The attackers behind Duqu and Stuxnet had already struck at the underpinnings of the validation system that made the internet possible—first by stealing individual security certificates from the companies in Taiwan to sign the Stuxnet drivers, then by sending Duqu to steal data from a certificate authority itself. But this exploit went even further than that by subverting the trust between the world’s biggest software maker and its customers.
