Accessibility links

Breaking News

Libya's Big Brother: Inside Qaddafi's Vast Surveillance Network

"Wired" has a long and insightful piece about the mechanics of Muammar Qaddafi's surveillance operation. While the Arab Spring "showed the promise of the Internet as a crucible for democratic activism," it also "demonstrated the Internet’s equal potential for government surveillance and repression on a scale unimaginable with the old analog techniques of phone taps and informants."

The tactics varied in their focus and scope. There was the "Electronic Army," a loose organization that would try to take down any Qaddafi material online, often by flagging YouTube videos for copyright infringements.

The Electronic Army also hacked dissidents' e-mails accounts and Skype conversations and made their private correspondence public.

But the most sophisticated part of the operation highlights an increasingly familiar and disturbing story of foreign companies -- many of them from Western democracies -- supplying the surveillance tools for a dictatorship.

Qaddafi had made a secret deal "with a company called Amesys -- a subsidiary of the French defense firm Bull SA -- for technology that would allow his spy services to access all the data flowing through Libya’s Internet system."
In a proposal to the regime dated November 11, 2006, Amesys (then called i2e Technologies) laid out the specifications for its comprehensive Homeland Security Program. It included encrypted communications systems, bugged cell phones (with sample phones included), and, at the plan’s heart, a proprietary system called Eagle for monitoring the country’s Internet traffic.

But what Amesys was offering was much more than "lawful intercept," the capabilities, standard in the EU for example, where law enforcement can monitor specific phone numbers and IP addresses with warrants.
According to engineers at Libyan Internet provider LTT, two high-bandwidth “mirrors” were installed -- one on the country’s main fiber-optic trunk and one inside the DSL switchboard -- to copy all Internet traffic and feed it into the Eagle system, which became operational in 2009.

But Amesys wasn't the only foreign technology company implicated:
Amesys, with its Eagle system, was just one of Libya’s partners in repression. A South African firm called VASTech had set up a sophisticated monitoring center in Tripoli that snooped on all inbound and outbound international phone calls, gathering and storing 30 million to 40 million minutes of mobile and landline conversations each month. ZTE Corporation, a Chinese firm whose gear powered much of Libya’s cell phone infrastructure, is believed to have set up a parallel Internet monitoring system for External Security: Photos from the basement of a makeshift surveillance site, obtained from Human Rights Watch, show components of its ZXMT system, comparable to Eagle. American firms likely bear some blame, as well. On February 15, just prior to the revolution, regime officials reportedly met in Barcelona with officials from Narus, a Boeing subsidiary, to discuss Internet-filtering software. And the Human Rights Watch photos also clearly show a manual for a satellite phone monitoring system sold by a subsidiary of L-3 Communications, a defense conglomerate based in New York. (Amesys, VASTech, ZTE and Narus did not respond to multiple interview requests; L-3 declined to comment.)

What these companies were doing wasn't illegal (sanctions had been lifted) but their actions do raise countless questions about the ethics of such companies supplying equipment to odious regimes such as that in Libya. A recent investigation by a Swedish broadcaster revealed that the country's telecom giant Teliasonera has been selling high-tech surveillance equipment to less-than-democratic governments in Central Asia and Azerbaijan, among others.

In one of the Libyan monitoring headquarters, "analysts sat at their terminals and used a web browser to log on to the Eagle system, where they would peruse their latest intercepts or search for new targets to monitor using keywords, phone numbers, or e-mail and IP addresses."
The system was capable of collecting e-mail, chat and voice-over-IP conversations, file transfers, and even browsing histories from anyone who used broadband or dialup Internet in Libya. The analysts could call up social-network diagrams for the targets they were hunting, with the links between each suspect showing the frequency and type of communication. E-mails of interest were labeled “follow-up” for the security services.

As the uprising intensified, by the beginning of March, the Qaddafi regime shut off access to the Internet.
Now, as the battle seesawed between the regime and the rebels across Libya, the cyberwar would be directed outward, committed to the task of distributing pro-Qaddafi propaganda to the world and shutting down any attempts by rebels to send out their own message.

The newly revived "Electronic Army" directed its efforts to taking down anti-Qaddafi websites by denial-of-service attacks or placing malware on rebel fighters' computers. Ukrainian mercenaries also snooped on traffic from satellite phones.

What is most disturbing about Qaddafi's surveillance operation was how relatively cheap and easy it was to set up with off-the-shelf technology.
Today you can run an approximation of 1984 out of a couple of rooms filled with server racks. And that’s precisely what Libya’s spies did -- and what dictatorships all around the world continue to do.