[PhantomGremlin]

In reading this, I'm astonished at how primitive Stuxnet was. If I were writing a worm that saved information on infected systems, I would have:

   created a public/private key pair
   included the public key in the worm
   encrypted interesting stuff with the public key

That way nobody would be able to decrypt any of the information saved by the worm if they didn't know the private key.

Does that make sense or am I missing something obvious? Why did Stuxnet keep a cleartext embedded trail of systems it traversed? I can't grok that at all.

[amckenna]

It is possible they chose not to encrypt things with public/private keys (asymmetric crypto) because generally that is slow and computationally intensive, as compared to using symmetric crypto. If the goal was to be as stealthy as possible then creating asymmetrically encrypted blobs on the victims machines may have been too obvious. They couldn't have used symmetric crypto because the key would need to have been kept on the machine performing the crypto, thereby rendering it useless.

My guess is they figured stealth would provide the protection they needed and the possibility that errors/corruption during encryption, storage, and transmission was an unacceptable risk at the time. Another possibility is that large blobs of encrypted data on the victim machines would be obvious and possibly flagged, thereby compromising the stealth of the operation. Or the devs simply didn't have time.

[mooneater]

Seems lazy, especially since its ancestor Flame contained some "world class" crypto expertise.

[1] http://gcn.com/articles/2012/06/11/flame-world-class-crypto-...