A MARTÍNEZ, HOST:
In the effort to keep Iran from obtaining a nuclear weapon, there is what we see and what we can only guess at. The latest visible sign is the preliminary agreement between the U.S. and Iran. It says Iran will not procure or develop nuclear weapons - a goal that Iran maintains it isn't seeking. Nick Fountain from our Planet Money podcast reports on the unseen part of the conflict, involves a cybersecurity researcher who found a computer virus.
NICK FOUNTAIN, BYLINE: His name is Juan Andres Guerrero-Saade, but people call him JAGS. He's a vice president of a cybersecurity firm called SentinelOne. And for an executive at a company that has lots of federal contracts, he has a lot of tattoos, including one related to this cyber weapon he uncovered.
JUAN ANDRES GUERRERO-SAADE: Fast16 has been on the back of my arm for a while now.
FOUNTAIN: You got it tattooed?
GUERRERO-SAADE: Oh, yeah.
FOUNTAIN: The cyber weapon is called Fast16, and it dates to the mid-2000s, though JAGS first found reference to it much later in a leak of suspected NSA tools. He and a colleague tried to figure out what it was meant to do, and recently, they had a breakthrough. They figured out Fast16 messed with the part of the computer that deals with math.
GUERRERO-SAADE: The really, really details-based, hard calculation stuff that most of the time you never deal with.
FOUNTAIN: But why? He couldn't figure out who the tool was designed to target.
GUERRERO-SAADE: Who is running high-precision calculations back in 2005, doing something so interesting that it got somebody to build a super-specific custom piece of malware to modify and mess with their workloads? Everything about this thing screams special.
FOUNTAIN: Then JAGS found a snippet of the malware in some software having to do with complex physics modeling. And when he looked into that software...
GUERRERO-SAADE: Something that I run into right away is this report by the Good ISIS.
FOUNTAIN: The Good ISIS?
GUERRERO-SAADE: That's what they call themselves. I don't know what ISIS stands for. It's some kind of think tank. The Good ISIS. Institute for something...
FOUNTAIN: Something. Yeah, yeah, yeah.
GUERRERO-SAADE: ...Or other.
FOUNTAIN: Stands for the Institute for Science and International Security. And their report mentioned that Iranian nuclear scientists have been using this software that Fast16, the malware, was targeting. So JAGS got his hands on an obscure piece of physics software from decades ago...
Did you pay for it?
GUERRERO-SAADE: No. You can't buy it.
FOUNTAIN: (Laughter).
GUERRERO-SAADE: You can't just buy it.
FOUNTAIN: ...And found, the malware does this very specific thing. It changes the math of a very specific kind of calculations in this very specific software - calculations having to do with, like, making bombs, meaning the malware's coders knew about nuclear physics. The other thing the virus did is spread to other computers on the network.
GUERRERO-SAADE: The idea being that if I come to this computer and I run this simulation workload and go, hey, those results don't look right, let's go try this other computer, and you go and you run it in the other one, that too will give you the right wrong answer.
FOUNTAIN: The exact same wrong answer.
GUERRERO-SAADE: Exactly. So the idea was to drive these people nuts.
FOUNTAIN: There are still many unknowns about Fast16. Who did it? The CIA and NSA declined to comment, and the Israeli Defense Forces did not respond to our inquiry. Who it was aimed at? North Korea also had a nuclear program at the time. And finally, if it changed the course of history. Nevertheless, JAGS is pretty satisfied because his decoding lets us get a peek into the invisible cyberwar.
Was it worth the wait?
GUERRERO-SAADE: Oh, absolutely.
FOUNTAIN: Nick Fountain, NPR News.
(SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
