[codesections]

Like others, I'm also left wondering what methods the US is really using. Obviously, it's too soon to disclose all the details. But compare this (where the few strategies disclosed involve methods like "guess the answer to a security question") to something where we do know the details.

For example, the Stuxnet worm used multiple OS zero days and involved hacking or otherwise exfiltrating signing keys from multiple other third parties (https://www.quora.com/What-is-the-most-sophisticated-piece-o...). I bet a lot of that sort of thing is going on these days too, and we just don't know about it.

[gnode]

Maybe this campaign was as primitive as they let on. It's likely that bringing down a terrorist group's marketing campaign didn't need or warrant a sophisticated attack, like sabotaging Iran's nuclear programme with Stuxnet did. A concerted attack effort using public knowledge techniques may have been enough.

It's in the interest of cyber-warfare actors to not expose their capabilities unnecessarily. Although efforts are taken to prevent malware from coming to the attention of enemies / rivals, or even being adopted by them or criminals, deployment always comes with that risk.

[ackbar03]

I'm pretty sure that's a given and I think its pretty expected their not going to put details on some news article