Like others, I'm also left wondering what methods the US is <i>really</i> using. Obviously, it's too soon to disclose all the details. But compare this (where the few strategies disclosed involve methods like "guess the answer to a security question") to something where we <i>do</i> know the details.<p>For example, the Stuxnet worm used multiple OS zero days and involved hacking or otherwise exfiltrating signing keys from multiple other third parties (<a href="https://www.quora.com/What-is-the-most-sophisticated-piece-of-software-ever-written-1/answer/John-Byrd-2" rel="nofollow">https://www.quora.com/What-is-the-most-sophisticated-piece-o...</a>). I bet a lot of that sort of thing is going on these days too, and we just don't know about it.