After infecting thousands of systems, it finally made it into the centrifuge control system (which was not connected to internet, btw) in Iran which used that specific version of centrifuges they wanted to destroy and did its thing (again fooling/avoiding any control mechanism which verified file/memory/... structure by injecting specific hacks in each control mechanism) and destroyed the centrifuges by just alternating the speed of the centrifuges by a tiny amount.
Eventually of course, it got caught and a lot of research has been done on Stuxnet. Showing us what a set of genius hackers can accomplish.
It is scary, it is dangerous, it should serve as a warning for anybody thinking IT security is ahead of the game. It is not, far from it. If it comes down to it, your systems are unsafe and open to whomever really want access. You are just lucky nobody, except for some simple criminals who are looking for some simple money or basic chaos, are really interested in your systems or information.
There are several white papers about Stuxnet (for instance the Symantec one ), and they are worth the read if you want to be amazed by what hackers can create.
4. My father was a vulnerability analyst for the DoD for two decades. I remember him telling me of one instance where DoD hackers accessed systems by using the EMF signals emitted from "secured" network cables that were laying close to unsecured network cables. Essentially, they were picking up the electro-magnetic signals (that all electronics emit) through a cable that was very near it, like a crude radio receiver. What's even more interesting is that not only could they steal data from the secured system, they could transmit signal into the secured system and do all manner of things.
I'm not sure how it works (or how much of it is classified), but the DoD has some very sophisticated equipment and methods for hacking.
5. Computer security guy here. Typing from phone, so I'll keep it short.
Gain full execution rights on your machine from a website by exploiting bugs in the browser or plugins. This can give them access to install malware and other nasty bits.
Create exploit kits to do #1 across all platforms with relative ease.
Do #1 and #2 from legitimate websites (even YouTube) by buying advertising space on them and embedding their exploit kits in the ads.
EASILY bypass AV using packing and polymorphic code. Detection is dead, and attackers know it.
Do the same as #1, but from a document, spreadsheet, or PDF.
Persist across reformats using bootkits.
Propagate into virtual machines.
Propagate out of virtual machines.
There's a ton more, but this is the main stuff that most people should be worried about.
Continue reading on the next page!