Planet Money - Can computer hackers get inside your mind?
Episode Date: June 17, 2026The cyber weapon that might have prevented nuclear war.The U.S. and Israel have long been in conflict with Iran over their nuclear development program. Some of that conflict has been out in the open, ...with bombs and blockades, but some of it has been invisible. Recently some security researchers discovered a cyberweapon likely tied to that invisible conflict. It looks like it was designed to hide on nuclear scientists computers, then throw off their calculations--just as they got close to achieving their goals.Sounds like something out of science fiction. But it was created 20 years ago. On today’s show: a whodunit about hackers, ‘Cyber Paleontologists’, spy-vs-spy protocols, cryptic intelligence leaks, nuclear physics, high-precision math, and epistemological warfare.Pictured: Juan Andres Guerrero Saade (JAGS) and his ‘Fast16 - NOTHING TO SEE HERE, CARRY ON’ tattoo. Support:Planet Money+Read: Our book: Planet Money: A Guide to the Economic Forces That Shape Your Life Our weekly longform Planet Money newsletterOur weekly Indicator round-up newsletterFollow: InstagramTikTokYouTubeFacebookThis episode was hosted by Nick Fountain and Erika Beras. It was produced by Willa Rubin and edited by Marianne McCune. It was fact-checked by Charlotte Isidore and engineered by Kwesi Lee. Alex Goldmark is our executive producer.Music: NPR Source Audio - “High Tech Expert,” “Digital Wave,” and “Hyper Pop.”See pcm.adswizz.com for information about our collection and use of personal data for sponsorship and to manage your podcast sponsorship preferences.NPR Privacy Policy
Transcript
Discussion (0)
This is Planet Money from NPR.
On Friday, if all goes according to plan,
representatives from the U.S. and Iran will meet in Geneva
to sign another 60-day ceasefire agreement.
But the two sides still have not come to an agreement
on what's been at the heart of this war and decades of conflict.
Iran's development of nuclear weapons.
Right.
This conflict has been on again, off again for years.
And while the most recent iteration has been
very violent with bombs and blockades, there is a whole other almost entirely invisible war
that the U.S. and allies have been waging with Iran, using cyber espionage, or more accurately,
cyber sabotage, you know, computer viruses, malware.
Recently, we heard a story about a piece of malware that might have been used in this invisible war
that was diabolically cunning, because it exploited weakness.
in computers, yes, but also maybe in the human psyche.
The more I think about it, the more I think this must have driven people insane.
But it also might have saved the world from nuclear destruction.
We heard about this hack from someone whose job it is to identify computer hacks that could be a threat to all of us.
What's your name? What do you do?
My name is Juan Andreas Guerrero Saade, which is why everybody calls me Jags.
J-A-G-S. Jags, his initials are shorter and cooler.
Yeah, actually, he is a pretty cool guy.
He's got a foahawk, sleeves of tattoos.
He was on track to go get a Ph.D. in philosophy, but now...
I'm a security researcher, who I think would be the simplest term.
I think some folks would say cyber paleontologist.
Cyber paleontologist.
Like he digs for the remnants of cyber attacks.
Jags works for a cybersecurity company called Sentinel One.
It helps big companies like Samsung and the Golden State Warriors and the government protect their computers and networks.
Hacking is a whole industry.
And defending against hacks is this whole other industry.
Jags just so happens to have the raddest job of all,
which is dusting off old malware files buried deep on servers and reverse engineering how hackers got into systems in the first place.
and what they did when they got there.
So he can figure out how to defend against similar attacks in the future.
And Jags is kind of a big deal.
There are actually a couple of pieces in the International Spy Museum in D.C.
based on his cyber paleontology work.
This is a little crude, but in the Jurassic Park movie,
which paleontologist are you?
As long as you don't immediately default to Jeff Goldblum.
I was going to go, Jeff Goldblum.
But I think that he is like a chaos theory mathematician.
Which I think fits the bill, right?
What the hell do I actually know about paleontology?
Right.
We met up with Jaggs because we wanted to get a peek into the invisible war
because Jags has made a stunning discovery of a highly specialized, highly sophisticated cyber weapon.
Often, these weapons don't even get detected.
If they do, it's not usually until years later when someone like Jags comes across.
an old fragment and tries to reconstruct what top secret mission the weapon was designed to carry out.
For Jags, the fragment he found wasn't even a piece of code.
It was just six words. It came from a leaked list of malware from the NSA.
Yeah, the list came from this tool the NSA had, meant to help NSA operators while they were hacking into some computer in enemy territory,
figure out whether some other hacker was already there.
And if so, whether they were friends or foes.
Essentially, it'll run all these checks,
and it's going to give the operator,
it's going to give a list of instructions of saying,
hey, look, suspicious thing here.
We don't know what that is.
Known malware, pull back.
Like little warning signs.
And this was a budding cyber paleontologists dream.
Each piece of malware on that list had the potential to teach you so much about how the world's top hackers were getting the job done.
And maybe one would turn out to be an incredibly sophisticated cyber weapon.
Jags, with great excitement, got a hold of this list and started scouring it for something he should start digging into.
And one item screamed, look here.
There's one, just one line.
that's like completely different to all the other ones.
Okay.
And it's, it just says fast 16, nothing to see here, carry on.
In all caps.
That's it.
There's nothing else like it.
Fast 16 was what the NSA was calling the malware.
And the cryptic instruction the agency was giving its operators,
not seek help or pull back.
Simply nothing to see here, carry on.
You can't put that there.
It was like catnip, right?
It felt like bait.
We couldn't let it go.
I couldn't let it go.
He didn't let it go.
He had to know what this thing was.
What did it do?
What was its target?
The NSA seemed to know about it, but who made it?
And what was so top, top, top secret that the NSA was resorting to Jedi mind tricks to try to keep its own people in the dark?
At this point, Jags just had the name of this malware.
Fast 16, just a tibia.
But he was able to use that to dig up the rest of the bones.
Basically, he rummaged around this public library of suspected malware until he found it.
And eventually, he was able to put together the pieces of the skeleton that is Fast 16.
But still, when you try to reverse engineer it to understand what its secret mission was, he couldn't.
I worked these, like, cracked out nights.
And very often, I'll run into something.
I'm like, oh, my God, I found this.
amazing thing. And then by the morning, you're like, no, this doesn't work. We call this the
Valley of Despair. Oh, yes. I have built a home in the Valley of Despair. I'm in the
process of gentrifying the Valley of Despair. If any of you would like to join me there.
After many, many fruitless nights, weeks, months, Jags had to turn to other projects and had to put Fast 16 down.
But to remind him of what was not solved, he inked Fast 16 on his skin forever.
Fast 16 has been on the back of my arm for a while now.
You got it tattooed?
Oh, yeah.
Where is Fast 16?
You can see Fast 16 and nothing to see here.
Nothing to see here. Carry on.
Hello, and Woke to Play the Money.
I'm Nick Fountain.
And I'm Erica Barris.
Today on the show, nothing to see here.
Carry on.
Yeah, Jag sets out two.
solve the mystery of Fast 16 and finds a cyber weapon with the potential to chip away at our very grasp of reality.
So, what was this mysterious piece of malware that was so secret that the NSA was using Jedi mind tricks to try to keep their people away from it?
And so enticing that security researchers, or at least one overcaffeinated keyboard-wielding security researcher, got it tattooed on.
on his tricep, theoretical tricep, yes.
Jags, said researcher, was pretty blocked.
But he knew he had to keep at it
because he had a hunch that Fast 16 might reveal
important details about that invisible side of the conflicts
we read about every day.
Like back when security researchers discovered
a cyber-sabotage operation that blew everyone's mind,
it was called Stuxnet.
Yeah, Stuxnet is kind of the mother-of-all-all-sort.
cyber-sabotage operations.
In many ways, my industry is birthed by the discovery of Stuxnet.
For those not familiar, Stuxnet was this absolutely bonkers hacking operation
that reportedly slowed down Iran's nuclear program back in the mid-2000s.
And to hear Jags describe it, it totally redefined what was possible.
So before Stuxnet, if you went to these antivirus conferences with a lot of fun gals and guys,
the possibility of cyber espionage was discussed as that, as a possibility.
It was theoretical.
It was theoretical.
Wouldn't be cool.
This might be happening.
Yeah.
You're like, there's no way.
People won't.
There's value there, of course.
And then, you know, Stuxnet is discovered.
And you realize, not only has this been happening and at a scale and capacity way above
anything we'd ever found before, but it's been happening for years.
What had been happening was that Israel and the U.S., allegedly, had used cyber weapons to destroy real-world physical things.
They did this by managing to get a thumb drive into Iran and inserting malware into the computer network at the heart of their uranium enrichment program, the system that controlled the centrifuges.
And Stuxnet was very, very clever.
It spread throughout the network and carefully noted how everything looked when it was working,
normally, saved that, and then gave the centrifuges instructions to go haywire, speeding up and
slowing down and breaking, all while making everything in the computer system look a-okay, look normal.
So the operators are hearing that these things are like making these weird noises, they're spinning
up, it sounds like things aren't going well in this room next door, but I'm looking at the computer
and the computer tells me everything's normal.
All in all, Stuxnet reportedly destroyed a fifth of all the centrifuges that Iran was using.
It led to nuclear scientists getting fired.
And most importantly, it is widely believed to have slowed down Iran's nuclear program.
And to the cyber paleontologists of the world like Jags, when the bones of Stuxnet were dug up,
they revealed this whole new age of cyber warfare.
But Jaggs always believed that Stuxnet was just a hint of what was out there.
Just a tibia.
Clearly, we didn't even know about all the different things they were doing.
So, year after year, Jags remained committed to figuring out his white whale,
figuring out the puzzle of Fast 16.
Who made it?
Who were they targeting?
what exactly were they doing to that target and how.
But he didn't make much progress until earlier this year, for a very this year reason, AI.
Yeah, here's why.
Jags heads a big team of researchers at his cybersecurity firm.
And like everyone else these days, he was wondering, could these new AI tools help us in our jobs?
Could they do our jobs?
Could they do a job that was so hard even I, Jags,
couldn't do it. Could they solve the puzzle that is Fast 16?
There is no public guide to solving it.
If it's going to figure it out, it's going to have to figure it out just in this little sandbox
with a few tools and go, all right, kid, like, what can you do?
Jags sent a colleague to oversee these AI tests.
That colleague was Vitaly Kamloek, a Belarusian cybersecurity researcher who also has a foahawk.
He lives in Singapore and according to Jags is very zen-like.
And Jacks says Vitali, like.
like any self-respecting human, he decided to
John Henry style tried to beat the machines.
I, being put in that position, would have said, cool,
let's go make the AI sweat.
And Vitale being a much more patient Zen master style dude,
he said, well, if I'm going to know if it's doing well,
I need to know what this thing does.
And Vitaly spent like two weeks in a black,
dark hole somewhere, not answering messages, nothing.
I was like, is this guy okay?
Like, what happened to Vitaly?
And all of a sudden, I get a message from Vitaly, super late, I guess, for him.
Yeah, yeah, it was like about 1 a.m. or so.
And he's like, hey, man, like, I need to talk.
Jacks, yeah, we need to talk.
This, of course, is Vitaly Kamluk, reverse engineering legend.
He describes you as zen-like.
Do you think that's fair?
Zen-like.
Yeah.
Does it make me more peaceful and simple?
I hope so, but...
But on this call, he was not very zen-like.
Vidali said he'd done the reverse engineering,
and he'd had the AI models double and triple-check his work.
And now, Jack says, he seemed pretty disturbed.
He's like, look, I need you to test me here,
but, like, all the models at least agree with me,
so I now need to talk to a human being.
This is Stuxnet-like.
And I hear that kind of nonsense from students,
right? Like, you know, I hear this kind of, I'm like a lightning rod.
Anybody in this industry is a lightning round for like DMs from people clearly having like schizophrenic episodes about like the government spying on me.
So you hear this kind of stuff all the time.
When you hear it from Vitale, who's a very measured person, it makes you take pause.
You go, okay, what are you talking about? What do you mean?
Vatali explained they're from the same era, the mid-2000s.
And even though they don't share any code, they seem to share similar architecture.
But Vatali couldn't figure out what exactly Fast 16's mission was,
only that it targeted the part of a computer that did complex math.
Think of it as like floating point math, like the really, really details-based, hard calculation stuff
that most of the time you never deal with.
And I've never run into a piece of malware that does that.
Jags says he's never seen malware that messed with high precision math.
Most spy malware is designed to steal data or like in Stuxnet make things go haywire.
But this one was basically telling the computer 2 plus 2 equals 5.
So at this point, Jags had found Fast 16 buried in a cyber library based on a hunch that it was something to pay attention to.
And Vitaly had confirmed it was.
Because who messes with math?
And maybe more importantly,
whose math were they messing with?
Who is running high precision calculations back in 2005
doing something so interesting
that it got somebody to build a super specific custom piece of malware
to modify and mess with their workloads?
Everything about this thing screams special.
Like it screams unique.
It screams groundbreaking.
And I think what's most excruciating about it is that the mystery won't yield.
Like you're just kind of have to keep pushing and say, okay, why?
After the break?
Okay.
I guess we're back to the trenches of like, okay, how do we nail this thing?
Jags puts all the pieces together.
So, Jags and Vitale, still separating.
by a 12-hour time difference set out to answer their next question.
Whose math was Fast 16 designed to target?
And pretty quickly, they come upon a major clue.
By looking at a rules engine embedded in Fast 16's code,
like a list of instructions, basically if-then rules.
If Fast 16 sees something happen on a computer.
Then it goes, oh, I've recognized this thing.
What does my rule engine say?
Oh, if I find this thing, then I need to change these six bytes into these six other bytes.
If I find this thing, then I need to set this thing back into whatever the old value was.
If I find this thing, right?
But what the hell do those six bytes represent?
So they start scanning old systems and software from way back in the day looking for those strings of bytes.
Jack says it was like looking through a mathematician's notebook of scribbles for a particular string of numbers,
which is not easy.
And it's not like old code just exists out in the wild.
But eventually they do find a few pieces of software
that contains some of those same strings of six bytes,
which all had to do with complex physics modeling.
Like how to design a car that'll crumple safely when it crashes
or a bridge that will withstand an earthquake.
For Vatali, the idea that someone was targeting calculations
that were supposed to keep us safe was incredibly disturbing.
Like, do they have limits, really?
Like, it's just a new type of kind of evil ideas.
I felt that the target was scientists, civil engineers,
corrupt their calculation results
that would eventually produce risks for lives of others.
So I was terrified, like, why would people do that?
Very soon, they had a breakthrough that kind of answered the question,
question. Jaggs was searching around for one of those pieces of software. It's called L.S. Dinah,
in short for Livermore Software Dynamic Analysis.
Something that I run into right away, as I'm looking up L.S. Dinah, is this report by
the good ISIS. That's what they call themselves. I don't know what ISIS stands for.
It's some kind of think tank. The Good ISIS.
Institute for something or other. And the Good ISIS has this report saying, if you look back,
at this research that Iranian scientists have been publicly putting out, you can see that they were using software that they shouldn't have been using.
They knew that these guys had this piece of software, L.S. Dina.
Yeah. And what's interesting is the example they put for L.S. Dinah is trying to figure out the right explosive materials for nuclear payloads.
In other words, this documentation from the Institute of Science and International Security
seemed to suggest that the software FAS16 was supposed to mess with
was being used by Iranian nuclear scientists to maybe design nuclear bombs.
So that was the software that the FAST 16 malware was likely targeting,
telling it, if you find these bites, change them to these other ones.
But why change those specific ones?
What would changing the math in the software achieve?
To solve that part of the puzzle, they had to get their hands on that software the Iranian scientists were using.
A very bespoke piece of physics modeling software released decades ago, very much not on the app store.
Did you pay for it?
No.
You can't buy it.
You can't just buy it.
And moreover, people don't love it when you're like, hey, do you happen to have a copy of,
your software from 21 years ago.
Like, why? I'm like, don't worry about it.
Don't worry about it. Just, you know, so you've got to get your hands on this thing somehow.
And Jags and Fatali did.
And what they found was that Fast 16 was designed to hide in scientists' computers and do nothing.
Basically to keep watch, to wait for LS Dinah to get installed.
At that point, it would stay low key until it's so.
saw the computer doing these very specific tests that only someone developing a nuclear warhead would be doing.
It had to do with the pressure calculations to simulate a nuclear explosion.
And that is when Fast 16 would do its mayhem.
At the point when the engineers got near the pressure they needed,
Fast 16 would throw those calculations off by changing the math.
The old 2 plus 2 equals 5 trick.
And furthermore, it was designed to spread from computers.
to computer.
The idea being that if you, if I come to this computer and I run this simulation workload and go,
hey, those results don't look right.
Let's go try this other computer and you go and you run it in the other one.
That too will give you the right wrong answer.
The exact same wrong answer.
Exactly.
So the idea was to drive these people nuts, right?
Like you go and like it's right math wrong answer, right formula wrong answer over and over
everywhere you go.
And you probably don't know that it's wrong.
until you then go and try to do another thing with it.
And you go, damn it, this thing is not working.
Yeah.
Right?
Like, it's devious.
The cunning of this attack is truly fascinating.
Because at some point, I think, before you ever consider that the computers are wrong,
you almost certainly look at these scientists and go, maybe you guys are clowns.
Maybe you guys don't know what the hell you're doing.
Jags and Vatali were flabbergasted by the sophistication and the technical prowess of this malware from
decades ago, not just the cody parts, but also the deep knowledge of nuclear physics.
And after so many late nights of being haunted by Fast 16,
Jags and Fatali were finally able to announce in April of this year that Fast 16, which they'd
started looking into on a hunch, was indeed a major cyber weapon, whose mission seemed like
it was to sabotage Iran's nuclear development program.
Was it worth the weight?
Absolutely.
I mean, walking around with this bag of open questions, right?
Yeah, there are still some unknowns.
Number one, we don't know definitively that this was targeting Iran.
For example, North Korea also had nuclear ambitions at that time.
You look back and you go, well, North Korea was having a whole lot of problems with their missile program back then.
We don't know where all these things were being used.
We just know of one target that they definitely.
use this kind of stuff against, which is Iran.
You're that confident?
Look, let's put it a different way, right?
We've never, ever, ever, ever, ever, ever, ever heard of anybody doing this kind of cyber
sabotage anywhere for anything other than the Iranian nuclear program in the same era
as when Fast 16 is developed.
Thing number two, we don't know?
Who did this? It has echoes of Stuxnet, which is widely reported to have been deployed by the U.S. and Israel.
But when we reached out to the NSA and the CIA and the Israeli defense forces and asked them,
was Fast 16 U? They didn't deny it.
They didn't confirm it either.
Yeah, that's true too. The IDF never got back to us.
And the others said basically, sorry, but we have nothing to offer you on this.
Jags, for his part, also checked in with them.
Before you publish, do you reach out to the U.S.
U.S. and Israeli intelligence community and ask them, are we going to blow your cover?
Yeah.
Yeah, but I won't go too far into that, right?
Like, most of the time, we are good collaborators and good friends.
Do these meetings happen in person?
No.
Was there any pushback this time?
No.
Meaning, we're not worried about you blowing our cover, you weird paleontologists.
This stuff is 20 years old.
Right.
And the third thing we don't know is why the NSA wrote in reference to Fast 16,
the instructions, nothing to see here, carry on.
Was that like with a wink?
One day when this stuff is declassified, we might get an answer to all three of those questions.
But we're much less likely to figure out, did Fast 16 change history?
Jack says he sure was deployed because he couldn't have found it otherwise.
But, like, did it slow down Iran's or someone's nuclear program?
Did it bring them to the bargaining table?
Yeah, did it prevent nuclear war?
And the last enduring mystery?
How did FAS 16 mess with the minds of the scientists who encountered it?
Like, I have this picture in my head of the nuclear scientists in Iran, working on this project of intense national significance.
Presumably, their boss's boss was constantly giving up.
updates to Iran's president or the Ayatollah.
And these scientists would have been doing their experiments right.
And then infuriatingly getting the wrong answer.
Is epistemological warfare what you would call this?
If I had called it that, they would have said I was just being pretentious.
I wouldn't have allowed myself that as a repentant philosopher.
Yeah, but as a repentant philosopher.
Yeah, sure.
I think epistemological warfare is a fascinating way to frame it.
Break that out a little for me.
Well, I think the, we take for granted how much we take for granted.
Certainty, people think that certainty is a matter of coherent deduction, that somehow
you're sitting here and you have this perfect cohesive worldview.
That's not actually how it works.
That's not how anything works.
If you questioned everything in your life, you would be paralyzed, right?
If you question that when you, you know, get out of bed, you don't know if, like,
the floor is going to hold you, right?
You wouldn't be able to function.
Jaggs told us about an interaction he recently had with Vitali that kind of brings this home.
They were in Singapore, where Vatali lives, on their way to a hacker conference to present their Fast 16 research.
He gets us on a train and he goes, oh, look, it's a driverless train.
The train just, you know, and I can't remember we were talking about something to do with Fast 16.
He stops and he goes, I mean, this is precisely the thing.
the kind of system that you would degrade with this kind of attack.
You know, there was a collision, and they said there was no cyber attack involved.
And then we look at each other and we go, you know, you kind of shrug and you go, well, as far as we know, right?
What I find fascinating is that these experts who spend their lives staring at computers,
who know their capabilities more than anyone, are also some of the most skeptical people when it comes to trusting
computers. Does that ever get to you? No. No, I don't know. I'm telling you, man, I'm not wired
quite the right way. To me, questioning everything does seem paralyzing, but they seem well
attuned to life in the computer age, life in the time of epistemological warfare. If you are an
intelligence operative who has info on a clandestine operation and want to tell me about it,
You can reach me at, you know.
Who am I kidding?
You know how to find me.
And if you live outside the United States, we also need your help.
For Planet Money Summer School, we are scouring the world for the most interesting, surprising, economic ideas that should spread.
Think like a different way to do taxes, a mega project that came in under budget.
Somehow, rent is cheap.
Get in touch and tell us about an idea the world should know about.
Email us at Planet Money at npr.org and put summer school in the subject.
We might use your idea on the podcast.
This episode was produced by Willa Rubin and edited by Marianne McCune.
It was fact-checked by Charlotte Isidore and engineer by Quasi Lee.
Alex Goldmark is our executive producer.
Special thanks to the research team at Symantec, who also dug into Fast 16.
Andy Greenberg from Wired, who broke the story.
Kim Zetter, who wrote the definitive book about Stuxnet, and David Albright of, and I can't believe I'm saying this, the good ISIS, which now I know stands for the Institute for Science and International Security.
Jags has a podcast with also a funny name. It's called the Three Buddy Problem.
I'm Nick Fountain.
And I'm Erica Barris. This is NPR. Thanks for listening.