But if the timestamps were accurate, it would mean the attackers had held the malicious code in reserve for three to six years while the United States waited to see how the diplomacy game with Iran played out, then pulled out the code only in 2006 when it was clear that negotiations and sanctions had failed.
