The Stuxnet Worm? More Than 30 People Built It

By Alexis C. Madrigal

WASHINGTON -- Details about the Stuxnet worm, a highly-engineered piece of malicious software that targeted industrial control systems, have trickled out since it made international news earlier this fall. The sophistication of the malware combined with its ability to target the controllers that run power plants and other infrastructure facilities impressed many security experts.

At a small conference on cybersecurity sponsored by TechAmerica, Symantec's Brian Tillett put a number on the size of the team that built the virus. He said that traces of more than 30 programmers have been found in source code.

Another tidbit that I hadn't seen reported elsewhere is that the peer-to-peer network built into the worm was encrypted. And not only was it encrypted, Tillett noted, but encrypted to FIPS 140-2 standards, which -- judging by the noise of the crowd -- is very impressive to security geeks.

This article available online at:

http://www.theatlantic.com/technology/archive/2010/11/the-stuxnet-worm-more-than-30-people-built-it/66156/