Re: Kaspersky employee Aleks's blog on securelist is worth reading over
Your 2nd point is EXACTLY what my first thoughts were when the author plays down the infection rates.
If it is capable of erasing it's presence and has had at least 2 years, maybe 5 years to spread and gobble info, the fact that only 1000 concurrent infections have been verified means FA.
If the "insert large governmental institution of your choice" had 1000 people each tasked with slurping the useful stuff off a machine each day, then spreading and finding the most interesting one the next day lets do the math:
1000 * 5 (working days a week) * 48 (working weeks a year) * 5 (years) = 6 million possible machines infected at this work rate.
So that is in the same order of magnitude as conficker etc. Of course I have zero evidence to back this up, however Mr. Author, you also have zero evidence the impact was so small and benign.
And what is this about wiper? It strikes me that if you didn't want to bring in 1000 people on this you could easily have your corporate hacker team write a script to very much automate the infect, check pc for keywords/data types, spread, delete self routine and maybe hit every "connected" machine on earth in the same timescale. Maybe this script is also pretty smart and happens to go by the "Wiper" name?