Usually such covert acts which could be considered an act of war are separate and disjointed. You find a spy in East Germany and it's a one-time incident. But with technology, you find one op and you start pulling the thread and all sorts of ops come out of the woodwork.

I'm a libertarian and definitely support a more open society. But I also believe that any government must keep secrets on occasion. Whether or not Stuxnet (or any other sort of cyber-warfare) was a good idea is a separate issue. My concern is that, from a technology standpoint, there may not exist the separation of operations that is critically necessary for continued intelligence activities to be successful.

Or, to rephrase, Stuxnet wasn't just the ratcheting up of cyber-warfare in the particular arena of nuclear non-proliferation. With the acknowledgment that the U.S. is responsible, and the way deconstructing one operation can lead to exposing another, it's ratcheting up the stakes for all intelligence-based cyber activities in all arenas. When the eventual shit storm comes, the U.S. will be the one that gets the blame for it (fairly or not).

I also understand that it's an election year, and the party that is out of power is going to do their best to make everything into a crisis.

Having said all of that, when the administration releases information that affects programs that might have taken large sums of money to develop over many years, that might have many more years of usefulness, that has the potential to change the geopolitical landscape for the country for the worse, and that draws attention from every hacker on the planet? It's a little more serious than the usual election year nonsense.

My concern is that I do not believe the country received any benefit at all from the release, and the harm could go for quite some while. Quite frankly when things like this happens it helps make a strong case for the idea that the agencies _should_ keep things from oversight, and I think that's the worst part of the whole thing. We need to get rid of a lot of the secrecy we have -- perhaps 99% or more -- but the things that remain secret should be soberly treated as such. Time will tell what kind of damage has really been done after all the smoke clears. Hopefully not much, but I doubt it.

Finding a spy in East Germany and finding a stuxnet are both one time incidents. The next step is processing the spy/malware and learning as much as possible as you can about your enemy; how did the malware propagate, how did the spy enter east germany, who did the spy/malware communicate with and how, etc. I do not think they are any different.

What do you mean by separation of operations?

I'm not so sure. It's exactly this secret keeping that emboldens governments to violate international law, commit acts of war and so on in secret. If it had to be public knowledge that our government is about to commit an act of war against a country with nukes they might be stopped from doing so.

This ties in with the data that David Sanger released in his NY Times article just over a week ago. He reveals that the NSA collaborated with Israel's Unit 8200 to create Stuxnet in an op titled "Olympic Games". So we can probably just rename them to "Team USA" and "Team IDF".

Sanger's article: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ord...

"...according to participants in the program."

"...based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day."

"...according to participants in the many Situation Room meetings on Olympic Games"

"Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant."

"...the focus of attention, as one administration official put it, "has been overwhelmingly on one country.""

Each one of these quotes indicates that an official senior enough in the US administration to be attending meetings on the topic with the President was willing to commit a serious crime by leaking this information to the press.

Do you seriously think that a person crazy enough to leak secrets that would land him in prison would also take great pains to describe the President's deliberations on the topic as generously as this account does?

Apart from the fact that flame used a previously unknown chosen prefix collision attack against MD5? I'd love to meet that bored teenager...

[see http://news.ycombinator.com/item?id=4080240]

There is a huge leap from "this is a technologically advanced piece of software" to "this is a virus written by the US government in collaboration with Mossad targeting evil regimes."

I fail to see why people believe it so irrational to practice caution here - some of the most technically sophisticated code ever written happened in darkened bedrooms on a school night; David Huffman invented what to this day remains one of the most efficient coding systems working alone on a term paper while still at school. This is the only example that comes to mind, but computing, perhaps more than any other field is littered with examples of small groups having huge effects.

Is it so hard to imagine some 20mb binary bundling SQLite and Lua might have been written outside of a heavily funded, super secret mountain base? I would posit more interesting than the existence of the code itself, is the behavior of otherwise seasoned computer nerds grasping desperately to the belief that this "weapon" could only be the creation of their own government, perhaps it is testament to little more than a failure of imagination.

A lot of the research done for stuxnet and flame are probably more general, but were applied for these attacks. This was executed by a number of researchers and developers. Led and organized by managers.

Welcome to the inside of the NSA, where a lot of bright math and compsci grads work.

How it should be, IMO. Seems to me the NSA is on the short list of places you would absolutely want to staff with (some of) your best-and-brightest.

Assuming, of course, that you agree with the mission and methods of the NSA.

How so?

This is not a dig at you -- who knows maybe you did do the research, and if not, it's a probably a good and reliable strategy to trust the consensus narrative by default.

Is that even possible? I bet if the USA had tried such a tactic all that would have happened is a more efficient allocation.

Imagine the covert spy economists giving a policy 'recommendation' talk.

"We should take all the grain a farmer grows over a certain threshold. Thus the farmer will not be blinded by greed and will work hard to increase production for the good of the people. And just to be sure that said farmers have stately love in their hearts, let us cause a great famine in our bread bowl." would say the American spys as they outlay their plan to ruin the Soviet Union.

The soviet economists upon hearing their own plans recited word for word would realise how brilliant said plan was not. They would then roll a D20 and come up with a marginal better plan.

"The sharp drop in oil prices, from $66 a barrel in 1980 to $20 a barrel in 1986 (in 2000 prices) certainly was a heavy blow to Soviet finances. Still, adjusted for inflation, oil was more expensive in the world markets in 1985 than in 1972, and only one-third lower than throughout the 1970s. And at the same time, Soviet incomes increased more than 2 percent in 1985, and inflation-adjusted wages continued to rise in the next five years through 1990 at an average of over 7 percent."