More detailed post from Kaspersky here <a href="https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/" rel="nofollow">https://securelist.com/analysis/publications/75533/faq-the-p...</a>
I find it ridiculous that any time a really well written malware is found it is assumed that it must have been written by a government. Since when has government been the example of efficiency and clarity that is requisite to high quality software? The Open-Source world is full of examples of non-state programmers writing excellent code that does amazing things.
Stoxnet was discovered by Belorussian anti-virus company, Duqu & Project Sauron were discovered by Kaspersky Lab. Are US-based anti-virus companies that bad or ...?
I am not a security expert, but it doesn't seem that hard to figure out how this is being done. Lots of money to an insider/spy/human that has access to the places one would like to install said malware. Most of these stories seem to involve good, old fashioned social engineering. Albeit, social engineering with with lots of money or another kind of leverage.<p>Or... maybe I am naive. I just tend to look at this stuff with how can we get this done the easiest way??? Human emotions are much easier to target than silicon.
Schneier is basically blogspam. Quotes entirely from another article, follows up with "I don't know what this means???" Why do people keep reading him?