In the realm of state-sponsored hacking, cyber operations range from destructive "wiper" attacks to sophisticated malware like **Stuxnet**. Now, researchers have uncovered another chapter: **Fast16**, a 21-year-old malware capable of tampering with research and engineering software to sow mayhem undetectably. ### SentinelOne's Breakthrough **Vitaly Kamluk** and **Juan Andrés Guerrero-Saade**, researchers from **SentinelOne**, revealed a breakthrough in understanding **Fast16**. This code's purpose had remained elusive since its existence was revealed in an **NSA** leak in 2017. The researchers have now reverse-engineered the code, dating it back to 2005 and attributing its creation to the US government or an ally. ### How Fast16 Works **Fast16** spreads across networks and subtly manipulates computation processes in software used for high-precision mathematical calculations and physical simulations. By altering the results, it can cause failures ranging from faulty research to catastrophic damage. "It focuses on making slight alterations to these calculations so that they lead to failures—very subtle ones, perhaps not immediately apparent. Systems might wear out faster, collapse, or crash, and scientific research could yield incorrect conclusions, potentially causing serious harm,” says **Kamluk**. He and **Guerrero-Saade** will present their findings at **Black Hat Asia** in Singapore. ### Potential Targets Analysis suggests **Fast16** could tamper with software like **Modelo Hidrodinâmico (MOHID)**, Chinese construction engineering software **PKPM**, and **LS-DYNA**. The latter, originally created at **Lawrence Livermore National Laboratory**, is used in modeling various phenomena. ### Targeting Iran? Researchers point to evidence suggesting **LS-DYNA** was used by Iranian scientists in research related to its nuclear weapons program. According to the **Institute for Science and International Security**, the software can model physics problems related to nuclear weapons research. This raises the possibility that **Fast16** was used in the mid-2000s to subvert Iran's nuclear ambitions, potentially as a predecessor to **Stuxnet**, deployed as part of the **NSA** and Israel's **Unit 8200**'s **Olympic Games** program. "It's not beyond the pale that what we're looking at is an early predecessor to Olympic Games. It fits the bill, right?” says **Guerrero-Saade**. ### Rewriting Cyber History **Thomas Rid**, director of the **Alperovitch Institute for Cybersecurity Studies** at **Johns Hopkins University**, notes that this analysis rewrites the history of state-sponsored hacking. "It means that deceptive sabotage operations have been part of the cyber playbook from much earlier than we thought, perhaps even from the beginning," says **Rid**. "And it also looks like they were much stealthier than we understood." ### The Shadow Brokers Leak The existence of **Fast16** came to light in April 2017 after the **Shadow Brokers** leaked a collection of **NSA** tools. One tool, **Territorial Dispute**, appeared designed to help **NSA** operators avoid conflicts with other hacking operations. This tool listed malware specimens, including **Fast16**, with instructions on when to "pull back" to avoid detection.