I’ve been transfixed by the Stuxnet worm since I heard about it. If you’re not up on all things Stuxnet, check out Bruce Schneier’s blog post explaining what we do and don’t know about Stuxnet and how it works. Here’s why people think Stuxnet was created by a government agency:

Stuxnet doesn’t act like a criminal worm. It doesn’t spread indiscriminately. It doesn’t steal credit card information or account login credentials. It doesn’t herd infected computers into a botnet. It uses multiple zero-day vulnerabilities. A criminal group would be smarter to create different worm variants and use one in each. Stuxnet performs sabotage. It doesn’t threaten sabotage, like a criminal organization intent on extortion might.

Read the whole thing.

Update: Security researcher Steve Bellovin’s Stuxnet post is informative as well. (Via @medley on Twitter.)