Jags has work based on his cyber paleontology research displayed at the International Spy Museum in Washington, D.C.
Can computer hackers get inside your mind?
A 20-year-old cyberweapon likely targeted Iran's nuclear scientists by silently corrupting their math — making them doubt themselves, not their computers.
Planet Money
Can computer hackers get inside your mind?
A 20-year-old cyberweapon likely targeted Iran's nuclear scientists by silently corrupting their math — making them doubt themselves, not their computers.
TL;DR
A cybersecurity researcher known as Jags (Juan Andrés Guerrero Saade) spent years haunted by a cryptic NSA malware entry labeled "FAST16 — NOTHING TO SEE HERE, CARRY ON." With help from colleague Vitaly Kamluk and AI tools, they cracked the mystery: FAST16 was a sophisticated cyberweapon likely deployed against Iran's nuclear program in the mid-2000s [1] — Juan Andrés Guerrero Saade "Jags's colleague Vitaly Kamluk disappeared for two weeks into the FAST16 problem, using AI to verify his reverse engineering. What emerged:…" 12:20 . It hid on scientists' computers and silently corrupted high-precision physics calculations [2] — Juan Andrés Guerrero Saade "The string of bytes in FAST16's code matched LSDyna, a physics modeling program. A think tank report revealed that Iranian nuclear scientis…" 18:50 — making nuclear warhead simulations yield subtly wrong answers every time, on every machine, driving researchers to doubt themselves rather than their computers [3] — Juan Andrés Guerrero Saade "Certainty isn't coherent deduction — it's a background assumption that lets you function. FAST16 weaponized that assumption, forcing scient…" 28:15 . The key takeaway: cyberwarfare's most devastating weapon may not be destruction, but manufactured epistemic uncertainty.
Cybersecurity researcher Juan Andrés Guerrero Saade ('Jags') uncovers FAST16, a 20-year-old cyberweapon likely designed to sabotage Iran's nuclear program by silently corrupting high-precision math calculations — driving scientists to doubt themselves rather than their computers. A story about hackers, cyber paleontology, nuclear physics, and epistemological warfare.
-
The episode opens with a sponsor message before Erika Beras sets the geopolitical scene: US and Iran representatives are heading to Geneva for ceasefire talks, but the core conflict over Iran's nuclear program remains unresolved. Nick Fountain layers in a second dimension — an almost entirely invisible cyberwar running alongside the physical one. He teases the discovery of a piece of malware so psychologically sophisticated it might have driven Iranian nuclear scientists insane, and possibly saved the world from nuclear destruction. The hook is irresistible: a cyberweapon that attacked not just machines, but human certainty itself.
-
The hosts explain they sought out Jags to get a window into the invisible cyberwar. Juan Andrés Guerrero Saade — everyone calls him Jags — has a fauxhawk, sleeves of tattoos, and was on track for a philosophy PhD before pivoting to cybersecurity. He describes his role as a 'cyber paleontologist': digging up old malware buried on servers, reverse engineering what top-secret missions they were designed to carry out, and using that knowledge to defend against future attacks. [1] — Juan Andrés Guerrero Saade "Jags reverse-engineers old malware buried deep on servers to understand how hackers got in and what they did — so future attacks can be sto…" 01:59 Jags works at SentinelOne, protecting clients as varied as Samsung, the Golden State Warriors, and the U.S. government. The team notes his work is so significant that pieces based on it sit in the International Spy Museum in Washington, D.C. He jokes that in Jurassic Park terms, he's more Jeff Goldblum than Alan Grant — which, for a chaos-theory aficionado digging up digital dinosaurs, seems about right.
-
The fragment that launched Jags's investigation wasn't even a piece of code — it was just six words from a leaked NSA malware identification list. The tool was designed to help NSA operators in the field determine whether other hackers were already present on a target system. Every other entry had a standard warning: 'known malware, pull back.' Every entry, that is, except one. FAST16's entry simply read, in all caps: 'FAST16, nothing to see here, carry on.' [1] — Juan Andrés Guerrero Saade "Out of an entire leaked NSA malware list, one entry stood completely apart: 'FAST16, nothing to see here, carry on' — in all caps, with no …" 03:35 No warning, no instruction — just a dismissal. For a budding cyber paleontologist, this was pure catnip. Jags rummaged through public malware archives until he located the actual FAST16 code, and began the slow, painstaking work of reconstructing its skeleton. But even after assembling the full structure, its secret mission eluded him — leading to months of what he calls 'cracked-out nights' and residence in 'the Valley of Despair.'
-
Unable to crack FAST16 and forced to move on to other projects, Jags took an unusual step to ensure he'd never forget the unsolved puzzle: he had 'FAST16, nothing to see here, carry on' tattooed on his arm — visible proof of his unfinished business. [1] — Juan Andrés Guerrero Saade "After months of fruitless nights failing to decode FAST16, Jags made a decision most researchers wouldn't: he tattooed 'FAST16, nothing to …" 06:49 He shows the hosts during the interview, pointing out the exact words on his tricep. It's both a researcher's memento and a kind of self-imposed pressure: the mystery was now literally written on his skin, waiting to be solved.
-
Jags explains that Stuxnet, discovered in the late 2000s, effectively created the cybersecurity research industry by proving that large-scale offensive cyberoperations had been happening for years — at a scale far beyond anything researchers had imagined. [1] — Nick Fountain "Before Stuxnet, offensive cyberweapons were theoretical. Then Israel and the U.S. allegedly used malware to make Iran's uranium enrichment …" 09:16 The weapon allegedly infiltrated Iran's centrifuge network via a thumb drive, mapped normal operations, then commanded the machines to spin wildly out of control while feeding false 'all normal' readings to operators. The result: operators heard disturbing noises from the machine room while their screens insisted nothing was wrong. Stuxnet reportedly destroyed about a fifth of Iran's centrifuges, got nuclear scientists fired, and is widely believed to have set back Iran's nuclear program — all without firing a single shot. For Jags, Stuxnet was just 'a tibia': proof that the full skeleton of invisible cyberoperations was far larger and stranger than anyone knew.
-
Fast forward to the present day: Jags runs a large research team and wonders whether new AI tools could solve what years of human effort couldn't. He assigns the FAST16 problem to Vitaly Kamluk, a Belarusian cybersecurity legend based in Singapore, known for his calm, Zen-like demeanor. [1] — Juan Andrés Guerrero Saade "Jags's colleague Vitaly Kamluk disappeared for two weeks into the FAST16 problem, using AI to verify his reverse engineering. What emerged:…" 12:20 Rather than jump straight to testing the AI, Vitaly first spends nearly two weeks doing the reverse engineering himself — going completely dark, not answering messages — so he'd know whether the AI was getting it right. Then, at around 1am Singapore time, Jags gets a message: 'We need to talk.' Vitaly tells him he's had the AI models double and triple-check his work, and they all agree. The verdict: FAST16 targeted floating-point, high-precision math calculations — a type of operation no malware had ever touched before, and one exclusively associated with complex scientific modeling. Hearing this from the usually unflappable Vitaly, Jags takes it very seriously.
-
The episode breaks for a series of sponsor advertisements: Whole Foods Market promotes its summer cookout products; Schwab introduces its new Teen Investor Account; Ethos promotes online life insurance with no medical exam and same-day coverage up to $3 million; and Odoo pitches its all-in-one business management software platform with a free trial. These commercial reads take up approximately two minutes before the investigation resumes.
-
With the knowledge that FAST16 targeted high-precision math, Jags and Vitaly search old systems for software containing the same strings of bytes embedded in FAST16's rules engine. The results point to complex physics modeling software — the kind used to simulate bridge stress tests or car crash dynamics. [1] — Juan Andrés Guerrero Saade "The string of bytes in FAST16's code matched LSDyna, a physics modeling program. A think tank report revealed that Iranian nuclear scientis…" 18:50 But one software package stands out: LSDyna, short for Livermore Software Dynamic Analysis. When Jags searches for LSDyna online, he stumbles upon a report from the Institute for Science and International Security — 'the good ISIS' — which documents that Iranian nuclear scientists were publicly using LSDyna for calculations involving explosive materials for nuclear payloads. This is the key link: FAST16 was designed to corrupt calculations in the exact software Iranian nuclear scientists were using to design nuclear bombs. Vitaly's initial horror makes sense: this malware could theoretically corrupt any safety-critical engineering calculation — bridges, cars, aircraft — raising profound ethical questions about the limits of cyber sabotage.
-
With LSDyna identified as the target, Jags and Vitaly finally obtain a copy of the old software and confirm FAST16's full mission. [1] — Juan Andrés Guerrero Saade "FAST16 hid silently on computers until it detected the specific pressure calculations used to simulate a nuclear explosion. Then it corrupt…" 23:00 The malware was designed to do nothing — absolutely nothing — until it detected the very specific pressure calculations used to simulate a nuclear explosion. At that critical threshold, and only then, it would alter the mathematics just enough to produce wrong answers. The true genius was in the propagation: FAST16 spread from machine to machine and produced the exact same wrong answer on every one. [2] — Juan Andrés Guerrero Saade "FAST16 didn't just corrupt one machine — it spread computer to computer and gave the exact same wrong answer on every one. That coherence w…" 23:25 If a scientist suspected one computer and switched to another, they'd get the same result — and conclude the problem was human error, not malware. Jags describes it as 'right math, wrong answer, right formula, wrong answer, over and over everywhere you go.' The psychological damage was the point: scientists and their supervisors would doubt human competence long before suspecting sabotage. Jags and Vitaly publicly announced their findings in April 2025.
-
Despite their breakthrough, Jags and the Planet Money team are left with three enduring mysteries. First: was Iran definitely the target? North Korea also had active nuclear ambitions in the mid-2000s, but Jags is confident the circumstantial evidence all points to Iran — no similar cyber sabotage has ever been documented against anyone else in that era. Second: who built it? It has Stuxnet-like fingerprints — widely attributed to the US and Israel — but no one has confirmed this. Planet Money reached out to the NSA, CIA, and Israeli Defense Forces; none confirmed, none denied, and the IDF never responded. Jags's own check-in with the intelligence community before publication met no resistance — which he reads as confirmation that 20-year-old secrets don't need protecting. Third: why did the NSA write 'nothing to see here, carry on' about FAST16 in their own detection tool? Was it a genuine misdirection to protect an allied operation? A wink from the agency? One day, declassification may answer all three.
-
Nick Fountain asks Jags whether 'epistemological warfare' is the right framing for what FAST16 did. Jags — who was once heading toward a philosophy PhD — takes the bait. [1] — Juan Andrés Guerrero Saade "Certainty isn't coherent deduction — it's a background assumption that lets you function. FAST16 weaponized that assumption, forcing scient…" 28:15 He explains that certainty isn't a product of careful deduction; it's a background assumption that lets us function at all. If you questioned every step — whether the floor will hold you, whether the train is safe — you'd be paralyzed. FAST16 weaponized that assumption, forcing scientists to question their results, their methods, and ultimately themselves. The episode closes with a vivid anecdote: Jags and Vitaly, riding a driverless train in Singapore on their way to present their FAST16 research at a hacker conference, when Vitaly notes that this is exactly the kind of system FAST16-style malware could degrade. There'd been a train collision recently. Officials said no cyberattack was involved. Jags and Vitaly glanced at each other and said, 'Well, as far as we know.' The people who understand cyber threats best are also the least able to trust anything.
-
Nick Fountain wraps up with a call-to-action: if any intelligence operatives want to share information about clandestine operations, 'you know how to find me.' Erika Beras adds a request for international listeners to submit surprising economic ideas for Planet Money Summer School. Credits roll: produced by Willa Rubin, edited by Marianne McCune and Jess Jiang, fact-checked by Charlotte Isidore, engineered by Kwesi Lee, executive producer Alex Goldmark. Special thanks go to the Symantec research team, Wired journalist Andy Greenberg who broke the FAST16 story, Kim Zetter who wrote the definitive Stuxnet book, and David Albright of the Institute for Science and International Security. Nick notes that Jags hosts a podcast of his own called The Three Buddy Problem. Closing sponsor spots from American Home Shield and Capella University end the episode.
- Cyber paleontologist
- A cybersecurity researcher who excavates and reverse-engineers old, often dormant malware to understand how past attacks were conducted and protect against similar future ones.
- Malware
- Malicious software designed to infiltrate, damage, or manipulate computer systems without the user's consent.
- Stuxnet
- A sophisticated cyberweapon, allegedly developed by the US and Israel, that sabotaged Iran's uranium enrichment centrifuges in the mid-2000s by causing them to malfunction while reporting normal status.
- Floating-point math
- High-precision computer arithmetic used to represent very large or very small real numbers; critical in scientific simulations where small rounding errors can have major consequences.
- LSDyna (LS-DYNA)
- Livermore Software Dynamic Analysis — a complex physics simulation program used for modeling structural impacts, explosions, and crash tests; reportedly used by Iranian nuclear scientists for nuclear payload calculations.
- Reverse engineering
- The process of analyzing a finished piece of software or hardware to understand its design, function, and internal workings, often without access to original source code.
- Rules engine
- A component of software that executes a set of predefined if-then logic rules; in malware, it determines what action to take when the program detects specific conditions on the target system.
- Epistemological warfare
- A concept describing attacks designed not to destroy systems but to undermine targets' confidence in what they know and trust — attacking the foundations of knowledge rather than physical infrastructure.
- Cyber sabotage
- The use of cyberweapons to deliberately disrupt, damage, or degrade an adversary's physical or digital systems, distinct from cyber espionage which focuses on stealing information.
- SentinelOne
- A publicly traded cybersecurity company that provides AI-powered endpoint security and threat detection services to governments and major corporations.
- NSA (National Security Agency)
- The United States' primary signals intelligence and cybersecurity agency, responsible for global surveillance, cryptanalysis, and both offensive and defensive cyber operations.
- Institute for Science and International Security (ISIS)
- A Washington D.C.-based non-profit think tank that analyzes nuclear non-proliferation issues and has published research on Iranian nuclear scientists' use of specific physics software.
- Fauxhawk
- A hairstyle resembling a mohawk but created by styling the hair upward without shaving the sides; mentioned as a shared aesthetic trait of both Jags and Vitaly.
- Centrifuge
- In nuclear enrichment, a high-speed rotating machine used to separate uranium isotopes; Iran's centrifuges were the primary target of the Stuxnet cyberattack.
- Uranium enrichment
- The process of increasing the concentration of uranium-235 in uranium to levels usable for nuclear fuel or weapons; central to both civilian nuclear power and nuclear weapons development.
- Diabolical
- Fiendishly clever or cruel; used in the episode to describe the psychological cunning of FAST16's design, which exploited human cognitive assumptions rather than just technical vulnerabilities.
- Zen-like
- Having a calm, measured, and unflappable disposition; used to describe Vitaly Kamluk's temperament, making his late-night disturbed call about FAST16 all the more alarming.
Chapter 2 · 01:38
Meet Jags: The Cyber Paleontologist
The hosts explain they sought out Jags to get a window into the invisible cyberwar. Juan Andrés Guerrero Saade — everyone calls him Jags — has a fauxhawk, sleeves of tattoos, and was on track for a philosophy PhD before pivoting to cybersecurity. He describes his role as a 'cyber paleontologist': digging up old malware buried on servers, reverse engineering what top-secret missions they were designed to carry out, and using that knowledge to defend against future attacks. [1] — Juan Andrés Guerrero Saade "Jags reverse-engineers old malware buried deep on servers to understand how hackers got in and what they did — so future attacks can be sto…" 01:59 Jags works at SentinelOne, protecting clients as varied as Samsung, the Golden State Warriors, and the U.S. government. The team notes his work is so significant that pieces based on it sit in the International Spy Museum in Washington, D.C. He jokes that in Jurassic Park terms, he's more Jeff Goldblum than Alan Grant — which, for a chaos-theory aficionado digging up digital dinosaurs, seems about right.
Claims made here
The NSA's malware detection tool listed FAST16 with an unusual instruction: 'nothing to see here, carry on' — unlike all other malware entries which had standard warnings.
Jags reverse-engineers old malware buried deep on servers to understand how hackers got in and what they did — so future attacks can be stopped. His work is significant enough to have pieces displayed at the International Spy Museum in Washington, D.C.
Jags works for SentinelOne, a cybersecurity company that protects major clients including Samsung, the Golden State Warriors, and the U.S. government.
Jags's cyber paleontology research is significant enough that pieces based on his work are displayed at the International Spy Museum in Washington, D.C.
Out of an entire leaked NSA malware list, one entry stood completely apart: 'FAST16, nothing to see here, carry on' — in all caps, with no standard warning or instruction. For cyber paleontologist Jags, this wasn't a dismissal. It was an irresistible invitation.
Chapter 3 · 05:20
The 6-Word Clue: FAST16's Cryptic NSA Listing
The fragment that launched Jags's investigation wasn't even a piece of code — it was just six words from a leaked NSA malware identification list. The tool was designed to help NSA operators in the field determine whether other hackers were already present on a target system. Every other entry had a standard warning: 'known malware, pull back.' Every entry, that is, except one. FAST16's entry simply read, in all caps: 'FAST16, nothing to see here, carry on.' [1] — Juan Andrés Guerrero Saade "Out of an entire leaked NSA malware list, one entry stood completely apart: 'FAST16, nothing to see here, carry on' — in all caps, with no …" 03:35 No warning, no instruction — just a dismissal. For a budding cyber paleontologist, this was pure catnip. Jags rummaged through public malware archives until he located the actual FAST16 code, and began the slow, painstaking work of reconstructing its skeleton. But even after assembling the full structure, its secret mission eluded him — leading to months of what he calls 'cracked-out nights' and residence in 'the Valley of Despair.'
After months of fruitless nights failing to decode FAST16, Jags made a decision most researchers wouldn't: he tattooed 'FAST16, nothing to see here, carry on' on his arm — a permanent reminder of the unsolved mystery he refused to abandon.
The only clue Jags had to FAST16's existence was a single cryptic 6-word line in a leaked NSA malware list: 'FAST16, nothing to see here, carry on.'
Chapter 5 · 09:16
Stuxnet: The Cyberweapon That Changed Everything
Jags explains that Stuxnet, discovered in the late 2000s, effectively created the cybersecurity research industry by proving that large-scale offensive cyberoperations had been happening for years — at a scale far beyond anything researchers had imagined. [1] — Nick Fountain "Before Stuxnet, offensive cyberweapons were theoretical. Then Israel and the U.S. allegedly used malware to make Iran's uranium enrichment …" 09:16 The weapon allegedly infiltrated Iran's centrifuge network via a thumb drive, mapped normal operations, then commanded the machines to spin wildly out of control while feeding false 'all normal' readings to operators. The result: operators heard disturbing noises from the machine room while their screens insisted nothing was wrong. Stuxnet reportedly destroyed about a fifth of Iran's centrifuges, got nuclear scientists fired, and is widely believed to have set back Iran's nuclear program — all without firing a single shot. For Jags, Stuxnet was just 'a tibia': proof that the full skeleton of invisible cyberoperations was far larger and stranger than anyone knew.
Claims made here
Stuxnet's discovery was so significant that it effectively birthed the modern cybersecurity research industry.
Stuxnet was allegedly created and deployed by Israel and the US to target Iran's uranium enrichment centrifuge network.
Stuxnet reportedly destroyed approximately one-fifth of all centrifuges Iran was using for uranium enrichment.
Before Stuxnet, offensive cyberweapons were theoretical. Then Israel and the U.S. allegedly used malware to make Iran's uranium enrichment centrifuges spin themselves to destruction — all while showing normal readings on every computer screen. It destroyed one-fifth of Iran's centrifuges and proved that code could have real-world physical consequences.
The Stuxnet cyberweapon reportedly destroyed approximately one-fifth of all centrifuges Iran was using in its uranium enrichment program.
Jags's colleague Vitaly Kamluk disappeared for two weeks into the FAST16 problem, using AI to verify his reverse engineering. What emerged: FAST16 targeted high-precision floating-point math — a type of calculation no malware had ever targeted before, and the exclusive territory of nuclear physicists.
Chapter 6 · 12:22
AI Breaks the Deadlock: Vitaly Decodes FAST16
Fast forward to the present day: Jags runs a large research team and wonders whether new AI tools could solve what years of human effort couldn't. He assigns the FAST16 problem to Vitaly Kamluk, a Belarusian cybersecurity legend based in Singapore, known for his calm, Zen-like demeanor. [1] — Juan Andrés Guerrero Saade "Jags's colleague Vitaly Kamluk disappeared for two weeks into the FAST16 problem, using AI to verify his reverse engineering. What emerged:…" 12:20 Rather than jump straight to testing the AI, Vitaly first spends nearly two weeks doing the reverse engineering himself — going completely dark, not answering messages — so he'd know whether the AI was getting it right. Then, at around 1am Singapore time, Jags gets a message: 'We need to talk.' Vitaly tells him he's had the AI models double and triple-check his work, and they all agree. The verdict: FAST16 targeted floating-point, high-precision math calculations — a type of operation no malware had ever touched before, and one exclusively associated with complex scientific modeling. Hearing this from the usually unflappable Vitaly, Jags takes it very seriously.
Claims made here
FAST16 was developed in approximately the same mid-2000s era as Stuxnet and shares similar architectural characteristics, though no shared code.
FAST16 is the first piece of malware Jags had ever encountered that targeted floating-point, high-precision mathematical calculations.
Vitaly Kamluk spent approximately two weeks in near-total isolation reverse-engineering FAST16, then used AI models to double and triple-check his findings.
FAST16 was developed around 2005, the same era as Stuxnet, and shares similar architecture though no shared code.
FAST16 is the first piece of malware Jags had ever encountered that specifically targeted floating-point, high-precision mathematical calculations.
Chapter 8 · 18:33
The Software Trail: LSDyna and Nuclear Physics
With the knowledge that FAST16 targeted high-precision math, Jags and Vitaly search old systems for software containing the same strings of bytes embedded in FAST16's rules engine. The results point to complex physics modeling software — the kind used to simulate bridge stress tests or car crash dynamics. [1] — Juan Andrés Guerrero Saade "The string of bytes in FAST16's code matched LSDyna, a physics modeling program. A think tank report revealed that Iranian nuclear scientis…" 18:50 But one software package stands out: LSDyna, short for Livermore Software Dynamic Analysis. When Jags searches for LSDyna online, he stumbles upon a report from the Institute for Science and International Security — 'the good ISIS' — which documents that Iranian nuclear scientists were publicly using LSDyna for calculations involving explosive materials for nuclear payloads. This is the key link: FAST16 was designed to corrupt calculations in the exact software Iranian nuclear scientists were using to design nuclear bombs. Vitaly's initial horror makes sense: this malware could theoretically corrupt any safety-critical engineering calculation — bridges, cars, aircraft — raising profound ethical questions about the limits of cyber sabotage.
Claims made here
Iranian nuclear scientists were using LSDyna software for calculations related to the explosive materials used in nuclear payloads.
The string of bytes in FAST16's code matched LSDyna, a physics modeling program. A think tank report revealed that Iranian nuclear scientists were using LSDyna specifically to simulate explosive materials for nuclear payloads — confirming FAST16's likely target with chilling precision.
FAST16 was designed to corrupt calculations in LSDyna (Livermore Software Dynamic Analysis), a complex physics modeling program used by Iranian nuclear scientists for explosive materials simulations.
Chapter 9 · 23:00
FAST16's Mission Revealed: The Perfect Sabotage
With LSDyna identified as the target, Jags and Vitaly finally obtain a copy of the old software and confirm FAST16's full mission. [1] — Juan Andrés Guerrero Saade "FAST16 hid silently on computers until it detected the specific pressure calculations used to simulate a nuclear explosion. Then it corrupt…" 23:00 The malware was designed to do nothing — absolutely nothing — until it detected the very specific pressure calculations used to simulate a nuclear explosion. At that critical threshold, and only then, it would alter the mathematics just enough to produce wrong answers. The true genius was in the propagation: FAST16 spread from machine to machine and produced the exact same wrong answer on every one. [2] — Juan Andrés Guerrero Saade "FAST16 didn't just corrupt one machine — it spread computer to computer and gave the exact same wrong answer on every one. That coherence w…" 23:25 If a scientist suspected one computer and switched to another, they'd get the same result — and conclude the problem was human error, not malware. Jags describes it as 'right math, wrong answer, right formula, wrong answer, over and over everywhere you go.' The psychological damage was the point: scientists and their supervisors would doubt human competence long before suspecting sabotage. Jags and Vitaly publicly announced their findings in April 2025.
Claims made here
FAST16 was designed to activate only when it detected specific pressure calculations consistent with simulating a nuclear explosion.
FAST16 was designed to spread from computer to computer and produce the exact same wrong answer on every machine it infected.
Jags and Vitaly announced FAST16 as a major cyberweapon in April 2025.
FAST16 hid silently on computers until it detected the specific pressure calculations used to simulate a nuclear explosion. Then it corrupted the math just enough to produce consistently wrong answers — on every machine, every time. Scientists would blame themselves long before suspecting their computers.
FAST16 would stay dormant until it detected very specific pressure calculations consistent with simulating a nuclear explosion, only then corrupting the math.
FAST16 didn't just corrupt one machine — it spread computer to computer and gave the exact same wrong answer on every one. That coherence was the point: the sabotage looked like human error, not malware. Scientists would doubt themselves before they'd doubt their computers.
FAST16 spread from computer to computer and gave the exact same wrong answer on every machine, making it nearly impossible for scientists to detect the sabotage.
Jags and Vitaly were finally able to announce FAST16 as a major cyberweapon in April of 2025, years after Jags first encountered the cryptic NSA listing.
Chapter 10 · 26:04
Unanswered Questions: Who, Where, and Why 'Carry On'?
Despite their breakthrough, Jags and the Planet Money team are left with three enduring mysteries. First: was Iran definitely the target? North Korea also had active nuclear ambitions in the mid-2000s, but Jags is confident the circumstantial evidence all points to Iran — no similar cyber sabotage has ever been documented against anyone else in that era. Second: who built it? It has Stuxnet-like fingerprints — widely attributed to the US and Israel — but no one has confirmed this. Planet Money reached out to the NSA, CIA, and Israeli Defense Forces; none confirmed, none denied, and the IDF never responded. Jags's own check-in with the intelligence community before publication met no resistance — which he reads as confirmation that 20-year-old secrets don't need protecting. Third: why did the NSA write 'nothing to see here, carry on' about FAST16 in their own detection tool? Was it a genuine misdirection to protect an allied operation? A wink from the agency? One day, declassification may answer all three.
Claims made here
The NSA, CIA, and Israeli Defense Forces all declined to confirm or deny involvement with FAST16 when contacted by Planet Money and Jags.
The NSA's own malware detection tool included FAST16 — but instead of a standard 'pull back' warning, it simply said 'nothing to see here, carry on.' The agency apparently didn't deny authorship to Jags either, reportedly signaling: this is 20-year-old history, not a secret worth protecting now.
When contacted, the NSA, CIA, and Israeli Defense Forces all declined to confirm or deny involvement with FAST16; the IDF never responded at all.
Chapter 11 · 28:15
Epistemological Warfare: Attacking the Foundations of Certainty
Nick Fountain asks Jags whether 'epistemological warfare' is the right framing for what FAST16 did. Jags — who was once heading toward a philosophy PhD — takes the bait. [1] — Juan Andrés Guerrero Saade "Certainty isn't coherent deduction — it's a background assumption that lets you function. FAST16 weaponized that assumption, forcing scient…" 28:15 He explains that certainty isn't a product of careful deduction; it's a background assumption that lets us function at all. If you questioned every step — whether the floor will hold you, whether the train is safe — you'd be paralyzed. FAST16 weaponized that assumption, forcing scientists to question their results, their methods, and ultimately themselves. The episode closes with a vivid anecdote: Jags and Vitaly, riding a driverless train in Singapore on their way to present their FAST16 research at a hacker conference, when Vitaly notes that this is exactly the kind of system FAST16-style malware could degrade. There'd been a train collision recently. Officials said no cyberattack was involved. Jags and Vitaly glanced at each other and said, 'Well, as far as we know.' The people who understand cyber threats best are also the least able to trust anything.
Certainty isn't coherent deduction — it's a background assumption that lets you function. FAST16 weaponized that assumption, forcing scientists to question not just their results but their own competence. Jags, a philosophy dropout turned hacker, calls this 'epistemological warfare.'
FAST16's most diabolical feature was psychological — it made Iranian nuclear scientists doubt their own competence rather than suspect their computers were compromised.
On a driverless train in Singapore, Vitaly pointed out this was exactly the kind of system FAST16-style malware could degrade. There'd been a collision recently. Officials said no cyberattack was involved. Jags and Vitaly looked at each other and said: 'Well, as far as we know.'
No indexed bits in this chapter.
Show stoppers
Snapshots ()
Key Quotes ()
This episode
Cast
-
Belarusian cybersecurity researcher based in Singapore who reverse-engineered FAST16 using AI tools and made the breakthrough discovery of its nuclear targeting.
-
The U.S. National Security Agency, whose leaked malware detection tool contained the cryptic FAST16 listing that launched Jags's investigation.
-
Washington D.C. think tank whose report revealed Iranian nuclear scientists were using LSDyna for nuclear explosive material calculations, providing a key link in the FAST16 investigation.
-
Track
Cybersecurity company where Jags works as a security researcher, protecting clients including Samsung, the Golden State Warriors, and the U.S. government.
-
US intelligence agency contacted by Planet Money about FAST16; declined to confirm or deny involvement.
-
Israeli military organization contacted by Planet Money about FAST16; never responded to inquiries.
-
The mysterious cyberweapon at the center of the episode — a piece of malware that targeted high-precision math calculations in Iranian nuclear scientists' computers.
-
The predecessor cyberweapon allegedly deployed by the US and Israel against Iran's uranium enrichment centrifuges in the mid-2000s, widely credited with slowing Iran's nuclear program.
-
Physics simulation software (Livermore Software Dynamic Analysis) that FAST16 was designed to corrupt, reportedly used by Iranian nuclear scientists for explosive materials calculations.
-
The primary suspected target of FAST16, whose nuclear development program has been at the center of decades of conflict with the US and Israel.
-
Widely reported co-developer of Stuxnet with the US; suspected but unconfirmed co-creator of FAST16.
-
Location of the US-Iran ceasefire negotiations mentioned in the episode's framing of the current conflict context.
-
Washington D.C. museum where exhibits based on Jags's cyber paleontology work are displayed.
-
Mentioned as an alternative possible target of FAST16, given North Korea's active nuclear and missile program in the same mid-2000s era.
Stats
This episode
Claims & Sources
Factual claims made this episode, and whether a source was named.
Stuxnet reportedly destroyed approximately one-fifth of all centrifuges Iran was using for uranium enrichment.
Stuxnet was allegedly created and deployed by Israel and the US to target Iran's uranium enrichment centrifuge network.
FAST16 is the first piece of malware Jags had ever encountered that targeted floating-point, high-precision mathematical calculations.
FAST16 was developed in approximately the same mid-2000s era as Stuxnet and shares similar architectural characteristics, though no shared code.
Iranian nuclear scientists were using LSDyna software for calculations related to the explosive materials used in nuclear payloads.
FAST16 was designed to activate only when it detected specific pressure calculations consistent with simulating a nuclear explosion.
FAST16 was designed to spread from computer to computer and produce the exact same wrong answer on every machine it infected.
The NSA's malware detection tool listed FAST16 with an unusual instruction: 'nothing to see here, carry on' — unlike all other malware entries which had standard warnings.
Jags and Vitaly announced FAST16 as a major cyberweapon in April 2025.
The NSA, CIA, and Israeli Defense Forces all declined to confirm or deny involvement with FAST16 when contacted by Planet Money and Jags.
Stuxnet's discovery was so significant that it effectively birthed the modern cybersecurity research industry.
Jags has work based on his cyber paleontology research displayed at the International Spy Museum in Washington, D.C.
Connect
Parsed- Planet Money: A Guide to the Econom…
- NPR Privacy Policy npr.org/about-npr/17987…
- pcm.adswizz.com (data collection in… pcm.adswizz.com
- n.pr n.pr/3HlREPz
- lnk.to lnk.to/i3AukBdD
- n.pr n.pr/3zrFvUB
- npr.org npr.org/newsletter/indi…
- n.pr n.pr/3FqLuws
- n.pr n.pr/3sGZdrq
- lnk.to lnk.to/iCVDaW3C
- n.pr n.pr/3h92GwS