Can computer hackers get inside your mind?

Sometimes about really big things, but most times, the little mysteries are the best.

“Our lost and found is currently filled with pants. I don't know what I've never seen this happen.”

This is true. This is true. Mysteries of every size each week, this American life, wherever you get your podcasts. On Friday, if all goes according to plan, representatives from the U.S. and Iran will meet in Geneva to sign a another 60-day ceasefire agreement. But the two sides still have not come to an agreement on what's been at the heart of this war.

And that gates of conflict, Iran's development of nuclear weapons.

Right. This conflict has been on again, off again, for years.

And while the most recent iteration has been very violent with bombs and blockades, there is a whole other almost entirely invisible war that the U.S. and allies have been waging with Iran. Using cyber-espinage, or more accurately cyber-sabotage, you know, computer viruses malware. Recently, we heard a story about a piece of malware that might have been used in this invisible war. That was diabolically cunning.

Because it exploited weaknesses in computers, yes, but also maybe in the human psyche.

“The more I think about it, the more I think this must have driven people insane.”

But it also might have saved the world from nuclear destruction. We heard about this hack from someone whose job it is to identify computer hacks that could be a threat to all of us. What's your name? What do you do? My name is Juan Andres Guerrero Sade, which is why everybody calls me Jacks. J-A-D-S, Jacks, his initials are shorter and cooler.

Yeah, actually, he is a pretty cool guy. He's got a faux hawks, sleaze of tattoos. He was on track to go get a PhD in philosophy, but now I'm a security researcher, where I think would be the simplest term. I think some folks would say cyber-paleontologist. Cyber-paleontologist, like he digs for the remnants of cyber attacks. Jacks works for a cyber security company called Sentinel-1.

It helps big companies like Samsung and the Golden State Warriors and the government protect their computers and networks. Yeah, hacking is a whole industry. And defending against hacks is this whole other industry. Jacks just so happens to have the Radist job of all, which is dusting off old malware files,

buried deep on servers, and reverse engineering how hackers got into systems in the first place.

And what they did when they got there. So we can figure out how to defend against similar attacks in the future. And Jacks is kind of a big deal. There are actually a couple of pieces in the international spy museum in DC based on his cyber-paleontology work. This is a little crude, but in the Jurassic Park movie, which is paleontologist or you, as long as you don't immediately

“default the Jeff Goldblum and I was going to go Jeff Goldblum. I think that he is like a chaos theory”

mathematicians. Which I think fits the bill, right? I want the hell, though. I actually know about paleontology. Right. We met up with Jacks because we wanted to get a peek into the invisible war because Jacks has made a stunning discovery of a highly specialized, highly sophisticated cyber weapon. Often these weapons don't even get detected. If they do, it's not usually until years later. When someone like Jacks comes across an old fragment and tries to reconstruct what top secret

mission the weapon was designed to carry out. For Jacks, the fragment he found wasn't even a piece of code. It was just six words. It came from a leaked list of malware from the NSA. Yeah, the list came from this tool the NSA had meant to help NSA operators, while they were hacking into some computer and enemy territory, figure out whether some other hacker was already there. And if so, whether they were friends or foes, essentially it'll run all these

checks and it's going to give the operators a list of instructions of saying hey, look suspicious thing here. We don't know what that is. No malware pulled back. Like little warning signs. And this was a budding cyber paleontologists dream. Each piece of malware on that list had the potential to teach you so much about how the world's top hackers were in the job done. And maybe one would turn out to be an incredibly sophisticated cyber weapon.

start digging into. And one item screamed, look here. There's one just one line that's like

completely different to all the other ones. Okay. And it's just as fast 16, nothing to see here, carry on in all caps. That's it. There's nothing else like it. Fast 16 was what the NSA was calling the malware. And he cryptic instruction the agency was giving its operators. Not seek help or pull back. Simply nothing to see here carry on. You can't put that there. Like it was like catnip. Right. They felt like bait. We couldn't let it go. I couldn't let it go. He didn't let it go. He

had to know what this thing was. What did it do? What was its target? The NSA seemed to know about it,

“but who made it? And what was so top, top, top secret that the NSA was resorting to”

Jedi mind tricks to try to keep its own people in the dark. At this point, Jags just had the name of this malware. Fast 16, just a tibia. But he was able to use that to dig up the rest of the bones. Basically he rummaged around this like public library of suspected malware until he found it. And eventually he was able to put together the pieces of the skeleton that is fast 16. But still when he tried to reverse engineer it to understand what its secret mission

was, he couldn't. I worked these like cracked out nights and very often I'll run into something.

I'm like, oh my god, I found this amazing thing. And then by the morning you're like,

no, this doesn't work. We call this the value of despair. Oh yes, I have built a home in the

“value of despair. I'm in the process of gentrifying the value of despair. If any of you would like to”

join me there. After many, many fruitless nights, weeks, months, Jags had to turn to other projects and had to put fast 16 down. But to remind him of what was not solved, he ain't fast 16 on his skin forever. Fast 16 has been on the back of my arm firm. You got a tattooed? Oh yeah, I'd wear his fast 16. It's here. You can see fast 16 and nothing to see here. Nothing to see here carry on.

Hello and welcome to play the money. I'm Nick Fountain. And I'm Eric O'Barris.

Today on the show, nothing to see here carry on. Yeah, Jags sets out to solve the mystery of fast 16. And finds a cyber weapon with the potential to chip away at our very grasp of reality. Every episode of it's been a minute, NPR's What's Happening in Culture Podcast starts by asking three questions. Who? How? Why now? If the culture's asking it, we're talking about it. At NPR, we stand for your right to be curious and indulge your cultural curiosity. Follow it's been a

minute wherever you get your podcasts and we'll break down the zeitgeistie topics that are

“filling your feed. So, what was this mysterious piece of malware that was so secret that the”

NSA was using Jedi mind tricks to try to keep their people away from it? And so enticing that security researchers, or at least one over caffeinated keyboard wielding security researcher, got it tattooed on his tricep. Theoretical tricep, yes. Jags said researcher was pretty blocked, but he knew he had to keep at it because he had a hunch that fast 16 might reveal important details about that invisible side of the conflicts we read about every day. Like back when security

researchers discovered a cyber sabotage operation that blew everyone's mind. It was called Stuxnet. Yes, Stuxnet is kind of the mother of all cyber sabotage operations. In many ways, my industry is birthed by the discovery of Stuxnet. For those not familiar, Stuxnet was this absolutely bonkers hacking operation that reportedly slowed down Iran's nuclear program back in the mid-2000s. And to hear Jags describe it, it totally redefined what was possible.

So, before Stuxnet, if you went to these anti-virus conferences with a lot of fun, gals and guides, the possibility of cyber espionage was discussed as that, as a possibility. It was theoretical. It was theoretical. They were like, "Be cool. This might be happening." Yeah, you're like, "There's no way people won't. There's value there, of course." And then, you know, Stuxnet is discovered and you realize not only has this been happening

for years. What had been happening was that Israel and the U.S. allegedly had used cyber weapons

to destroy real world physical things. They did this by managing to get a thumb drive into Iran and inserting malware into the computer network at the heart of their uranium enrichment program, the system that controlled the centrifuges. And Stuxnet was very, very clever. It spread throughout the network and carefully noted how everything looked when it was working

“normally. Save that. And then, gave the centrifuges instructions to go, "Hey, why are?”

speeding up and slowing down and breaking?" All while making everything in the computer system look,

"Okay, look normal." So, the operators are hearing that these things are like making these

weird noises, they're spinning up, they sound like, it sounds like things aren't going well in this room next door, but I'm looking at the computer and the computer tells me everything's normal. All in all, Stuxnet reportedly destroyed a fifth of all the centrifuges that Iran was using. It led to nuclear scientists getting fired. And most importantly, it is widely believed to have slow-down Iran's nuclear program. And to the cyber paleontologists of the world, like Jags, when the

bones of Stuxnet were dug up, they revealed this whole new age of cyber warfare. But, Jags

“always believed that Stuxnet was just a hint of what was out there. Just a tibia.”

Clearly, we didn't even know about all the different things they were doing.

So, year after year, Jags remained committed to figuring out his white whale, figuring out the puzzle of Fast 16. Who made it? Who were they targeting? What exactly were they doing to that target? And how? But, he didn't make much progress until earlier this year for a very this year reason. AI. Yeah, here's why. Jags had a big team of researchers at his cyber security firm. And, like, everyone else these days, he was wondering, could these new AI tools

help us in our jobs? Could they do our jobs? Could they do a job that was so hard even I, Jags couldn't do it. Could they solve the puzzle that is Fast 16? There is no public guide to solving it. If it's going to figure it out, it's going to have to figure it out just in this little sandbox with a few tools and go, alright, kid, like, what can you do? Jags sent a colleague to oversee these AI tests. That colleague was Vitali Camlook, a Belarusian cyber security researcher,

who also has a foe hawk. He lives in Singapore and according to Jags, is very zen-like. Jags has Vitali, like, any self-respecting human, he decided to John Henry style try to beat the machines. I, being put in that position, would have said, "Cool, let's go make the AI sweat." And Vitali being a much more patient, send, master, style dude. He said, "Well, if I'm going to know if it's doing well, I need to know what this thing

does." And Vitali spent like two weeks in a black dark hole somewhere, not answering messages, nothing. I was like, "Is this guy okay? What happened to Vitali?" And all of a sudden, I get a message from Vitali. Super late, but I guess, for him. Yeah, yeah, it was like one AM or so. He's like, "Hey, man, like, I need to talk." Jeffs, yeah, we need to talk. This, of course, is Vitali,

“come look reverse engineering legend. He describes you as zen-like. Do you think that's fair?”

Zen-like. Yeah. Does it make me more peaceful and simple? I hope so, but on this call, he was not very zen-like. Vitali said he'd done the reverse engineering. And he'd had the AI models double and triple check his work. And now, Jack says, he seemed pretty disturbed. He's like, look, I need you to test me here, but like, all the models at least agree with me, so I now need to talk to a human being. This is stuck in that like. And I hear that kind of nonsense from students.

Right, like, you know, I hear this kind of, I'm like a lightning rod, anybody in the industry is a lightning rod for like DMs from people clearly having like schizophrenia episodes, well, like the government spying on me. So you hear this kind of stuff all the time. When you hear it from Vitali, who's a very measured person, it makes you take pause. Are you okay? What are you talking about? What do you mean? Vitali explained, from the same era, the mid-2000s. And even though

out what exactly Fast 16's mission was. Only that it targeted the part of a computer that did

“complex math. Think of it as like floating point math, like the really, really,”

details based hard calculation stuff that most of the time you never deal with. And I can

never run into a piece of malware that does that. Jack says he's never seen malware that messed with high precision math. Most spy malware is designed to steal data, or like in Stuxnet make things go haywire. But this one was basically telling the computer to plus two equals five. So at this point, Jack's had found Fast 16 buried in a cyber library based on a hunch that it was something to pay attention to. And Vitali had confirmed it was because who messes with math? And maybe more importantly,

whose math were they messing with? Who is running high precision calculations back in 2005 doing something so interesting that it got somebody to build a super specific custom piece of malware to modify and mess with their workloads. Everything about this thing screams special,

“like it screams unique, it screams groundbreaking. And I think what's most excruciating about it is that”

the mystery won't yield. Like you're just kind of have to keep pushing and say, okay, why? After the break? Okay, I guess we're back to the trenches of like, okay, how do we nail this thing? Jack's put all the pieces together.

This week, on our first from NPR News, President Trump is at the G7 in France, and is supposed to

sign a piece deal with Iran. That deal, if it happens, is planned, will let big effects in the global economy and more. And we will track the changes as they unfold. On a week of major G7, geopolitical news, listen to up first every morning on the NPR app or wherever you get your podcasts. So, Jags and Vitali, still separated by a 12 hour time difference, set out to answer their next question. Who's math was fast 16 designed to target? And pretty quickly, they come upon a major

clue by looking at a rules engine embedded in fast 16's code, like a list of instructions, basically, if then rules. If fast 16 sees something happen on the computer, then it goes, oh, I've recognized this thing. What was my rule engine say? Oh, if I find this string, then I need to change these six bytes into these six other bytes. If I find this thing, then I need to set this thing back into whatever the old value was. If I find this thing right,

but what the hell do those six bytes represent? So, this start scanning old systems and software from way back in the day looking for those strings of bytes. Jags says it was like looking through a mathematicians' notebook of scribbles for a particular string of numbers, which is not easy, and it's not like old code just exists out in the wild. But eventually, they do find a few pieces of software that contain some of those same strings of six bytes, which all had to do with complex

physics modeling. Like how to design a car that'll crumple safely when it crashes, or a bridge that will withstand an earthquake. For Vitali, the idea that someone was targeting calculations that were supposed to keep us safe was incredibly disturbing. Like, do they have limits, reading? Like, it's just a new type of evil ideas. I felt that the target was scientists, civil engineers, corrupt their calculation results, and that would eventually produce risks for

lives of others. So, I will terrified. Like, why would people do that? Very soon, they had a breakthrough

that kind of answered the question. Jags was searching out for one of those pieces of software. It's called LS Dyna, sort of for Livermore software dynamic analysis. Something that I run into

“right away, as I'm looking up LS Dyna, is this report by the Good ISIS? That's what they call”

themselves. I don't know what ISIS stands for. It's some kind of think tank. The Good ISIS Institute for some time, something or other. And the Good ISIS has this report saying, if you look back at this research that Iranian scientists have been publicly putting out, you can see that they were using software that they shouldn't have been using. They knew that these guys had this piece of

the right explosive materials for nuclear payloads. In other words, this documentation from the Institute of Science and International Security seemed to suggest that the software fast 16 was supposed to mess with was being used by Iranian nuclear scientists to maybe design nuclear bombs. So that was the software that the fast 16 malware was likely targeting. Telling it, if you find these bytes, change them to these other ones. But why change those specific bytes? What would

change the math in the software achieved? To solve that part of the puzzle, they had to get their hands on that software. The Iranian scientists were using. A very bespoke piece of physics

“modeling software released decades ago. Very much not on the App Store. Did you pay for it?”

No, you can't buy it. You can't just buy it. And moreover, people don't love it when you're like, hey, do you happen to have a copy of your software from 21 years ago? I'm like, why? Don't worry about it. Don't worry about it. Just, you know, so you got to get your hands on this thing somehow. And Jackson Patelie did. And what they found was that fast 16 was designed to hide in scientists

computers and do nothing. Basically, to keep watch, to wait for LS Dyna to get installed.

At that point, it would stay lowkey until it saw the computer doing these very specific tests that only someone developing a nuclear warhead would be doing. Had to do with the pressure calculations to simulate a nuclear explosion. And that is when Fass 16 would do its mayhem. At the point, when the engineers got near the pressure they needed, Fass 16 would throw those calculations off by changing the math. The old two plus two equals five trick. And furthermore, it was designed to spread

from computer to computer. The idea being that if you, if I come to this computer and I run this simulation workload and go, hey, those results don't look right. Let's go try this other computer and you go and you run it in the other one, that too will give you the right wrong answer. The exact same wrong, exactly. So the idea was to drive these people nuts, like you go and like it's right math wrong answer. Right formula wrong answer over and over everywhere.

You go and you probably don't know that it's wrong until you then go and try to do another thing with it and you go damn it. This thing is not working. It's devious. The cunning of this attack

“is truly fascinating because at some point, I think before you ever consider that the computers are”

wrong, you almost certainly look at these scientists, run go, maybe you guys are clowns, maybe you guys don't know what the hell you're doing. Jags and Vatali were flabbergasted by the sophistication and the technical prowess of this malware from decades ago, not just the Cody parts, but also the deep knowledge of nuclear physics. And after so many late nights of being

haunted by Fast 16, Jags and Vatali were finally able to announce an April of this year that

Fast 16, which they'd started looking into on a hunch, was indeed a major cyber weapon. Whose mission seemed like it was to sabotage Iran's nuclear development program? Was it worth the wait? Absolutely. I mean, walking around with this like bag of open questions, right? Yeah, there are still some unknowns. Number one, we don't know definitively that this was targeting Iran. For example, North Korea also had nuclear ambitions at that time. You look back, you go,

well, North Korea was having a whole lot of problems with their missile program back then. We don't know where all of these things were being used. We just know of one target that they

“definitely use. This kind of stuff against, which is Iran. You're that confident?”

No, look, let's, let's put it a different way, right? We've never, ever, ever, ever, ever heard of anybody doing this kind of cyber sabotage anywhere for anything other than the Iranian nuclear program in the same era as when Fast 16 is developed. Thing number two, we don't know. Who did this? It has echoes of Stuxnet, which is widely reported to have been deployed by the US and Israel, but when we reached out to the NSA and the CIA and the Israeli Defense Forces and asked them,

was Fast 16 you? They didn't deny it. They didn't confirm it either. Yeah, that's true, too.

The idea we've never got back to us and the other said basically, sorry, but we have nothing

do you reach out to the US and Israeli intelligence community and ask them, are we going to blow your cover? Yeah, but I won't go too far into that, right? Like most of the time, we are good

“collaborators and good friends. Do these meetings happen in person? Was there any pushback this time?”

No. Meaning, we're not worried about you blowing our cover. You weird paleontologists. This

stuff is 20 years old. Right. And the third thing we don't know is why the NSA wrote in

reference to Fast 16. The instructions. Nothing to see here. Carry on. Was that like with a wink? One day, when this stuff is declassified, we might get an answer to all three of those questions. But we're much less likely to figure out. Did Fast 16 change history? Jack says he's sure was deployed because he couldn't have found it otherwise. But like, did it slow down Iran's or someone's nuclear program? Did it bring them to the bargaining table?

Yeah, did it prevent nuclear war? And the last enduring mystery? How did Fast 16 mess with the

minds of the scientists who encountered it? Like I have this picture in my head of the nuclear

scientists in Iran, working on this project of intense national significance. Presumably, their boss's boss was constantly giving updates to Iran's president, Diatola. And these scientists would have been doing their experiments, right? And then infuriatingly, getting the wrong answer is epistemological warfare. What you would call this? I if I had called it that, they would have said, I was just being pretentious. I wouldn't have allowed myself that as a repentant philosopher.

“Yeah, but as a repentant philosopher. Yeah, sure. I think epistemological warfare is”

a fascinating way to frame it. Break that out a little before me. Well, I think the

we take for granted how much we take for granted. Certainty, people think that certainty is a matter of coherent deduction. That somehow you're sitting here and you have this perfect cohesive worldview. That's not actually how it works. That's not how anything works. If you questioned everything in your life, you would be paralyzed. If you questioned that when you get out of bed, you don't know if like the floor is going to hold you, right? You wouldn't be able to function.

Jags told us about an interaction he recently had with Vitali. That kind of brings this home. They were in Singapore where Vitali lives on their way to a hacker conference to present their fast 16 research. He gets us on a train and he goes, oh, look, it's a driverless train. The train

“just, you know, and I can't remember, we were talking about something to do with Fast 16. He stops”

and he goes, I mean, this is precisely the kind of system that you would degrade with this kind of attack. You know, there was a collision and they said there was no cyber attack involved, and then we look at each other and we go, you know, you kind of shrug and you go, well, as far as we know, right? What I find fascinating is that these experts who spend their lives staring at computers, who know their capabilities more than anyone are also some of the most skeptical people when it

comes to trusting computers. Does that ever get to you? No. No, I don't know. I'm telling you, man, I'm not wired quite the right way. To me, questioning everything does seem paralyzing, but they seem well-attuned to life in the computer age, life in the time of epistemological warfare. If you are an intelligence operative who has info on a clandestine operation and want to tell me about it, you can reach me at, you know, who am I kidding? You know, at a 5D. And if you live

outside the United States, we also need your help. For a planet money summer school, we are scouring the world for the most interesting, surprising economic ideas that should spread. Think, like, a different way to do taxes, a mega project that came in under budget. Somehow rent is cheap. Get in touch and tell us about an idea the world should know about. Email us at planet [email protected] and put summer school in the subject. We might use your idea on the podcast.

This episode was produced by Willa Rubin and edited by Marian McEugh. It was fact-checked by Charlotte Isidor, an engineer by Quasit Lee. Alex Goldmark is our executive producer. Special thanks to the

Kim Zetter, who wrote the definitive book about Stuxnet, and David Allbright of, and I can't

“believe I'm saying this, the good Isis. Which now I know stands for the Institute for Science and”

International Security. Jack says the podcast with also a funny name. It's called the three buddy

pro. I'm Nick Fountain. And I'm Erica Barris. This is NPR. Thanks for listening.

“Every story from shortwave and pure science podcast starts with a question. Like why do we have”

nightmares? How does AI affect my energy bill? At NPR we are here for your right to be curious

about the world around you. Follow shortwave wherever you get your podcast because the more you ask, the more interesting the world gets.