Chien and O’Murchu wondered if a team of curators had scouted hacker forums and security sites to collect information about holes and exploits that the Stuxnet attackers could use in their assault or if they had simply purchased the exploits readymade from brokers.
Many (if not all?) the zero-days and other exploits like the Siemens hardcoded passwords were already out there (though MS hadn’t noticed or patched—or were paid to suppress patches?). So looks like the authors might not have found any vulns on their own. Might explain the sloppiness elsewhere?
There's later discussion of just how wide open the PLCs were. Widely known firmware-stored passwords as backdoors through the sole authentication mechanism (pwds), no digital signing, no encryption etc.
