhaps in 2008). Should we not include a mention that USA has been involved in such sabotage operations? Is there are source which discusses this the link between the previous sabotage operations and Stuxnet? Offliner (talk) 16:38, 26 September 2010 (UTC)

No, first-sources in Israel described the very same thing itself year before stuxnet was detected [3]. There are no evidence to previous cyber attacks by the US on the Iranian program and both Israel and US were reportedly involve in secret operations to sabotage sensitive equipment on its way to Iran. Also, most sources, including this one[4] suggests it was Israel. —Preceding unsigned comment added by 85.64.171.209 (talk) 20:39, 26 September 2010 (UTC)

Personally, I don't think we should be speculating about who developed this. Sure some reliable sources suggest it is Israel, but they don't have any evidence other than circumstantial evidence. I think we should wait until more is known before including questionable information such as this. Smartse (talk) 21:05, 26 September 2010 (UTC)

I am not sure how intelligent it would be to create a self-replicating, freely transmittable virus, as a weapon against anybody or anything. In analogy to bioterrorism and BCW, such a weapon can backfire very easily. I am not an IT specialist but obviously, the Siemens software targeted is not only used by Iran's nuclear program. Anywhere in the world, even in Israel, this virus could cause damage and actually did. There is also the possibility, that viruses of this type are reconstructed and further weaponized by the opponent. From what I have heard, this Siemens industrial control software is used extensively all over the world. Also, German technology is very much used in Israel itself, so that might be another reason why attacking this technology could backfire seriously. How victorious would Israel be by creating a virus, which delayed Iran's program by a few days but could also affect software used by staunch allies of Israel? How much interest does Israel have damaging a nuclear plant for example the one planned in Egypt using Siemens components? A nuclear disaster at its borders? Would that benefit Israel, I don't think so. I believe a self-replicating virus that affects commonly used industrial software is a stupid idea, and other than having a psychological impact, it is worthless in targeted warfare. ML — Preceding unsigned comment added by Osterluzei (talk • contribs) 13:51, 18 January 2011 (UTC)

More Stuxnet info

This article has a lot of good information, if anybody feels up to adding it to the article: http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html —Preceding unsigned comment added by 70.231.138.111 (talk) 00:21, 16 January 2011 (UTC)

Relevant cites from the Times article added. YLee (talk) 23:49, 16 January 2011 (UTC)

That's nothing but a heap of speculations (and bullshit if I may say so). First, the NY times indicate that Simenes have put to test its industrial controllers at the US national labs as a clue that actually the US is behind the Stuxnet and as the most possible way by which Israel and US gained access to vital information for the design of Stuxnet, and that Simenes might actually knowingly and with a wink have helped the American to hit the Iranian nuclear facilities. In the language of sense you call such claims bullshit. First, much more than deep knowledge about Simenes controllers is required to mount such sophisticated cyber attack. The main vulnerability that the malware exploit is this of windows (4 zero day ones) and as Microsoft R&D center in Israel actually designed (virtually independently of any external help) some of windows versions (including the unsuccessful vista) one can do the math easily and understand that Israel have no shortage of top experts for this operating system. Second, vulnerabilities of Simenes industrial controllers could be tested in Israel as they are operated in many Israeli factories-that's without saying how stupid and far fetched is the idea that a company, and certainly immoral one like Simenes with its Nazi past and corrupted present-which actually provided equipment to the Pakistani, Lybian and Iranian nuclear project until recently, have helped those who have interest to sabotage its controllers. That's a feeble idea. Also, the stolen certificates stuxnet employ are from S.Korea. The article main purpose, as someone can notice when reading it carefully, is "Mr. Bush (as he named there, and not "the ex president" is so backward and stupid and he wanted to use helpless air strikes to stop the Iranian project-because he stupid and know no other way" and " Obama is so smart, how he came out with the stuxnet (even if US is behind it, and it don't, then the project most definitely started before him-not to mention that talks about cyber attack on Iran facilities aired back in 2007) and look how strongly he's obligated to stop Iran (no he don't)". Simply, this is a pro Obama fictional article. Nothing more.--Gilisa (talk) 08:47, 16 January 2011 (UTC)

Oh, and taking into consideration that the Stuxnet was tested in Israel, the notion that it was designed in US became even weaker-US have much more nuclear facilities than Israel and access to more machinery and certainly no limits of fund -so it could test it without Israel help if it was a genuine US project. My educated guess is that US was informed by Israel about the Stuxnet after its development and possibly even after Iranian facilities were infected with it.--Gilisa (talk) 09:01, 16 January 2011 (UTC)

Gilisa, that is clearly your POV of the source, but as an article in the NYT it is considered reliable and should (as it has been) be included. Your opinion that it is "bullshit" and that it "is a pro Obama fictional article" appear to be unfounded. SmartSE (talk) 19:26, 16 January 2011 (UTC)

The article does not say or imply that Siemens cooperated with the US to subvert its own products; only that Siemens and the United States government publicly published a presentation on security holes in Siemens controllers, which Stuxnet's creator likely benefited from. In fact, the article does not say that the US actively participated in any Israeli creation or testing of Stuxnet at all, other than possibly providing centrifuges that it received from Libya. If correct, both the US and other allied nations were unsuccessful in actually using the primitive Libyan centrifuges, and only the Israelis eventually figured out how. While the US is certainly not displeased with Stuxnet's effects, and was to some degree aware of its development process, if the article is correct that appears to be extent of active American involvement in its creation.YLee (talk) 23:49, 16 January 2011 (UTC)

Well SmartSE, it's certainly my POV on the article but it's also at least as founded as the article itself. Who is the source behind the arguments made by the NYT ? It remain unknown single source, probably one who is at present carry an official role in Obama administration (I think that the article even say it, but I won't read it again) -did he say that USA actually was involved in the development of Stuxnet? No. What about Simenes testing its controllers in US? Was it that unusual? Was it the first and last time that Simenes tested its products in the US? What was the motive that lead Simenes to test its controllers susceptibilities in US? Perhaps that's the US is maybe world's largest consumer of Simenes products? Have Simenes ever tested its products in other countries? And most important, who is the one who point to the connection between the tests made and Stuxnet? As it seem for the article, those are those who wrote the article. The article contain a lot of original research. It cite one Israeli who once was senior official in the Israeli military establishment and argued that Israel tested the P1 centrifuges in Dimona (As one who live in Israel and familiar with the secrecy that surround Dimona I heavily doubt that if this is a true story it would get so fast out to public-certainly not from an Israeli, because if there is more than pinch of true in that he would be send to prison once he step in Israel, on much less than that Israel have sentenced one of its most glories generals who spoke a little about what happen in Dimona to 5 years in prison-so IMO someone mislead him). Also, from knowing few people who served in 8200 I know that this unit works alone (and it was most probably one of 8200 subunits). So, I made here original research to demonstrate that the whole article is OR as well.--Gilisa (talk) 10:52, 17 January 2011 (UTC)

What you're doing is OR, because you have no sources to back it up. Yes, the whole article is speculative (for obvious reasons) but that doesn't make it OR, because it is based on what reliable sources have said. If we purely went of what is grounded in fact, there wouldn't be much of an article to read. We could add a few more "according to... " but I don't see any reason to doubt the reliability of the NYT article. SmartSE (talk) 11:20, 17 January 2011 (UTC)

Wikipedia lets the reader make their own conclusions and opinions, thus the article should only include what reliable sources have said without adding our own conclusions or opinion.193.11.177.82 (talk) 18:28, 17 January 2011 (UTC)

SmartSE, I wrote that what I did is OR, but to smaller extent than the NYT did. First, RS is a very large term. RS for scientific matters can be a very bad source for political news and vice versa. The NYT, as anyone can see and that's not OR, made a very good story out of fragments of evidence (from unknown source) and conjunctures that are based on indirectly related info that the NYT collected by itself. There is a difference between public statement made by military/intelligence establishment official of the US/Israel/one of the EU countries/Russia/China and etc and between the story that the NYT made-the last is less reliable source per se.--Gilisa (talk) 20:19, 17 January 2011 (UTC)

From the NYTimes article,

"Controllers, and the electrical regulators they run, became a focus of sanctions efforts. The trove of State Department cables made public by WikiLeaks describes urgent efforts in April 2009 to stop a shipment of Siemens controllers, contained in 111 boxes at the port of Dubai, in the United Arab Emirates. They were headed for Iran, one cable said, and were meant to control “uranium enrichment cascades”—the term for groups of spinning centrifuges." I don't think this has been mentioned anywhere in the article. —Preceding unsigned comment added by 74.233.56.77 (talk) 22:43, 19 January 2011 (UTC)

Russian contractors

"It is believed that infection originated from Russian laptops belonging to Russian contractors at the site of Bushehr power plant and spreading from there with the aim of targeting the power plant control systems" - this claim does not seem to be well-sourced. The only mention of Russian involvement I see in any of the three cited sources is this from the guardian article: "Computer security experts who have studied Stuxnet since it emerged two months ago believe it was designed specifically to attack the Siemens-designed working system of the Bushehr plant and appears to have infected the system via the laptops and USB drives of Russian technicians who had been working there." But, the guardian article does not say who these supposed computer security experts are they are quoting, nor does it explain how the experts came to this conclusion. Is there any source that goes into further detail about this?—RockMFR 19:33, 16 January 2011 (UTC)

I've come to the conclusion that a variant of this claim originated in a csmonitor article. Funny that speculation from one person turns into "Computer security experts" and "It is believed", as if it is a well-accepted fact :) Typical lousy reporting.—RockMFR 03:26, 21 January 2011 (UTC)

Description for Siemens PCS-7 PLC picture incorrect

A picture of a PCS-7 PLC is shown to which 3 IO (input/output)-modules are connected. The text says: "Siemens Simatic S7-300 PLC CPU with three modules attached, each of which can control 31 slave variable-frequency drives"

The latter is incorrect. The picture shows three modules with digital inputs and outputs, which allows only binary information (0 or 1, 0 or 24VDC). An output to a variable-frequency drive would typically be analog (4-20mA). Or even better, a bus-connection directly to the drive, in which case the IO-modules are not needed at all. Provided that the worm is able to discriminate between various makes and types of variable-speed drives, a bus connection would be necessary.

I propose that the description of the picture, or perhaps even the entire picture, is removed. It is not relevant for the article —Preceding unsigned comment added by 80.101.137.159 (talk) 21:02, 24 January 2011 (UTC)

Support, but only if some similar image showing a SCADA system is added instead. 1exec1 (talk) 21:28, 24 January 2011 (UTC)

Comment I lifted the picture and caption from German wikipedia where the article was considerably more developed. Suggest that the caption is corrected as appropriate. Socrates2008 (Talk) 19:31, 25 January 2011 (UTC)

FAS report

I have added a recent FAS report on Iran's uranium enrichment capabilities to this artcile :

http://www.fas.org/pubs/_docs/IssueBrief_Jan2011_Iran.pdf

Eli778 (talk) —Preceding undated comment added 12:35, 27 January 2011 (UTC).

I don't believe this belongs, as we shouldn't be focusing too much on Iran.Jasper Deng (talk)

Exceptional arguments and Wikipedia RS policy

According to Wikipedia policy regarding reliable sources, an exceptional argument should be accompanied with exceptional sources. The exceptional argument was that according to one expert (no a renown one) Stuxnet code was full of errors, elementary ones, and it's pretty much low quality work-probably written by unskilled programmers (though with many different capabilities). This is highly exceptional argument because it contradict with what virtually all other experts, including world renown ones, have said and already sourced in the article. Just for instance, look what Microsoft had to say about Stuxnet in a special conference (here, though YouTube is not per se a reliable source). This exceptional argument was made by one person and cited in a blog. Certainly, there is no justification to enter this argument into the article. What more that the one who added it to the aritlce wrote about "experts" in plural, while only one (again, not a renown one) refereed Stuxnet as amateur work.--Gilisa (talk) 13:00, 31 January 2011 (UTC)

Agreed. Be bold and remove it, unless someone objects.Jasper Deng (talk) 20:39, 31 January 2011 (UTC)

Incorrect synthesis about damage to Siemens customers

"Siemens initially stated that the worm had not caused any damage,[11] on November 29, Iran confirmed that its nuclear program had indeed been damaged by Stuxnet." This statement is misleading and incorrect synthesis. Siemens still state that the worm has not caused any damage, but they are speaking for their customers; the Iranians obtained their Siemens equipment clandestinely, as it's currently embargoed, so they are not included in Siemens' assessment of customer impact. Socrates2008 (Talk) 22:01, 1 February 2011 (UTC)

Remove it, be bold.Jasper Deng (talk) —Preceding undated comment added 01:33, 2 February 2011 (UTC).

Too much emphasis on Iran here.

The entirety of this article seems to focus very quickly and relentlessly on the effect the virus has had on Iran, its reaction to it and, based on Iran and then speculating that one or more of Iran's enemies are the source of the code.

As far as I can tell, this malware is very specific about WHAT it attacks, but not WHERE the attack will take place. This malware appears to want to monitor SCADA systems and has spread to systems worldwide. The fact that Symantec reports that 60% of the infected systems appear to them being in Iran could have a number of reasons, one of which could simply be very poor InfoSec practices in Iran compared to other countries. The very fact that Iran has a distrust of SIEMENS and Siemens SCADA antivirus solutions supports this theory.

For one moment, if we assume this is the case, then almost all of the rest of this article seems rather media-fueled, eh? 217.174.59.128 (talk) 19:44, 30 September 2010 (UTC)

The focus on Iran is probably not unjustified. According to the article at http://www.infoworld.com/t/malware/more-evidence-arises-stuxnet-was-created-attack-iran-306 (22 Feb 2011), new evidence from Symantec supports the idea that Iran was, indeed, the intended target (conclusion quoted from Symantec's Liam O'Murchu). This reference seems useful for this article, but I'm not sure where to add it.

-- TastyChikan (talk) 14:33, 23 February 2011 (UTC)

Reason to believe Iran centrifuges were the prime target.

As it is now widely known, IRAN centrifuges exclusively use the specific motor drivers and the target frequency covers the common range of centrifuges and the HMI's are (like majority of Siemens PLC systems) based on WinCC. Also note the complexity of the worm and effort put into it's design. There seems to be no doubt that the worm was exclusively developed to attack IRAN centrifuges. —Preceding unsigned comment added by 217.11.25.210 (talk) 05:33, 11 December 2010 (UTC)

The purpose of wikipedia is not to analyze data and draw conclusions from it, but just to restate what a widely known/trusted source says. So not much room for our interpretations until a good source is found. 1exec1 (talk) 15:35, 30 January 2011 (UTC)

There's a good TED talk on this given by Ralph Langner, Cracking Stuxnet. I don't think the video is very useful for citing purposes, it's basically just a handful of slides and "Ralph-says", but it's persuasive. 70.65.244.239 (talk) 21:07, 29 March 2011 (UTC)

Shouldn't "uranium production" be "uranium enrichment"?

There are a few places in the article that mention uranium production. It looks like they should read enriched uranium production, or more concisely, uranium enrichment. I'm hesitating to do that edit myself in case there's some subtlety that I'm missing. — Preceding unsigned comment added by Rhsimard (talk • contribs) 22:56, 25 March 2011 (UTC)

Be bold Socrates2008 (Talk) 11:47, 30 March 2011 (UTC)

speculation about origin - mention China as a possibility

The leading German IT jounal heise.de has mentioned China as a possible origin [[5]]. As this Wikipedia article has a very long and detailled description about the possibility of Israel being the country of origin, but under the title of "speculation", I think it is only fair to also mention the other possibilities briefly. The logic about China is as this: Numbers according to this link referenced by heise state that there were more infections in India than in Iran. The Russion power-plant company Atomstroyexport that supposedly brought the virus to the Iranian power-plant Bushehr by infected laptops is currently also building a nuclear power plant in Kudankulam India. China and India are competitors and the Chinese showed their ability in the so called cyberwar when in 2003 entering the US-Power-Grid. The Chinese saw in this case the consequences that such an attack can have on critical infrastructure and used the knowledge to protect their own infrastructure. Heise.de references mcAfee as stating, that China is the leading country about SCADA-System security.

My suggestion: Include in brief in one or two sentences this China possibility alongside the speculation of Israeli origin. --Orangwiki (talk) 20:04, 18 November 2010 (UTC)

Another excellent article on the source being China [6] — Preceding unsigned comment added by Golbez81 (talk • contribs) 10:38, 17 December 2010 (UTC)

WP:Crystal BallJasper Deng (talk) 05:19, 30 January 2011 (UTC)

Irrelevant in this case. The information is verifiable on two respected sources. It's going in. Brokenwit (talk) 21:58, 30 March 2011 (UTC)

Stuxnet virus cuts loose, destroys ability to control Japanese reactor shutdown - Mike Rivero.

Seven minutes and a 'brutal realization': beforeitsnews.com/story/520/803/Stuxnet_virus_cuts_loose,_destroys_ability_to_control_Japanese_reactor_shutdown_-_Mike_Rivero..html Laserles (talk) 00:22, 31 March 2011 (UTC)

Linkspam? Anyway, fails WP:RELY. Socrates2008 (Talk) 09:42, 31 March 2011 (UTC)

Recent edits by Socrates2008

Socrates2008 has questioned, via tags, edits I made to one paragraph of the article. He has also deleted one quote. Socrates2008 has asked me to discuss the changes here.

1. He questions the WP:TONE of

In "one of the great technical blockbusters in malware history",^[1]

I do not understand what is improper about using the quote. I would never write such dramatic text myself, but the quote is taken directly from the cite, which explains why experts view using four zero-day exploits as a "blockbuster". The quote dramatically, but appropriately, communicates the magnitude of the feat.

He believes this to be a peacock phrase that is best reworded or removed; quotation marks appear to be present only to prop up a dodgy phrase that more likely originates from the pen of a journalist than an "expert". Socrates2008 (Talk) 20:56, 5 March 2011 (UTC)

(What's with the speaking in the third person?) There is no way to know whether the journalist who wrote the piece came up with the "technical blockbuster" notion on his own, or whether he is communicating what experts told him; it would be WP:OR on our part to arbitrarily decide that this particular quote from the Vanity Fair article is problematic if the rest of it isn't and there aren't any other reliable sources that contradict this. It doesn't matter, anyway; the author is a reliable source and should be treated as such. Elsewhere in the Wikipedia article the use of four zero-day exploits is called "unprecedented"; the quote does not seem to be out of line with that description. YLee (talk) 23:21, 5 March 2011 (UTC)

"Unprecedented" is a verifiable fact, whereas "great...blockbuster" is a subjective and emotive statement by an unknown person that does not belong in an encyclopedia. I understand what you're trying to say, but there are better ways to phrase this. Socrates2008 (Talk) 11:29, 9 March 2011 (UTC)

• If another RS explicitly stated that writing Stuxnet wasn't really a great technological feat, then the quote in question would have a higher bar to clear to be considered worthy of inclusion (at least not without due discussion of the contrary view). There is no such RS, however; the view that Stuxnet is a remarkable achievement seems unchallenged.
• If the quote was obvious nonsense, excluding it from the article would be easy. But it is not nonsense, at least not obviously; the rest of the Vanity Fair article, the Wikipedia article, and the latter's many cites all contain many references that support to varying degrees the quote's language. To arbitrarily do so is OR.
• WP:PEACOCK explicitly excludes quotations from its purview.

Let me repeat what I wrote above:

it would be WP:OR on our part to arbitrarily decide that this particular quote from the Vanity Fair article is problematic if the rest of it isn't and there aren't any other reliable sources that contradict this. It doesn't matter, anyway; the author is a reliable source and should be treated as such.

I am not going to restore the quote—the article works without it—but you have a fundamental misunderstanding of what WP:OR, WP:RS, and WP:PEACOCK mean. YLee (talk) 19:15, 9 March 2011 (UTC)

I've restored the quote as a pullquote; although I still stand by the above, hopefully doing so as a pullquote will assuage any concerns about WP:TONE by making clear that this is an opinion. Ylee (talk) 22:47, 14 May 2011 (UTC)

2. He added citation needed, OR, and cite quote tags to the first three sentences in a paragraph. The first cite after the fourth sentence covers the first three. Yes, I could reuse the cite, but I see no point in doing so for each of three consecutive sentences before a fourth that already has it! YLee (talk) 11:46, 4 March 2011 (UTC)

Indeed he did - the first three sentences of that section are unreferenced. The second sentence appears to be original research (at worst) or poor rephrasing of a source (at best)—specifically, the fact there may have been two development teams does not necessarily imply that they are located in different countries. Without a source, this sentence can't be checked or improved. One final reason for requesting references is that these statements are potentially controversial. Socrates2008 (Talk) 20:56, 5 March 2011 (UTC)

There is no original research or poor rephrasing with the second sentence. The Vanity Fair article states:

There is a marked difference in design style between Stuxnet’s injector and its payload. Tom Parker, a Washington, D.C.- based security researcher, argues from this fact that two nations were involved in the worm’s creation

The second sentence in question reads:

The code for the Windows injector and the PLC payload differ in style, implying the participation of two nations

I am not opposed to inserting "perhaps" before "implying". Regarding the alleged lack of cites, there is no need to repeat the same cite four times in a row if it is present at the end of the sentences in question. YLee (talk) 23:21, 5 March 2011 (UTC)

Perhaps this can be fixed by adding a qualifier such was "According to Vanity Fair..." If you look backwards from this point, every sentence is referenced. There is a lot of speculation around this subject, so we should be aiming to keep the article as tight as possible. If the refs are available, then why not add them - if another editor adds a sentence in the middle, then your referencing is broken. Socrates2008 (Talk) 11:29, 9 March 2011 (UTC)

"According to Vanity Fair" works. I will put it into the article. YLee (talk) 19:15, 9 March 2011 (UTC)

Comodo-Stuxnet

Iranian hacker 'claims revenge for Stuxnet'.

An Iranian hacker has claimed responsibility for an attack on a computer security firm that exposed millions of internet users to potential surveillance:

http://www.telegraph.co.uk/technology/news/8411252/Iranian-hacker-claims-revenge-for-Stuxnet.html

should we place this in the Iranian reaction section ?

Dms77 (talk) 21:35, 6 April 2011 (UTC)

Nope, we shouldn't. It's a journalistic version of making a mountain out of a molehill. The Comodo-hacking issue dates back to some time before the Stuxnet incident. I remember the hacker guy being very boastful. To put stuff like this into the article, this hacker must attack a U.S. government facility. Fleet Command (talk) 19:01, 4 June 2011 (UTC)

Stuxnet does NOT include a PLC rootkit

Even though it is mentioned in the articles mentioned as a source, stuxnet does NOT include a PLC-rootkit. It would be a PLC-rootkit if stuxnet would somehow modify the operating-system of the involved PLC's, which it does not do. Basically it is just adding "normal" usercode to the infected projects, while it is modifying the Engineering-System of the PLC (which is used to write the programs for the plc, and which is running an a standard PC) so that it can hide the changes from the user. I feel that at least for a technical audience this is a rather important distinction. — Preceding unsigned comment added by 94.217.9.181 (talk) 20:16, 3 June 2011 (UTC)

So, all you explained does not make it a PLC-rootkit as well? Fleet Command (talk) 18:56, 4 June 2011 (UTC)

according to http://www.youtube.com/watch?v=rOwMW6agpTI and http://www.h-online.com/security/news/item/Vulnerability-exploited-by-Stuxnet-discovered-more-than-a-year-ago-1095797.html some 0days were already known... — Preceding unsigned comment added by 157.193.9.136 (talk) 15:36, 9 June 2011 (UTC)

Dutch multinationals under attack from Stuxnet worm

"A major supplier of industrial sorting systems based in the Netherlands has repelled two attacks by the dangerous Stuxnet worm, while separately, the Dutch nuclear power plant Borssele is on high alert."

http://news.idg.no/cw/art.cfm?id=7948A378-1A64-67EA-E473A18859381224 Dms77 (talk) 13:04, 10 July 2011 (UTC)

It's a relatively old press article from a time when things were less clear than today. Socrates2008 (Talk) 10:16, 11 July 2011 (UTC)

Article in Wired

http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/5/ is a very thorough telling of how Symantec cracked Stuxnet. howcheng {chat} 16:31, 11 July 2011 (UTC)

Stuxnet knocks out Indian NSAT-4B satellite

Where should we put this ?

http://www.spamfighter.com/News-15217-Stuxnet-Worm-Responsible-for-Destroying-Indian-Satellite.htm http://www.scmagazine.com.au/News/233892,stuxnet-pinned-for-killing-indian-satellite.aspx http://www.hindustantimes.com/Stuxnet-hits-India-the-most/Article1-608334.aspx — Preceding unsigned comment added by 192.87.123.62 (talk) 13:16, 20 September 2011 (UTC)

DuQU section request for new page

The developing story of new variant of Stuxnet the DuQU shall resolve further issues.

• The writing style is it DuQu or Duqu.
• If its is really an Son of Stuxnet?
• New Page for this DuQu topic shall be created.
• Discovery, Origin and its target specific organization.

Bonvallite (talk) 02:02, 21 October 2011 (UTC)

Based on the currently available analysis, it is already clear that Duqu is not a variant of Stuxnet. There are some similarities that suggest some of the source code of Stuxnet was reused. So yes, I think Duqu should have its own page. The lab that came up with the name wrote:

We named the malware “Duqu” as it’s [sic] key logger creates temporary files with names starting with “~DQ...”.

So the page should be named Duqu.  --Lambiam 06:38, 2 November 2011 (UTC)

Agree - a new page is required. "Duqu" would work. Socrates2008 (Talk) 12:01, 2 November 2011 (UTC)

 Done I've created the article Duqu.  --Lambiam 09:41, 3 November 2011 (UTC)

"Cybertoge" vs "Cybertage"

It's hardly worth arguing about but I think it is obvious that the original source citing the spelling "cybertoge" is a typo. The word has been created from the words "cyber" and "sabotage" - "cybertage". I think this is a case for editors' discretion, we do not have to mindlessly follow the mistake made in a source. For some background, try a google search for the two spellings - cybertoge gets about 4,500 results compared to cybertage which receives over 16,000. Freelion (talk) 22:58, 7 November 2011 (UTC)

The Phantom War

phantom war

Foreign Policy talks about Stuxnet as an example of the Phantom War. Would it be worthwhile to refer to the Phantom War in this article? — Preceding unsigned comment added by Raymm (talk • contribs) 07:56, 9 November 2011 (UTC)

potential resources

• Illinois utility targeted by cybersaboteurs? US pours water on the idea. "The Illinois water utility supposedly was the first critical bit of US infrastructure damaged by foreign cybersaboteurs. The DHS and FBI found no evidence it was hacked, but are now investigating another suspected attack." by Mark Clayton csmonitor.com November 23, 2011
  • Cyberattack on Illinois water utility may confirm Stuxnet warnings "A state report claims that a foreign cyberattack disabled a water pump at an Illinois water utility, say experts who have seen the report. After discovery of the Stuxnet cyberweapon a year ago, many experts predicted that cyberattacks on US infrastructure were imminent." by Mark Clayton, November 18, 2011

99.181.141.143 (talk) 00:40, 12 December 2011 (UTC)

Affected countries table

The second column's heading ("Infected computers") is a bit ambiguous. I understand that, for example, the first row means "58.85% of all affected computers were located in Iran," but it could also be taken to mean "58.85% of all computers in Iran were affected." Absurd, I know, but at first glance, that is the way I read it. — Preceding unsigned comment added by 67.51.67.202 (talk) 00:13, 11 January 2012 (UTC)

Confirmation of U.S. creation

NY Times today: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&pagewanted=2&seid=auto&smid=tw-nytimespolitics&pagewanted=all — Preceding unsigned comment added by Jstohler (talk • contribs) 14:18, 1 June 2012 (UTC)

Flame

Is the line "Another cyberweapon called Flame was recently discovered to have attacked Iranian officials' computers." relevant to the article? I don't believe so. It hasn't yet been linked by any credible sources that I'm aware of. I propose that this line be deleted. — Preceding unsigned comment added by 64.5.79.4 (talk) 16:26, 1 June 2012 (UTC)

Stuxnet most certainly spreads to more than 3 machines.

I've personally seen Stuxnet spread to hundreds of machines via the .lnk exploit. Why does this article say:

"While the worm is promiscuous, it makes itself inert if Siemens software is not found on infected computers, and contains safeguards to prevent each infected computer from spreading the worm to more than three others, and to erase itself on 24 June 2012.[24]"

The source cited also has no information on how many machines the worm spreads to. I'd recomend removing this sentence.

68.149.146.135 (talk) 21:05, 1 June 2012 (UTC)

• If the cited source does not say anything about "3 machines" then indeed edit/correct, or remove it, or even better look back over the edit history to find out if it was added 'maliciously' and undo that edit if possible.. The article does make mention that, apparently, great pains were taken to very specifically target Irans centrifuges and stop the worm spreading 'in the wild'. There is also mention somewhere (which I can't find right now, perhaps I read it in a reference not on the page itself? Yes HERE) that due to a coding error the worm was able to spread outside Iran's nuclear facilities via an engineers infected computer.

I suggest this edit:

"While the worm is promiscuous, it makes itself inert if Siemens software is not found on infected computers, it also contains safeguards to prevent each infected computer from spreading the worm to more than three others, and to erase itself on 24 June 2012"

– 220 of ^Borg 23:53, 1 June 2012 (UTC)

• I have found the part of the source: "A Declaration of Cyber-War". Vanity Fair, April 2011, page 4, para.3, that mentions "Three" and "devices":

"Stuxnet’s code telegraphs the inherent caution of its makers in yet another way: it has “fail-safe” features to limit its propagation. The USB-spreading code, for instance, limits the number of devices that each infected device can itself infect. (The limit is three, enough to create a moderate chain reaction, but not so many that its effects would rage out of control.) Most dramatically, on June 24, 2012, the worm will self-destruct altogether: erase itself from every infected machine and simply disappear. Analysts disagree on whether some of the code’s fail-safes actually work."

Remember ,'68' that Original Research is not permitted as the basis for edits on Wikipedia. Your own personal knowledge/experience cannot 'trump' a (presumably) reliable source. If you have better sources supporting your belief, then please edit the text and add the source! Regards, 220 of ^Borg 00:59, 2 June 2012 (UTC)

Request - legal discussion of Stuxnet

If anyone has any information about the legal aspects of Stuxnet, I'd like to see it added to the article.

I came to the article looking for information about what if any legal liability for damages the US/Israel have when Stuxnet infects computers that are not the intended targets. E.g. stuxnet invades some university or corporate networks and it costs a few hundred thousand to remove, will the US/Israeli govts be liable?

If not why not? If so have any claims been made.

The above scenario is just an example I'd be interested to see info on any legal repercussions due to "collateral damage".

Thanks. — Preceding unsigned comment added by 14.2.29.222 (talk) 16:16, 2 June 2012 (UTC)

For what I know that the virus is supposed to do, it only erratically changes the speed of centrifuges used in uranium enrichment (which damages them). So a university that gets infected probably won't suffer any harm from the virus unless they have those centrifuges, which is very unlikely. Siemens has already published a publicly available removal tool for stuxnet. There is not really any solid evidence showing that the origin was from the US or Israel that would hold up in court. Most likely the plants that have suffered damage are Iranian which they can't do anything because it is international and also they were prohibited by the US for having nuclear programs in the first place.--LoganLopez (talk) 04:27, 3 June 2012 (UTC)

Agree with User:LoganLopez regarding there not being any certainty about where the virus came from. I am quite disappointed that there seems to be an assumption of 'guilt' on the part of the US and Israel. If any proof could be found I don't know of any international-level laws against spreading viruses. Interpol may have some authority here. I mean, Israel has actually bombed 'enemy' nuclear reactors before, see Operation Opera (Hm, 7 June 1981 - almost exactly 31 years ago!) , which is a lot more aggressive than using a virus program to damage equipment! – 220 of ^Borg 11:30, 4 June 2012 (UTC)

Good source for chronology

This guy's article in the Washington Post has a relatively extensive timeleine: http://www.washingtonpost.com/world/national-security/house-gop-shouldnt-rush-to-judgment-on-cyberweapon-leaks/2012/07/18/gJQAm2gauW_story.html thought it might be useful. --Qwerty0 (talk) 12:25, 20 July 2012 (UTC)

1 June 2012 NYT Revelations

I would like to have a discussion about the phrasing introduced by Sanchom to the introductory sentences:

Stuxnet is a computer worm discovered in June 2010 that was created by the United States and Israel to attack Iran's nuclear facilities.

...

In June 2012 The New York Times revealed that the program used to sabotage the computer systems at Iran’s nuclear facilities was developed by the United States with the help of Israeli intelligence.[6]

...

The program used to sabotage the computer systems at Iran’s nuclear facilities which carried the Stuxnet malware was known as "Olympic Games". Part of it became public after it accidentally unleashed the Stuxnet worm across the global internet.

The NYT piece does not reveal any sources (except "officials involved in the program, who wished to remain anonymous"). Is this solid enough to repeat its claims as facts in the first sentence of the Wikipedia article? I think not. I propose to revert the first sentence to "Stuxnet is a computer worm discovered in June 2010".

As concerns the second and third paragraphs, they should be deleted. The NYT article is already mentioned further down in the introduction.

Similarly, the sentence "The United States and Israel worked together to create Stuxnet." under "Speculations about the target and origin", should be introduced with "According a to a NYT article..." or removed. Nasorenga (talk) 17:14, 1 June 2012 (UTC)

The New York Times is following standard practice in relying on multiple sources. While they remain anonymous to readers, they're not anonymous to the journalists reporting the story. Since the Times is a reliable, edited source, it's wrong for Wikipedia editors to second guess it. Wikipedia should report what it says. If there's a denial from the White House, that should be included; but I don't see one yet.KD Tries Again (talk) 18:09, 1 June 2012 (UTC)KD Tries Again

We don't need to say "according to X...", or "it has been reported that...". We just should say what is supported by the reliable source, and reference as a citation. If we include a citation to the source, it's redundant to say "According to X" or anything like that. Sancho 19:29, 1 June 2012 (UTC)

As there appears to be general support for this, I'm starting to make these changes to the lead. - 124.168.72.151 (talk) 04:23, 29 January 2013 (UTC)

1. Cite error: The named reference gross201104 was invoked but never defined (see the help page).