Imam Sajjad Duaa in Bidding Farewell to the Month of Ramadan Kareem by Br. Aftab Haider - Urdu
Imam Sajjad-s Duaa (suplication/prayer)in Bidding Farewell to the Month of Ramadan Kareem by Br. Syed Aftab Haider Naqvi at Al-Haadi Musalla Toronto Urdu.....English version of His...
Imam Sajjad-s Duaa (suplication/prayer)in Bidding Farewell to the Month of Ramadan Kareem by Br. Syed Aftab Haider Naqvi at Al-Haadi Musalla Toronto Urdu.....English version of His Supplication in Bidding Farewell to the Month of Ramadan
1 O God, O He who desires no repayment!
2 O He who shows no remorse at bestowal!
3 O He who rewards not His servant tit for tat!
4 Thy kindness is a new beginning, Thy pardon gratuitous bounty, Thy punishment justice, Thy decree a choice for the best!
5 If Thou bestowest, Thou stainest not Thy bestowal with obligation, and if Thou withholdest, Thou withholdest not in transgression.
6 Thou showest gratitude to him who thanks Thee, while Thou hast inspired him to thank Thee.
7 Thou rewardest him who praises Thee, while though Thou hast taught him Thy praise.
8 Thou coverest him whom, if Thou willed, Thou wouldst expose, and Thou art generous toward him from whom, if Thou willed, Thou wouldst withhold. Both are worthy of Thy exposure and withholding, but Thou hast founded Thy acts upon gratuitous bounty, channelled Thy power into forbearance,
9 received him who disobeyed Thee with clemency, and disregarded him who intended wrongdoing against himself. Thou awaitest their turning back without haste and refrainest from rushing them toward repentance, so that the perisher among them may not perish because of Thee and the wretched may not be wretched through Thy favour, but only after Thy prolonged excusing him and successive arguments against him, as an act of generosity through Thy pardon, O Generous, and an act of kindliness through Thy tenderness, O Clement!
10 It is Thou who hast opened for Thy servants a door to Thy pardon, which Thou hast named "repentance". Thou hast placed upon that door a pointer from Thy revelation, lest they stray from it: Thou hast said (blessed are Thy names), Repent toward God with unswerving repentance! It may be that Thy Lord will acquit of your evil deeds and will admit you into gardens beneath which rivers flow,
11 upon the day when God will not degrade the Prophet and those who have faith along with him, their light running before them and on their right hands, and they say: "Our Lord, complete for us our light, and forgive us! Surely Thou art powerful over everything." What is the excuse of him who remains heedless of entering that house after the opening of the door and the setting up of the pointer?
12 It is Thou who hast raised the price against Thyself to the advantage of Thy servants, desiring their profit in their trade with Thee, their triumph through reaching Thee, and their increase on account of Thee, for Thou hast said (blessed is Thy Name and high art Thou exalted), Whoso brings a good deed shall have ten the like of it, and whoso brings an evil deed shall only be recompensed the like of it.
13 Thou hast said, The likeness of those who expend their wealth in the way of God is as the likeness of a grain of corn that sprouts seven ears, in every ear a hundred grains; so God multiplies unto whom He wills. Thou hast said, Who is he that will lend to God a good loan, and He will multiply it for him manifold? And Thou hast sent down in the Qur"an similar verses on the multiplying of good deeds.
14 It is Thou who hast pointed them through Thy speech from Thy Unseen and Thy encouragement in which lies their good fortune toward that which - hadst Thou covered it from them - their eyes would not have perceived, their ears would not have heard, and their imaginations would not have grasped, for Thou hast said, Remember Me and I will remember you be thankful to Me, and be you not thankless towards Me! Thou hast said, If you are thankful, surely I will increase you, but if you are thankless, My chastisement is surely terrible;
15 And Thou hast said, Supplicate Me and I will respond to you, surely those who wax too proud to worship Me shall enter Gehennam utterly abject. Hence Thou hast named supplicating Thee "worship" and refraining from it "waxing proud", and Thou hast threatened that the refraining from it would yield entrance into Gehennam in utter abjection.
16 So they remember Thee for Thy kindness, they thank Thee for Thy bounty, they supplicate Thee by Thy command, and they donate for Thee in order to seek Thy increase; in all this lies their deliverance from Thy wrath and their triumph through Thy good pleasure.
17 Were any creature himself to direct another creature to the like of that to which Thou Thyself hast directed Thy servants, he would be described by beneficence, qualified by kindness, and praised by every tongue. So to Thee belongs praise as long as there is found a way to praise Thee and as long as there remains for praising words by which Thou may be praised and meanings which may be spent in praise!
18 O He who shows Himself praiseworthy to His servants through beneficence and bounty, flooding them with kindness and graciousness! How much Thy favour has been spread about among us, Thy kindness lavished upon us, and Thy goodness singled out for us!
19 Thou hast guided us to Thy religion which Thou hast chosen, Thy creed with which Thou art pleased, and Thy path which Thou hast made smooth, and Thou hast shown us proximity to Thee and arrival at Thy generosity!
20 O God, among the choicest of those duties and the most special of those obligations Thou hast appointed the month of Ramadan, which Thou hast singled out from other months, chosen from among all periods and eras, and preferred over all times of the year through the Qur"an and the Light which Thou sent down within it, the faith which Thou multiplied by means of it, the fasting which Thou obligated therein, the standing in prayer which Thou encouraged at its time, and the Night of Decree which Thou magnified therein, the night which is better than a thousand months.
21 Through it Thou hast preferred us over the other communities and through its excellence Thou hast chosen us to the exclusion of the people of the creeds. We fasted by Thy command in its daylight, we stood in prayer with Thy help in its night, presenting ourselves by its fasting and its standing to the mercy which Thou hast held up before us, and we found through it the means to Thy reward. And Thou art full of what is sought from Thee, munificent with what is asked of Thy bounty, and near to him who strives for Thy nearness.
22 This month stood among us in a standing place of praise, accompanied us with the companionship of one approved, and profited us with the most excellent profit of the world"s creatures. Then it parted from us at the completion of its time, the end of its term, and the fulfilment of its number.
23 So we bid farewell to it with the farewell of one whose parting pains us, whose leaving fills us with gloom and loneliness, and to whom we have come to owe a safeguarded claim, an observed inviolability, and a discharged right. We say: Peace be upon thee, O greatest month of God! O festival of His friends!
24 Peace be upon thee, O most noble of accompanying times! O best of months in days and hours!
25 Peace be upon thee, month in which expectations come near and good works are scattered about!
26 Peace be upon thee, comrade who is great in worth when found and who torments through absence when lost, anticipated friend whose parting gives pain!
27 Peace be upon thee, familiar who brought comfort in coming, thus making happy, who left loneliness in going, thus giving anguish!
28 Peace be upon thee, neighbour in whom hearts became tender and sins became few!
29 Peace be upon thee, helper who aided against Satan, companion who made easy the paths of good-doing!
30 Peace be upon thee - How many became freedmen of God within thee! How happy those who observed the respect due to thee!
31 Peace be upon thee - How many the sins thou erased! How many the kinds of faults thou covered over!
32 Peace be upon thee - How drawn out wert thou for the sinners! How awesome wert thou in the hearts of the faithful!
33 Peace be upon thee, month with which no days compete!
34 Peace be upon thee, month which is peace in all affairs!
35 Peace be upon thee, thou whose companionship is not disliked, thou whose friendly mixing is not blamed!
36 Peace be upon thee, just as thou hast entered upon us with blessings and cleansed us of the defilement of offenses!
37 Peace be upon thee - Thou art not bid farewell in annoyance nor is thy fasting left in weariness! font face=arial size=3>
38 Peace be upon thee, object of seeking before thy time, object of sorrow before thy passing!
39 Peace be upon thee - How much evil was turned away from us through thee! How much good flowed upon us because of thee!
40 Peace be upon thee and upon the Night of Decree which is better than a thousand months!
41 Peace be upon thee - How much we craved thee yesterday! How intensely we shall yearn for thee tomorrow!
42 Peace be upon thee and upon thy bounty which has now been made unlawful to us and upon thy blessings gone by which have now been stripped away from us!
43 O God, we are the people of this month. Through it Thou hast ennobled us and given us success because of Thy kindness, while the wretched are ignorant of its time. Made unlawful to them is its bounty because of their wretchedness.
44 Thou art the patron of the knowledge of it by which Thou hast preferred us, and its prescribed practices to which Thou hast guided us. We have undertaken, through Thy giving success, its fasting and its standing in prayer, but with shortcomings, and we have performed little of much.
45 O God, so to Thee belongs praise, in admission of evil doing and confession of negligence, and to Thee belongs remorse firmly knitted in our hearts and seeking of pardon sincerely uttered by our tongues. Reward us, in spite of the neglect that befell us in this month, with a reward through which we may reach the bounty desired from it and win the varieties of its craved stores!
46 Make incumbent upon us Thy pardon for our falling short of Thy right in this month and make our lives which lie before us reach the coming month of Ramadan! Once Thou hast made us reach it, help us perform the worship of which Thou art worthy, cause us to undertake the obedience which Thou deservest, and grant us righteous works that we may fulfil Thy right in these two months of the months of time.
47 O God, as for the small and large sins which we have committed in this our month, the misdeeds into which we have fallen, and the offenses which we have earned purposefully or in forgetfulness, wronging ourselves thereby or violating the respect due to others, bless Muhammad and his Household, cover us over with Thy covering, pardon us through Thy pardoning, place us not before the eyes of the gloaters because of that, stretch not toward us the tongues of the defamers, and employ us in that which will alleviate and expiate whatever Thou disapprovest from us within it through Thy clemency which does not run out, and Thy bounty which does not diminish!
48 O God, bless Muhammad and his Household, redress our being afflicted by our month, bless us in this day of our festival and our fast-breaking, make it one of the best of days that have passed over us, the greatest in attracting Thy pardon, and the most effacing toward sins, and forgive us our sins, both the concealed and the public!
49 O God, with the passing of this month make us pass forth from our offenses, with its departure make us depart from our evil deeds, and appoint us thereby among its most felicitous people, the most plentiful of them in portion, and the fullest of them in share!
50 O God, when any person observes this month as it should be observed, safeguards its inviolability as it should be safeguarded, attends to its bounds as they should be attended to, fears its misdeeds as they should be feared, or seeks nearness to Thee with any act of nearness-seeking which makes incumbent upon him Thy good pleasure and bends toward him Thy mercy, give to us the like [of that] from Thy wealth and bestow it upon us in multiples through Thy bounty, for Thy bounty does not diminish, Thy treasuries do not decrease but overflow, the mines of Thy beneficence are not exhausted, and Thy bestowal is the bestowal full of delight!
51 O God, bless Muhammad and his Household and write for us the like of the wages of him who fasted in it or worshipped Thee within it until the Day of Resurrection!
52 O God, we repent to Thee in our day of fast-breaking, which Thou hast appointed for the faithful a festival and a joy and for the people of Thy creed a time of assembly and gathering, from every misdeed we did, ill work we sent ahead, or evil thought we secretly conceived, the repentance of one who does not harbour a return to sin and who afterwards will not go back to offense, an unswerving repentance rid of doubt and wavering. So accept it from us, be pleased with us, and fix us within it!
53 O God, provide us with fear of the threatened punishment and yearning for the promised reward, so that we may find the pleasure of that for which we supplicate Thee and the sorrow of that from which we seek sanctuary in Thee!
54 And place us with Thee among the repenters, those upon whom Thou hast made Thy love obligatory and from whom Thou hast accepted the return to obeying Thee! O Most Just of the just!
55 O God, show forbearance toward our fathers and our mothers and all the people of our religion, those who have gone and those who will pass by, until the Day of Resurrection!
56 O God, bless our prophet Muhammad and his Household, as Thou hast blessed Thy angels brought nigh, bless him and his Household, as Thou hast blessed Thy prophets sent out, bless him and his Household, as Thou hast blessed Thy righteous servants - and better than that, O Lord of the worlds! - a blessing whose benediction will reach us, whose benefit will attain to us, and through which our supplication may be granted! Thou art the most generous of those who are beseeched, the most sufficient of those in whom confidence is had, the most bestowing of those from whom bounty is asked, and Thou art powerful over everything!
More...
Description:
Imam Sajjad-s Duaa (suplication/prayer)in Bidding Farewell to the Month of Ramadan Kareem by Br. Syed Aftab Haider Naqvi at Al-Haadi Musalla Toronto Urdu.....English version of His Supplication in Bidding Farewell to the Month of Ramadan
1 O God, O He who desires no repayment!
2 O He who shows no remorse at bestowal!
3 O He who rewards not His servant tit for tat!
4 Thy kindness is a new beginning, Thy pardon gratuitous bounty, Thy punishment justice, Thy decree a choice for the best!
5 If Thou bestowest, Thou stainest not Thy bestowal with obligation, and if Thou withholdest, Thou withholdest not in transgression.
6 Thou showest gratitude to him who thanks Thee, while Thou hast inspired him to thank Thee.
7 Thou rewardest him who praises Thee, while though Thou hast taught him Thy praise.
8 Thou coverest him whom, if Thou willed, Thou wouldst expose, and Thou art generous toward him from whom, if Thou willed, Thou wouldst withhold. Both are worthy of Thy exposure and withholding, but Thou hast founded Thy acts upon gratuitous bounty, channelled Thy power into forbearance,
9 received him who disobeyed Thee with clemency, and disregarded him who intended wrongdoing against himself. Thou awaitest their turning back without haste and refrainest from rushing them toward repentance, so that the perisher among them may not perish because of Thee and the wretched may not be wretched through Thy favour, but only after Thy prolonged excusing him and successive arguments against him, as an act of generosity through Thy pardon, O Generous, and an act of kindliness through Thy tenderness, O Clement!
10 It is Thou who hast opened for Thy servants a door to Thy pardon, which Thou hast named "repentance". Thou hast placed upon that door a pointer from Thy revelation, lest they stray from it: Thou hast said (blessed are Thy names), Repent toward God with unswerving repentance! It may be that Thy Lord will acquit of your evil deeds and will admit you into gardens beneath which rivers flow,
11 upon the day when God will not degrade the Prophet and those who have faith along with him, their light running before them and on their right hands, and they say: "Our Lord, complete for us our light, and forgive us! Surely Thou art powerful over everything." What is the excuse of him who remains heedless of entering that house after the opening of the door and the setting up of the pointer?
12 It is Thou who hast raised the price against Thyself to the advantage of Thy servants, desiring their profit in their trade with Thee, their triumph through reaching Thee, and their increase on account of Thee, for Thou hast said (blessed is Thy Name and high art Thou exalted), Whoso brings a good deed shall have ten the like of it, and whoso brings an evil deed shall only be recompensed the like of it.
13 Thou hast said, The likeness of those who expend their wealth in the way of God is as the likeness of a grain of corn that sprouts seven ears, in every ear a hundred grains; so God multiplies unto whom He wills. Thou hast said, Who is he that will lend to God a good loan, and He will multiply it for him manifold? And Thou hast sent down in the Qur"an similar verses on the multiplying of good deeds.
14 It is Thou who hast pointed them through Thy speech from Thy Unseen and Thy encouragement in which lies their good fortune toward that which - hadst Thou covered it from them - their eyes would not have perceived, their ears would not have heard, and their imaginations would not have grasped, for Thou hast said, Remember Me and I will remember you be thankful to Me, and be you not thankless towards Me! Thou hast said, If you are thankful, surely I will increase you, but if you are thankless, My chastisement is surely terrible;
15 And Thou hast said, Supplicate Me and I will respond to you, surely those who wax too proud to worship Me shall enter Gehennam utterly abject. Hence Thou hast named supplicating Thee "worship" and refraining from it "waxing proud", and Thou hast threatened that the refraining from it would yield entrance into Gehennam in utter abjection.
16 So they remember Thee for Thy kindness, they thank Thee for Thy bounty, they supplicate Thee by Thy command, and they donate for Thee in order to seek Thy increase; in all this lies their deliverance from Thy wrath and their triumph through Thy good pleasure.
17 Were any creature himself to direct another creature to the like of that to which Thou Thyself hast directed Thy servants, he would be described by beneficence, qualified by kindness, and praised by every tongue. So to Thee belongs praise as long as there is found a way to praise Thee and as long as there remains for praising words by which Thou may be praised and meanings which may be spent in praise!
18 O He who shows Himself praiseworthy to His servants through beneficence and bounty, flooding them with kindness and graciousness! How much Thy favour has been spread about among us, Thy kindness lavished upon us, and Thy goodness singled out for us!
19 Thou hast guided us to Thy religion which Thou hast chosen, Thy creed with which Thou art pleased, and Thy path which Thou hast made smooth, and Thou hast shown us proximity to Thee and arrival at Thy generosity!
20 O God, among the choicest of those duties and the most special of those obligations Thou hast appointed the month of Ramadan, which Thou hast singled out from other months, chosen from among all periods and eras, and preferred over all times of the year through the Qur"an and the Light which Thou sent down within it, the faith which Thou multiplied by means of it, the fasting which Thou obligated therein, the standing in prayer which Thou encouraged at its time, and the Night of Decree which Thou magnified therein, the night which is better than a thousand months.
21 Through it Thou hast preferred us over the other communities and through its excellence Thou hast chosen us to the exclusion of the people of the creeds. We fasted by Thy command in its daylight, we stood in prayer with Thy help in its night, presenting ourselves by its fasting and its standing to the mercy which Thou hast held up before us, and we found through it the means to Thy reward. And Thou art full of what is sought from Thee, munificent with what is asked of Thy bounty, and near to him who strives for Thy nearness.
22 This month stood among us in a standing place of praise, accompanied us with the companionship of one approved, and profited us with the most excellent profit of the world"s creatures. Then it parted from us at the completion of its time, the end of its term, and the fulfilment of its number.
23 So we bid farewell to it with the farewell of one whose parting pains us, whose leaving fills us with gloom and loneliness, and to whom we have come to owe a safeguarded claim, an observed inviolability, and a discharged right. We say: Peace be upon thee, O greatest month of God! O festival of His friends!
24 Peace be upon thee, O most noble of accompanying times! O best of months in days and hours!
25 Peace be upon thee, month in which expectations come near and good works are scattered about!
26 Peace be upon thee, comrade who is great in worth when found and who torments through absence when lost, anticipated friend whose parting gives pain!
27 Peace be upon thee, familiar who brought comfort in coming, thus making happy, who left loneliness in going, thus giving anguish!
28 Peace be upon thee, neighbour in whom hearts became tender and sins became few!
29 Peace be upon thee, helper who aided against Satan, companion who made easy the paths of good-doing!
30 Peace be upon thee - How many became freedmen of God within thee! How happy those who observed the respect due to thee!
31 Peace be upon thee - How many the sins thou erased! How many the kinds of faults thou covered over!
32 Peace be upon thee - How drawn out wert thou for the sinners! How awesome wert thou in the hearts of the faithful!
33 Peace be upon thee, month with which no days compete!
34 Peace be upon thee, month which is peace in all affairs!
35 Peace be upon thee, thou whose companionship is not disliked, thou whose friendly mixing is not blamed!
36 Peace be upon thee, just as thou hast entered upon us with blessings and cleansed us of the defilement of offenses!
37 Peace be upon thee - Thou art not bid farewell in annoyance nor is thy fasting left in weariness! font face=arial size=3>
38 Peace be upon thee, object of seeking before thy time, object of sorrow before thy passing!
39 Peace be upon thee - How much evil was turned away from us through thee! How much good flowed upon us because of thee!
40 Peace be upon thee and upon the Night of Decree which is better than a thousand months!
41 Peace be upon thee - How much we craved thee yesterday! How intensely we shall yearn for thee tomorrow!
42 Peace be upon thee and upon thy bounty which has now been made unlawful to us and upon thy blessings gone by which have now been stripped away from us!
43 O God, we are the people of this month. Through it Thou hast ennobled us and given us success because of Thy kindness, while the wretched are ignorant of its time. Made unlawful to them is its bounty because of their wretchedness.
44 Thou art the patron of the knowledge of it by which Thou hast preferred us, and its prescribed practices to which Thou hast guided us. We have undertaken, through Thy giving success, its fasting and its standing in prayer, but with shortcomings, and we have performed little of much.
45 O God, so to Thee belongs praise, in admission of evil doing and confession of negligence, and to Thee belongs remorse firmly knitted in our hearts and seeking of pardon sincerely uttered by our tongues. Reward us, in spite of the neglect that befell us in this month, with a reward through which we may reach the bounty desired from it and win the varieties of its craved stores!
46 Make incumbent upon us Thy pardon for our falling short of Thy right in this month and make our lives which lie before us reach the coming month of Ramadan! Once Thou hast made us reach it, help us perform the worship of which Thou art worthy, cause us to undertake the obedience which Thou deservest, and grant us righteous works that we may fulfil Thy right in these two months of the months of time.
47 O God, as for the small and large sins which we have committed in this our month, the misdeeds into which we have fallen, and the offenses which we have earned purposefully or in forgetfulness, wronging ourselves thereby or violating the respect due to others, bless Muhammad and his Household, cover us over with Thy covering, pardon us through Thy pardoning, place us not before the eyes of the gloaters because of that, stretch not toward us the tongues of the defamers, and employ us in that which will alleviate and expiate whatever Thou disapprovest from us within it through Thy clemency which does not run out, and Thy bounty which does not diminish!
48 O God, bless Muhammad and his Household, redress our being afflicted by our month, bless us in this day of our festival and our fast-breaking, make it one of the best of days that have passed over us, the greatest in attracting Thy pardon, and the most effacing toward sins, and forgive us our sins, both the concealed and the public!
49 O God, with the passing of this month make us pass forth from our offenses, with its departure make us depart from our evil deeds, and appoint us thereby among its most felicitous people, the most plentiful of them in portion, and the fullest of them in share!
50 O God, when any person observes this month as it should be observed, safeguards its inviolability as it should be safeguarded, attends to its bounds as they should be attended to, fears its misdeeds as they should be feared, or seeks nearness to Thee with any act of nearness-seeking which makes incumbent upon him Thy good pleasure and bends toward him Thy mercy, give to us the like [of that] from Thy wealth and bestow it upon us in multiples through Thy bounty, for Thy bounty does not diminish, Thy treasuries do not decrease but overflow, the mines of Thy beneficence are not exhausted, and Thy bestowal is the bestowal full of delight!
51 O God, bless Muhammad and his Household and write for us the like of the wages of him who fasted in it or worshipped Thee within it until the Day of Resurrection!
52 O God, we repent to Thee in our day of fast-breaking, which Thou hast appointed for the faithful a festival and a joy and for the people of Thy creed a time of assembly and gathering, from every misdeed we did, ill work we sent ahead, or evil thought we secretly conceived, the repentance of one who does not harbour a return to sin and who afterwards will not go back to offense, an unswerving repentance rid of doubt and wavering. So accept it from us, be pleased with us, and fix us within it!
53 O God, provide us with fear of the threatened punishment and yearning for the promised reward, so that we may find the pleasure of that for which we supplicate Thee and the sorrow of that from which we seek sanctuary in Thee!
54 And place us with Thee among the repenters, those upon whom Thou hast made Thy love obligatory and from whom Thou hast accepted the return to obeying Thee! O Most Just of the just!
55 O God, show forbearance toward our fathers and our mothers and all the people of our religion, those who have gone and those who will pass by, until the Day of Resurrection!
56 O God, bless our prophet Muhammad and his Household, as Thou hast blessed Thy angels brought nigh, bless him and his Household, as Thou hast blessed Thy prophets sent out, bless him and his Household, as Thou hast blessed Thy righteous servants - and better than that, O Lord of the worlds! - a blessing whose benediction will reach us, whose benefit will attain to us, and through which our supplication may be granted! Thou art the most generous of those who are beseeched, the most sufficient of those in whom confidence is had, the most bestowing of those from whom bounty is asked, and Thou art powerful over everything!
Cracking Stuxnet - A 21st-century cyber weapon against Iran - Ralph Langner - English
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and...
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
The idea behind the Stuxnet computer worm is actually quite simple. We don't want Iran to get the Bomb. Their major asset for developing nuclear weapons is the Natanz uranium enrichment facility. The gray boxes that you see, these are real-time control systems. Now if we manage to compromise these systems that control drive speeds and valves, we can actually cause a lot of problems with the centrifuge. The gray boxes don't run Windows software; they are a completely different technology. But if we manage to place a good Windows virus on a notebook that is used by a maintenance engineer to configure this gray box, then we are in business. And this is the plot behind Stuxnet.
So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed -- mission accomplished. That's easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems. So that got our attention, and we started a lab project where we infected our environment with Stuxnet and checked this thing out. And then some very funny things happened. Stuxnet behaved like a lab rat that didn't like our cheese -- sniffed, but didn't want to eat. Didn't make sense to me. And after we experimented with different flavors of cheese, I realized, well, this is a directed attack. It's completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it's trying to infect is actually running on that target. And if not, Stuxnet does nothing.
So that really got my attention, and we started to work on this nearly around the clock, because I thought, well, we don't know what the target is. It could be, let's say for example, a U.S. power plant, or a chemical plant in Germany. So we better find out what the target is soon. So we extracted and decompiled the attack code, and we discovered that it's structured in two digital bombs -- a smaller one and a bigger one. And we also saw that they are very professionally engineered by people who obviously had all insider information. They knew all the bits and bites that they had to attack. They probably even know the shoe size of the operator. So they know everything.
And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about -- round about 15,000 lines of code. Looks pretty much like old-style assembly language. And I want to tell you how we were able to make sense out of this code. So what we were looking for is first of all is system function calls, because we know what they do.
And then we were looking for timers and data structures and trying to relate them to the real world -- to potential real world targets. So we do need target theories that we can prove or disprove. In order to get target theories, we remember that it's definitely hardcore sabotage, it must be a high-value target, and it is most likely located in Iran, because that's where most of the infections had been reported. Now you don't find several thousand targets in that area. It basically boils down to the Bushehr nuclear power plant and to the Natanz fuel enrichment plant.
So I told my assistant, "Get me a list of all centrifuge and power plant experts from our client base." And I phoned them up and picked their brain in an effort to match their expertise with what we found in code and data. And that worked pretty well. So we were able to associate the small digital warhead with the rotor control. The rotor is that moving part within the centrifuge, that black object that you see. And if you manipulate the speed of this rotor, you are actually able to crack the rotor and eventually even have the centrifuge explode. What we also saw is that the goal of the attack was really to do it slowly and creepy -- obviously in an effort to drive maintenance engineers crazy, that they would not be able to figure this out quickly.
The big digital warhead -- we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can't overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match.
And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure. So again, that was a real good match. And this gave us very high confidence for what we were looking at. Now don't get me wrong here, it didn't go like this. These results have been obtained over several weeks of really hard labor. And we often went into just a dead-end and had to recover.
Anyway, so we figured out that both digital warheads were actually aiming at one and the same target, but from different angles. The small warhead is taking one cascade, and spinning up the rotors and slowing them down, and the big warhead is talking to six cascades and manipulating valves. So in all, we are very confident that we have actually determined what the target is. It is Natanz, and it is only Natanz. So we don't have to worry that other targets might be hit by Stuxnet.
Here's some very cool stuff that we saw -- really knocked my socks off. Down there is the gray box, and on the top you see the centrifuges. Now what this thing does is it intercepts the input values from sensors -- so for example, from pressure sensors and vibration sensors -- and it provides legitimate code, which is still running during the attack, with fake input data. And as a matter of fact, this fake input data is actually prerecorded by Stuxnet. So it's just like from the Hollywood movies where during the heist, the observation camera is fed with prerecorded video. That's cool, huh?
The idea here is obviously not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea is to circumvent a digital safety system. We need digital safety systems where a human operator could not act quick enough. So for example, in a power plant, when your big steam turbine gets too over speed, you must open relief valves within a millisecond. Obviously, this cannot be done by a human operator. So this is where we need digital safety systems. And when they are compromised, then real bad things can happen. Your plant can blow up. And neither your operators nor your safety system will notice it. That's scary.
But it gets worse. And this is very important, what I'm going to say. Think about this. This attack is generic. It doesn't have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don't have -- as an attacker -- you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments. We have to face the consequences, and we better start to prepare right now.
Thanks.
(Applause)
Chris Anderson: I've got a question. Ralph, it's been quite widely reported that people assume that Mossad is the main entity behind this. Is that your opinion?
Ralph Langner: Okay, you really want to hear that? Yeah. Okay. My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that's the United States -- fortunately, fortunately. Because otherwise, our problems would even be bigger.
CA: Thank you for scaring the living daylights out of us. Thank you Ralph.
(Applause)
More...
Description:
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
The idea behind the Stuxnet computer worm is actually quite simple. We don't want Iran to get the Bomb. Their major asset for developing nuclear weapons is the Natanz uranium enrichment facility. The gray boxes that you see, these are real-time control systems. Now if we manage to compromise these systems that control drive speeds and valves, we can actually cause a lot of problems with the centrifuge. The gray boxes don't run Windows software; they are a completely different technology. But if we manage to place a good Windows virus on a notebook that is used by a maintenance engineer to configure this gray box, then we are in business. And this is the plot behind Stuxnet.
So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed -- mission accomplished. That's easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems. So that got our attention, and we started a lab project where we infected our environment with Stuxnet and checked this thing out. And then some very funny things happened. Stuxnet behaved like a lab rat that didn't like our cheese -- sniffed, but didn't want to eat. Didn't make sense to me. And after we experimented with different flavors of cheese, I realized, well, this is a directed attack. It's completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it's trying to infect is actually running on that target. And if not, Stuxnet does nothing.
So that really got my attention, and we started to work on this nearly around the clock, because I thought, well, we don't know what the target is. It could be, let's say for example, a U.S. power plant, or a chemical plant in Germany. So we better find out what the target is soon. So we extracted and decompiled the attack code, and we discovered that it's structured in two digital bombs -- a smaller one and a bigger one. And we also saw that they are very professionally engineered by people who obviously had all insider information. They knew all the bits and bites that they had to attack. They probably even know the shoe size of the operator. So they know everything.
And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about -- round about 15,000 lines of code. Looks pretty much like old-style assembly language. And I want to tell you how we were able to make sense out of this code. So what we were looking for is first of all is system function calls, because we know what they do.
And then we were looking for timers and data structures and trying to relate them to the real world -- to potential real world targets. So we do need target theories that we can prove or disprove. In order to get target theories, we remember that it's definitely hardcore sabotage, it must be a high-value target, and it is most likely located in Iran, because that's where most of the infections had been reported. Now you don't find several thousand targets in that area. It basically boils down to the Bushehr nuclear power plant and to the Natanz fuel enrichment plant.
So I told my assistant, "Get me a list of all centrifuge and power plant experts from our client base." And I phoned them up and picked their brain in an effort to match their expertise with what we found in code and data. And that worked pretty well. So we were able to associate the small digital warhead with the rotor control. The rotor is that moving part within the centrifuge, that black object that you see. And if you manipulate the speed of this rotor, you are actually able to crack the rotor and eventually even have the centrifuge explode. What we also saw is that the goal of the attack was really to do it slowly and creepy -- obviously in an effort to drive maintenance engineers crazy, that they would not be able to figure this out quickly.
The big digital warhead -- we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can't overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match.
And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure. So again, that was a real good match. And this gave us very high confidence for what we were looking at. Now don't get me wrong here, it didn't go like this. These results have been obtained over several weeks of really hard labor. And we often went into just a dead-end and had to recover.
Anyway, so we figured out that both digital warheads were actually aiming at one and the same target, but from different angles. The small warhead is taking one cascade, and spinning up the rotors and slowing them down, and the big warhead is talking to six cascades and manipulating valves. So in all, we are very confident that we have actually determined what the target is. It is Natanz, and it is only Natanz. So we don't have to worry that other targets might be hit by Stuxnet.
Here's some very cool stuff that we saw -- really knocked my socks off. Down there is the gray box, and on the top you see the centrifuges. Now what this thing does is it intercepts the input values from sensors -- so for example, from pressure sensors and vibration sensors -- and it provides legitimate code, which is still running during the attack, with fake input data. And as a matter of fact, this fake input data is actually prerecorded by Stuxnet. So it's just like from the Hollywood movies where during the heist, the observation camera is fed with prerecorded video. That's cool, huh?
The idea here is obviously not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea is to circumvent a digital safety system. We need digital safety systems where a human operator could not act quick enough. So for example, in a power plant, when your big steam turbine gets too over speed, you must open relief valves within a millisecond. Obviously, this cannot be done by a human operator. So this is where we need digital safety systems. And when they are compromised, then real bad things can happen. Your plant can blow up. And neither your operators nor your safety system will notice it. That's scary.
But it gets worse. And this is very important, what I'm going to say. Think about this. This attack is generic. It doesn't have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don't have -- as an attacker -- you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments. We have to face the consequences, and we better start to prepare right now.
Thanks.
(Applause)
Chris Anderson: I've got a question. Ralph, it's been quite widely reported that people assume that Mossad is the main entity behind this. Is that your opinion?
Ralph Langner: Okay, you really want to hear that? Yeah. Okay. My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that's the United States -- fortunately, fortunately. Because otherwise, our problems would even be bigger.
CA: Thank you for scaring the living daylights out of us. Thank you Ralph.
(Applause)