Fast16 and the War of Perception

Fast16 · Cyberwar · Surveillance · Control Infrastructure

Fast16 intervened in memory during execution, not on disk files. The alteration was invisible to standard verification tools.

Fast16: How Does the Malware Work?

Fast16 did not modify files on disk. That is the first thing to understand, and the most counterintuitive: a piece of code that does not touch the program it infects. It waited for the software to be loaded into memory, then intervened in real time during execution, using a 101-rule byte-level hook engine to rewrite calculations as they ran. The result on screen showed insufficient pressures. The simulation indicated that the chain reaction would not ignite. The test appeared to fail.

The actual physics, meanwhile, may have told a very different story.

The framework dates to 2005. The discovery came in 2026, twenty years later. For nearly two decades it lay dormant in a file on VirusTotal, catalogued but not understood. Juan Andrés Guerrero-Saade of SentinelOne found it in 2019; it took artificial intelligence to decipher what it was designed to do. The code was built to resist human comprehension: its embedded Lua virtual machine predated the first Flame samples by three years and anticipated Stuxnet by at least five. What we consider the dawn of offensive cyberwarfare was already underway — quietly, methodically — while academic debate was still trying to define what a cyberweapon even was.

What Is Fast16? Two Architectures of Deception

The parallel with Stuxnet is illuminating precisely in its differences. Stuxnet accelerated Iranian centrifuges beyond their safety limits while feeding operators data showing everything was normal: physical destruction disguised as regular operation. Fast16 reversed the direction of the trick — it left devices intact and convinced engineers they were failing when they may have been succeeding.

Kim Zetter, in the definitive account of Stuxnet, reconstructs how the operation required a level of knowledge of the Natanz facility that could only have come from human intelligence on the ground. Fast16 adds a further layer: whoever wrote the code knew enough about warhead physics to calibrate an activation threshold on uranium density under implosion. The domains used as command-and-control servers for Stuxnet were registered in November 2005; by early 2006 a proof-of-concept test was conducted in the United States and the results presented to President Bush, who authorized the operation. If Fast16 was already active in the same time window — and the evidence suggests it was — the two operations were not parallel: they were components of the same campaign.

The Thread to the NSA

In 2016 and 2017, the Shadow Brokers collective published archives stolen from the Equation Group, an advanced persistent threat actor with documented ties to the NSA. Among the leaked files: a document called “drv_list.txt” — nearly 250 KB of drivers designed for APT attacks. Inside that list: the string “fast16.” The PDB path connects the 2017 leak to a multi-modal Lua vector module compiled in 2005 and, ultimately, to its stealth payload: a kernel driver engineered for precision sabotage.

Fast16 arrived with three distinct payloads: Lua bytecode to handle configuration, propagation, and coordination logic; an auxiliary ConnotifyDLL; and the kernel driver fast16.sys. Designed to elevate itself as a service, deploy the kernel implant, and propagate through the Service Control Manager to network servers with weak or default credentials — in the Windows 2000/XP environment of the era.

“Astounding,” in the words of Vikram Thakur of Symantec, the level of expertise required to build something like this in 2005. The word is accurate but incomplete. The true astonishment is not technical: it is that an implant of this sophistication lay in a public archive for twenty years before anyone understood what it was.

Three-layer architecture: Lua for logic, auxiliary DLL, kernel driver for in-memory sabotage. Source: SentinelOne Research.

Fast16: Computational Mimicry

Orchids of the genus Ophrys produce no nectar. They chemically mimic the pheromones of certain bee species’ females, inducing males to land on the flower in an attempt to mate. Pollen is transferred. The bee gains nothing. The system works because the false signal is indistinguishable from the real one: not by signal quality, but because the receiving system has no access to the original source against which to compare it.

Fast16 operated on the same logic. The code did not hack uranium. It produced a false signal at the data level, engineered to be indistinguishable from the real signal within the perceptual system it was targeting: an engineer in front of a screen, with access to the simulations but not to the physics those simulations were supposed to represent.

Baudrillard wrote in 1981 that the map precedes the territory, that representation substitutes for the real until the real itself ceases to be the reference point. Fast16 is the technical demonstration of that thesis. Paul Virilio, in the same years, theorized the transfer of modern military control from the management of physical space to the management of perception — “logistics of perception”: the capacity to control what the enemy sees determines the outcome of the conflict before the conflict takes place. Fast16 is this theory applied to a nuclear physics laboratory. Not cyberwar in the sense the term commonly evokes — blackouts, system disruption, infrastructure destruction — but logistics of perception applied to science.

The Anatomy of Invisible Control

Natanz was a closed system, physically isolated, staffed by specialized operators, governed by rigid protocols and multiple redundancies. Yet Fast16 moved through it and manipulated its engineers’ perception for years, because the system’s complexity was simultaneously its operational strength and its epistemic vulnerability: no engineer could hold the entire system state in their head, and all of them had to trust the measurement tools. Altering the perceived reality of competent operators, from within systems they trust completely, without their awareness, is the most sophisticated form of control available.

The major contemporary data aggregators — Google, Meta, Amazon AWS, Microsoft Azure, Palantir, biometric platforms, large language models — are systems of complexity orders of magnitude greater than a nuclear facility. No human being comprehends their full state, including their own engineers. Every operator must trust the dashboards, internal metrics, and measurement tools the system itself produces. A sufficiently complex system cannot be verified from within; the question that remains suspended is who controls the controllers when the controllers are already part of the controlled system.

Clearview AI has built a database of over 50 billion facial images extracted without explicit consent from public platforms; analogous systems operate in China through urban surveillance networks, in the UAE through airport infrastructure. The specific vulnerability is not data theft: it is the corruption of training models. An actor who systematically introduced false associations into a training dataset could produce targeted misidentifications, invisible to operators because they are consistent with the model’s internal logic. This is not a hypothetical risk: facial recognition systems already document significantly higher error rates on dark-skinned women than on light-skinned men. Nobody programmed that discrimination. It emerged from the data.

When a recommendation algorithm decides which news you see, which contacts appear most often, which posts reach your network and which do not, it is modifying your perception of reality with the same operational structure Fast16 used to modify uranium pressure data. The operator believes they have direct access to the system. In reality, they are operating on a representation built to maximize metrics that were never disclosed to them, by an actor they cannot see, for objectives that do not coincide with their own. Approximately 70% of global cloud computing is concentrated in three private companies subject to US jurisdiction and security agency requests through the CLOUD Act. A government seeking access to a foreign organization’s AWS data does not need to hack AWS. The parallel with Fast16 is direct: the compromise is not visible from outside, the system functions normally, the data appears intact. The difference is that this is not an attack: it is the architecture.

Fast16: The Normalization of the Invisible

Augmented reality headsets — Apple Vision Pro, Meta Quest, Microsoft’s enterprise platforms — and brain-computer interface systems such as Neuralink represent a further layer of mediation: not between the user and information, but between the user and perceived physical reality. Fast16 modified the simulation. These systems modify what you see through the visor you are wearing. The logic is identical; the proximity to the body is radically different.

The problem common to all these layers is that none of them, taken individually, appears as a control system. Each has a functional justification that sounds reasonable: biometrics simplify access, algorithmic curation improves relevance, AI models automate complex decisions, cloud computing reduces infrastructure costs. The logic of Fast16 applied to data infrastructures is not intuitively dangerous: it seems normal, everyday, inevitable. And it is precisely this normalization of the invisible that makes covert control through macro-data infrastructures structurally different from any other form of power we have learned to recognize.

Twenty Years of Silence

Fast16 was discovered in 2026. For nearly twenty years it lay in a public archive, accessible to anyone who had known what to look for. For years before the discovery, a group of engineers worked on simulations whose outputs were silently false. They did not know. They could not have known: the code modified data in memory without touching files on disk, and verifying it would have required running independent calculations on a completely separate, uninfected system — at a time when no one knew there was anything to verify.

If a sabotage system designed in 2005 can lie dormant for twenty years in a public archive before being identified for what it is, the question that remains open concerns the active systems of right now: the models on which we build diagnoses, risk assessments, digital identities, financial decisions, mediated social relationships. How many of these systems are processing data that someone, somewhere, has already modified in memory — without touching files on disk — waiting for the density to cross the right threshold?

Post scriptum

Fast16 was identified by Juan Andrés Guerrero-Saade of SentinelOne in 2019, but its nature and purpose were not understood until 2026, with the support of AI-assisted analysis tools. For nearly two decades the file had remained on VirusTotal — a public platform — catalogued but undeciphered. The discovery required the combination of specialized human expertise and computational capacity that did not exist in 2005, when the code was written.

The code predated Flame by three years and Stuxnet by at least five. This means the architecture of modern offensive cyberwarfare did not begin with Stuxnet, as is commonly told: it was already operational, and no one knew.

Watch on YouTube ↗