Stuxnet is not an example of war, as the USA and Iran were not at war, but it was an act of sabotage by one Government against another.
Speaking at the Black Hat conference in Las Vegas, Mikko Hypponen, chief research officer at F-Secure said that Stuxnet was an example of a capable army using a tool for their benefit. “The number one benefit is deniability, followed by lack of attribution,” he said. “We have to assume stuff going on in Government that is undetected.”
Mikko said that when Stuxnet appeared, we assumed we would see tons of copycats, but we did not. “If there are copycats out there, we haven’t found them and I am surprised it was not done as it has not been caught and someone has recycled the ideas and reprogrammed machines,” he said.
“That is the good news and it did not cause an onslaught of ideas and not been a big problem. This was a watershed moment in history of malware, as it used multiple zero-days and was able to do it despite undocumented protocols.”
He also commented that because of unrest in Ukraine, neighbouring countries are getting worried. But reiterated that this was not an act of war, as the “Geneva convention defines war and a target, and during times of crisis we would be a target, an anti-virus company”..