While it is pretty difficult to answer what a piece of code written by a government would look like, a useful piece of information is also that the code targeted 4 different 0-day bugs [1].
If we consider previous reports on 0-day pricing [2], this alone could put the cost fo the worm at over $200000 making it more likely to be built by a well funded adversary.
It really doesn't matter if they bought the 0days or researched them themselves - either way they either spent the cash or gave up the opportunity to earn the cash from them, which is equivalent. They still put ~$200,000 worth of resources into the worm.
Agreed, but I think the best evidence of large sponsorship is in that factory system recognition and parameter modification code. We don't really understand the sophistication until it actually chooses to execute, but access to those kind of specifications would require some fairly extensive research resources, someone that an individual or small team would have trouble getting alone.
yes, but a talented individual would probably sell those vulnerabilities since they worth so much, rather then use them for some obscure, probably not money earning, goal.
That's just moving one layer of indirection. If vulnerabilities are worth money, presumably so they can be exploited, then why isn't it possible for someone to be motivated to use vulnerabilities and also having the talent to discover them?
You're making the assumption that a government would not pay for the development and exploitation of those vulnerabilities, which is de facto false considering the current "cyberdefense" capabilities of developed countries.
If it's indeed created by Israeli Intelligence, then at least R&D costs will be close to nothing.
Israeli military has mandatory service. 18-21 years old programmers/hackers work day and night almost for free.
I think there's some very experienced, very talented people working on this. Security is one area where I believe that the older you are and the more hours you've clocked and exploits you've thoroughly understood, the better you are.
Our defense budget is 7% of our GDP, which is the 5th highest rate in the world (according to wiki). I would hardly call that free. Also, there is a shortage of tech talent here and the salaries are quite high. So there are also hidden costs with the military getting people to work for "free".
First it's 8.5% of GDP in 2009, but in absolute numbers it's only $14.3B (including US aid, which has to be spent in US).
This peanuts for being a regional superpower.
About half of the budget goes to salaries of officers, permanent servicemen and civilian contractors.
The danger there is the "common thinking" that this puts it squarely in the realm of governments.
However, at such a price point you're still well within the remit of organised gangs; they, for example, will spend a fortune on viruses and other malware - it's big big business.
[1] http://en.wikipedia.org/wiki/Zero-day_attack [2] http://weis2007.econinfosec.org/papers/29.pdf