Firms Aided Libyan Spies

The Guardian First Look Inside Security Unit Shows How Citizens Were Tracked

One of countless files from Libya's internet surveillance center.

TRIPOLI—On the ground floor of a six-story building here, agents working for Moammar Gadhafi sat in an open room, spying on emails and chat messages with the help of technology Libya acquired from the West.

The recently abandoned room is lined with posters and English-language training manuals stamped with the name Amesys, a unit of French technology firm Bull SA, which installed the monitoring center. A warning by the door bears the Amesys logo. The sign reads: “Help keep our classified business secret. Don’t discuss classified information out of the HQ.”

The room, explored Monday by The Wall Street Journal, provides clear new evidence of foreign companies’ cooperation in the repression of Libyans under Col. Gadhafi’s almost 42-year rule. The surveillance files found here include emails written as recently as February, after the Libyan uprising had begun.

One file, logged on Feb. 26, includes a 16-minute Yahoo chat between a man and a young woman. He sometimes flirts, declaring that her soul is meant for him, but also worries that his opposition to Col. Gadhafi has made him a target.

“I’m wanted,” he says. “The Gadhafi forces … are writing lists of names.” He says he’s going into hiding and will call her from a new phone number—and urges her to keep his plans secret.

“Don’t forget me,” she says.

This kind of spying became a top priority for Libya as the region’s Arab Spring revolutions blossomed in recent months. Earlier this year, Libyan officials held talks with Amesys and several other companies including Boeing Co.’s Narus, a maker of high-tech Internet traffic-monitoring products, as they looked to add sophisticated Internet-filtering capabilities to Libya’s existing monitoring operation, people familiar with the matter said.

Libya sought advanced tools to control the encrypted online-phone service Skype, censor YouTube videos and block Libyans from disguising their online activities by using “proxy” servers, according to documents reviewed by the Journal and people familiar with the matter. Libya’s civil war stalled the talks.

“Narus does not comment on potential business ventures,” a Narus spokeswoman said in a statement. “There have been no sales or deployments of Narus technology in Libya.” A Bull official declined to comment.

The sale of technology used to intercept communications is generally permissible by law, although manufacturers in some countries, including the U.S., must first obtain special approval to export high-tech interception devices.

Libya is one of several Middle Eastern and North African states to use sophisticated technologies acquired abroad to crack down on dissidents. Tech firms from the U.S., Canada, Europe, China and elsewhere have, in the pursuit of profits, helped regimes block websites, intercept emails and eavesdrop on conversations.

Members of Libyan leader Moammar Gadhafi’s family were reported Monday to have arrived in Algeria, a neighbor Libyan rebels have accused of supporting the ousted regime. Jeff Grocott has details on The News Hub.

The Tripoli Internet monitoring center was a major part of a broad surveillance apparatus built by Col. Gadhafi to keep tabs on his enemies. Amesys in 2009 equipped the center with “deep packet inspection” technology, one of the most intrusive techniques for snooping on people’s online activities, according to people familiar with the matter.

Chinese telecom company ZTE Corp. also provided technology for Libya’s monitoring operation, people familiar with the matter said. Amesys and ZTE had deals with different arms of Col. Gadhafi’s security service, the people said. A ZTE spokeswoman declined to comment.

VASTech SA Pty Ltd, a small South African firm, provided the regime with tools to tap and log all the international phone calls going in and out of the country, according to emails reviewed by The Wall Street Journal and people familiar with the matter. VASTech declined to discuss its business in Libya due to confidentiality agreements.

Libya went on a surveillance-gear shopping spree after the international community lifted trade sanctions in exchange for Col. Gadhafi handing over the suspects in the 1988 bombing of Pan Am flight 103 and ending his weapons of mass destruction program. For global makers of everything from snooping technology to passenger jets and oil equipment , ending the trade sanctions transformed Col. Gadhafi’s regime from pariah state to coveted client.

The Tripoli spying center reveals some of the secrets of how Col. Gadhafi’s regime censored the populace. The surveillance room, which people familiar with the matter said Amesys equipped with its Eagle system in late 2009, shows how Col. Gadhafi’s regime had become more attuned to the dangers posed by Internet activism, even though the nation had only about 100,000 Internet subscriptions in a population of 6.6 million.

The Eagle system allows agents to observe network traffic and peer into people’s emails, among other things. In the room, one English-language poster says: “Whereas many Internet interception systems carry out basic filtering on IP address and extract only those communications from the global flow (Lawful Interception), EAGLE Interception system analyses and stores all the communications from the monitored link (Massive interception).”

On its website, Amesys says its “strategic nationwide interception” system can detect email from Hotmail, Yahoo and Gmail and see chat conversations on MSN instant messaging and AIM. It says investigators can “request the entire database” of Internet traffic “in real time” by entering keywords, email addresses or the names of file attachments as search queries.

It is unclear how many people worked for the monitoring unit or how long it was operational.

In a basement storage room, dossiers of Libyans’ online activities are lined up in floor-to-ceiling filing shelves. From the shelves, the Journal reviewed dozens of surveillance files, including those for two anti-Gadhafi activists—one in Libya, the other in the U.K.—well known for their opposition websites. Libyan intelligence operators were monitoring email discussions between the two men concerning what topics they planned to discuss on their websites.

In an email, dated Sept. 16, 2010, the men argue over whether to trust the reform credentials of Col. Gadhafi’s son, Seif al-Islam, who at the time was widely expected to succeed his father as Libya’s leader. One man warns the other that the younger Gadhafi is trouble. “I know that you hope that Seif will be a good solution,” he writes. “But … he is not the proper solution. I’m warning you.”

Computer surveillance occupied only the ground floor of the intelligence center. Deeper in the maze-like layout is a windowless detention center, its walls covered in dingy granite tile and smelling of mildew.

Caught in the snare of Libya’s surveillance web was Human Rights Watch researcher Heba Morayef, who handles Libya reporting for the activist group. Files monitoring at least two Libyan opposition activists included emails written by her, as well as messages to her from them.

In one email, dated Aug. 12, 2010, a Libyan activist implores Ms. Morayef to help him and his colleagues fight a court case brought against them. “The law is on our side in this case, but we are scared,” he wrote. “We need someone to help.” The email goes into specific detail about the plaintiff, who was a high-ranking member of a shadowy group of political commissars defending the Gadhafi regime.

Ms. Morayef, reached Monday in Cairo, where she is based, said she was last in contact with the Benghazi-based activist on Feb. 16. She said she believes he went into hiding when civil war broke out a week later.

Another file, dated Jan. 6, 2011, monitors two people, one named Ramadan, as they struggle to share an anti-Gadhafi video and upload it to the Web. One message reads: “Dear Ramadan : Salam : this is a trial to see if it is possible to email videos. If it succeeds tell me what you think.”

Across town from the Internet monitoring center at Libya’s international phone switch, where telephone calls exit and enter the country, a separate group of Col. Gadhafi’s security agents staffed a room equipped with VASTech devices, people familiar with the matter said. There they captured roughly 30 to 40 million minutes of mobile and landline conversations a month and archived them for years, one of the people said.

Andre Scholtz, sales and marketing director for VASTech, declined to comment on the Libya installation, citing confidentiality agreements. The firm sells only “to governments that are internationally recognized by the U.N. and are not subject to international sanctions,” Mr. Scholtz said in a statement. “The relevant U.N., U.S. and EU rules are complied with.”

The precise details of VASTech’s setup in Libya are unclear. VASTech says its interception technology is used to fight crimes like terrorism and weapons smuggling.
A description of the company’s Zebra brand surveillance product, prepared for a trade show, says it “captures and stores massive volumes of traffic” and offers filters that agents can use to “access specific communications of interest from mountains of data.” Zebra also features “link analysis,” the description says, a tool to help agents identify relationships between individuals based on analysis of their calling patterns.

Capabilities such as these helped Libya sow fear as the country erupted in civil war earlier this year. Anti-Gadhafi street demonstrators were paranoid of being spied on or picked up by the security forces, as it was common knowledge that the regime tapped phones. Much of the early civil unrest was organized via Skype, which activists considered safer than Internet chatting. But even then they were scared.

“We’re likely to disappear if you aren’t careful,” a 22-year-old student who helped organize some of the biggest protests near Tripoli said in a Skype chat with a foreign journalist before fleeing to Egypt. Then, on March 1, two of his friends were arrested four hours after calling a foreign correspondent from a Tripoli-based cellphone, according to a relative. It is unclear what division of the security service picked them up or whether they are still in jail.

The uprising heightened the regime’s efforts to obtain more intrusive surveillance technology. On Feb. 15 of this year, as anti-government demonstrations kicked off in Benghazi, Libyan telecom official Bashir Ejlabu convened a meeting in Barcelona with officials from Narus, the Boeing unit that makes Internet monitoring products, according to a person familiar with the meeting. “The urgency was high to get a comprehensive system put in place,” the person said.

In the meeting, Mr. Eljabu told the Narus officials he would fast-track visas for them to go to Libya the next day, this person said. Narus officials declined to travel to Tripoli, fearing damage to the company’s reputation.

But it was too late for the regime. One week later, Libyan rebels seized control of Benghazi, the country’s second largest city, and the capital of Tripoli was convulsing in antiregime protests. In early March, Col. Gadhafi shut down Libya’s Internet entirely. The country remained offline until last week, when rebels won control of Tripoli.

Source: Wall Street Journal

This entry was posted in News. Bookmark the permalink.

11 Responses to Firms Aided Libyan Spies

  1. Mohammed says:

    I hope the hacker groups target the companies that helped the regime oppress the people and people boycott the companies that deal with the above companies and associates.

  2. “Some people came to these makeshift camps looking for a way to cross by boat to Europe. All of them remain trapped with nowhere to go.”
    (this problem was handled in Benghazi and Misirata to a relatively respected standard of humanitarian relief. They should have the situation secure enough to examine the detainees without further bloodshed, but the complication lies in the abuse of each other, between migrants and possible mercenaries in fear of their life……I would lockdown until they are properly weeded out. It’s important to remember that the rebels didn’t create this scenario, Gaddaffi did..)

  3. Abdelhakim Belhaj, a military commander, said, “We have the intelligence apparatus that belongs to the revolutionaries that allows us to gather information to find Gaddafi and his close aids that represent the pillars of the regime. We know for sure where some of them are, and we have unconfirmed reports on where Gaddafi is.
    Today I had a telephone conversation with Gaddafi’s son, Saadi, where he asked to be part of the revolution, and to get guarantees to come back to his people and the capital, Tripoli. He hinted to us his whereabouts, and we will be in contact with him to follow up on this matter.”

    (you gotta be kidding me……………………..He want to be pat of the revolution…Have twelve prioners from Sirte decide if that’s okay…Or the relatives of twelve dead martyrs.)

  4. This system has been in place since 2009, what new disclosure does it provide on the NTC governmental people that were part of Gaddaffis regime……..

  5. If SA put in place a nationwide suveillance system that monitored all of the electronic activities of the people of Libya, what do those surveillance records now have top say about the current NTC leadership that worked in the Gaddaffi regime, and are the telephone calls being made between now and saturday actually a case of Gaddaffi extorting the NTC members for a last ditch effort at gaining security for himself, his family, and the shieks of Sirte…….This says to me that Gaddaff is in Sirte. And when the attack was made on Tripoli, why was it so poorly planned that the escape routes weren’t covered.

  6. Washitaw The Tripoli Internet monitoring center was a major part of a broad surveillance apparatus built by Col. Gadhafi to keep tabs on his enemies. Amesys in 2009 equipped the center with “deep packet inspection” technology, one of the most intrusive techniques for snooping on people’s online activities, according to people familiar with the matter.

    Chinese telecom company ZTE Corp. also provided technology for Libya’s monitoring operation, people familiar with the matter said. Amesys and ZTE had deals with different arms of Col. Gadhafi’s security service, the people said. A ZTE spokeswoman declined to comment.

    VASTech SA Pty Ltd, a small South African firm, provided the regime with tools to tap and log all the international phone calls going in and out of the country, according to emails reviewed by The Wall Street Journal and people familiar with the matter. VASTech declined to discuss its business in Libya due to confidentiality agreements.
    (libya as it was known no longer exist, so confidentiality agreements should be out the window.)

  7. m.barrah says:

    could you please find out the names on the file showing on this page,
    I am interested in the scond name , Does it read mohammed barrah.

  8. Si j’ai bien compris les communications par Skype sont mieux protégées que les autres?? Quelqu’un peut’il me répondre?

    En 1995 nous avons eu de nombreuses coupures de communications sur les téléphones Thuraya. Pensez vous que cela était fait par le régime Kadhafi? Nous avons à ce moment là utilisé Inmarsat qui fonctionnait normalement.

    Si quelqu’un connait ces réponses merci.

    • Richard from France says:

      English translation:
      If I understand well, communications with Skype are better protected than other?? May somebody reply this??

      In 1995 we had numerous communication drops with the Thuraya phones. Do you think it was from the Kadhafi regime? At this moment we used Inmarsat which worked correctly.

      If somebody knows the replies, thanks

    • Richard From France says:

      Reply:

      Skype coding/security shortcoming:
      http://en.wikipedia.org/wiki/Skype#Security_and_privacy

      Skype openly collaborating with a fascist regime:
      http://en.wikipedia.org/wiki/Skype#Service_in_the_People.27s_Republic_of_China

      If they collaborated with the chinese fascist regime, why not with the kadhafi regime? Kadhafi and his gang were knowledgeable into the role of Internet, they could not miss this.

      About drops into the functioning of Thuraya phones, it is hard to tell what caused them, probably technical reasons. A satellite phone communicates directly with the satellite, and thus it is not bound to obey the state laws where it operates. It is hard to tap it or to hinder it, although not impossible.

      I remember some weeks ago there was a post on this forum, telling that the kadhafi gang was considered any thuraya owner as a spy, evidence that they feared these devices, because they cannot control them.

  9. Fredy says:

    Hey, Richard would you translate this French message ?
    It seems Eduard can read but can’t write English.