The worm Stuxnet was programmed to affect computer systems of five nuclear facilities located in Iran. The media reported the worm as being the first "cyber-weapon" used and were speculating that certain States might have been the creators of the malware - suspecting in particular the involvement of USA and Israel within a long-term operation code-named "Olympic Games". The discovery of Stuxnet showed the possibility of malicious infections of computer systems of a State's critical infrastructure, even if disconnected from the Internet, and changed the perception of danger in the context of national security considerations. Legally assessing the implications of the creation, installation and control of Stuxnet is especially challenging because of the lack of detailed and reliable information relating to its origin and the physical effects it (indirectly) caused outside the targeted computer systems. Based on the assumption that one or more States created, installed and controlled the worm, the present public international law analysis shows that Stuxnet can be considered a "legal masterpiece".