One important aspect of Stuxnet is that it apparently activates wherever it is introduced, to look for the condition it is supposed to target; i.e., the presence of the particular Siemens controller. It has therefore infected thousands of computers in at least 115 countries around the world, but the distribution is not even close to random. The great majority of the infections have been detected in India, Indonesia, and Iran.

This frankly doesn’t sound to me like something the US or Israel would cook up. Besides being irresponsible, it’s inelegant, and dramatically increases the likelihood of detection before the worm can achieve its goal. It’s unnecessary – if the goal is sabotage.

The emphasis on eruptions in India, Indonesia, and Iran is also hard to explain. Why not two other nations and Iran? That it could be random seems very unlikely. One’s first thought would be that a set of similar USB drives was shipped to each country for some innocuous, probably even non-nuclear-related purpose. Siemens does business with all three, although if a set of drives was tampered with, the provenance wouldn’t have had to be Siemens. It would, however, have presumably been a company that does business with all three nations.