http://online.wsj.com/article/SB10001424053111904199404576538721260166388.html
AUGUST 30, 2011
Firms Aided Libyan Spies
First Look Inside Security Unit Shows How Citizens Were Tracked
By PAUL SONNE And MARGARET COKER
TRIPOLI--On the ground floor of a six-story building here, agents working for Moammar Gadhafi sat in an open room, spying on emails and chat messages with the help of technology Libya acquired from the West.
The recently abandoned room is lined with posters and English-language training manuals stamped with the name Amesys, a unit of French technology firm Bull SA, which installed the monitoring center. A warning by the door bears the Amesys logo. The sign reads: "Help keep our classified business secret. Don't discuss classified information out of the HQ."
The room, explored Monday by The Wall Street Journal, provides clear new evidence of foreign companies' cooperation in the repression of Libyans under Col. Gadhafi's almost 42-year rule. The surveillance files found here include emails written as recently as February, after the Libyan uprising had begun.
One file, logged on Feb. 26, includes a 16-minute Yahoo chat between a man and a young woman. He sometimes flirts, declaring that her soul is meant for him, but also worries that his opposition to Col. Gadhafi has made him a target.
"I'm wanted," he says. "The Gadhafi forces ... are writing lists of names." He says he's going into hiding and will call her from a new phone number--and urges her to keep his plans secret.
"Don't forget me," she says.
This kind of spying became a top priority for Libya as the region's Arab Spring revolutions blossomed in recent months. Earlier this year, Libyan officials held talks with Amesys and several other companies including Boeing Co.'s Narus, a maker of high-tech Internet traffic-monitoring products, as they looked to add sophisticated Internet-filtering capabilities to Libya's existing monitoring operation, people familiar with the matter said.
Libya sought advanced tools to control the encrypted online-phone service Skype, censor YouTube videos and block Libyans from disguising their online activities by using "proxy" servers, according to documents reviewed by the Journal and people familiar with the matter. Libya's civil war stalled the talks.
"Narus does not comment on potential business ventures," a Narus spokeswoman said in a statement. "There have been no sales or deployments of Narus technology in Libya." A Bull official declined to comment.
The sale of technology used to intercept communications is generally permissible by law, although manufacturers in some countries, including the U.S., must first obtain special approval to export high-tech interception devices.
Libya is one of several Middle Eastern and North African states to use sophisticated technologies acquired abroad to crack down on dissidents. Tech firms from the U.S., Canada, Europe, China and elsewhere have, in the pursuit of profits, helped regimes block websites, intercept emails and eavesdrop on conversations.
The Tripoli Internet monitoring center was a major part of a broad surveillance apparatus built by Col. Gadhafi to keep tabs on his enemies. Amesys in 2009 equipped the center with "deep packet inspection" technology, one of the most intrusive techniques for snooping on people's online activities, according to people familiar with the matter.
Chinese telecom company ZTE Corp. also provided technology for Libya's monitoring operation, people familiar with the matter said. Amesys and ZTE had deals with different arms of Col. Gadhafi's security service, the people said. A ZTE spokeswoman declined to comment.
VASTech SA Pty Ltd, a small South African firm, provided the regime with tools to tap and log all the international phone calls going in and out of the country, according to emails reviewed by The Wall Street Journal and people familiar with the matter. VASTech declined to discuss its business in Libya due to confidentiality agreements.
Libya went on a surveillance-gear shopping spree after the international community lifted trade sanctions in exchange for Col. Gadhafi handing over the suspects in the 1988 bombing of Pan Am flight 103 and ending his weapons of mass destruction program. For global makers of everything from snooping technology to passenger jets and oil equipment , ending the trade sanctions transformed Col. Gadhafi's regime from pariah state to coveted client.
The Tripoli spying center reveals some of the secrets of how Col. Gadhafi's regime censored the populace. The surveillance room, which people familiar with the matter said Amesys equipped with its Eagle system in late 2009, shows how Col. Gadhafi's regime had become more attuned to the dangers posed by Internet activism, even though the nation had only about 100,000 Internet subscriptions in a population of 6.6 million.
The Eagle system allows agents to observe network traffic and peer into people's emails, among other things. In the room, one English-language poster says: "Whereas many Internet interception systems carry out basic filtering on IP address and extract only those communications from the global flow (Lawful Interception), EAGLE Interception system analyses and stores all the communications from the monitored link (Massive interception)."
On its website, Amesys says its "strategic nationwide interception" system can detect email from Hotmail, Yahoo and Gmail and see chat conversations on MSN instant messaging and AIM. It says investigators can "request the entire database" of Internet traffic "in real time" by entering keywords, email addresses or the names of file attachments as search queries.
It is unclear how many people worked for the monitoring unit or how long it was operational.
In a basement storage room, dossiers of Libyans' online activities are lined up in floor-to-ceiling filing shelves. From the shelves, the Journal reviewed dozens of surveillance files, including those for two anti-Gadhafi activists--one in Libya, the other in the U.K.--well known for their opposition websites. Libyan intelligence operators were monitoring email discussions between the two men concerning what topics they planned to discuss on their websites.
In an email, dated Sept. 16, 2010, the men argue over whether to trust the reform credentials of Col. Gadhafi's son, Seif al-Islam, who at the time was widely expected to succeed his father as Libya's leader. One man warns the other that the younger Gadhafi is trouble. "I know that you hope that Seif will be a good solution," he writes. "But ... he is not the proper solution. I'm warning you."
Computer surveillance occupied only the ground floor of the intelligence center. Deeper in the maze-like layout is a windowless detention center, its walls covered in dingy granite tile and smelling of mildew.
Caught in the snare of Libya's surveillance web was Human Rights Watch researcher Heba Morayef, who handles Libya reporting for the activist group. Files monitoring at least two Libyan opposition activists included emails written by her, as well as messages to her from them.
In one email, dated Aug. 12, 2010, a Libyan activist implores Ms. Morayef to help him and his colleagues fight a court case brought against them. "The law is on our side in this case, but we are scared," he wrote. "We need someone to help." The email goes into specific detail about the plaintiff, who was a high-ranking member of a shadowy group of political commissars defending the Gadhafi regime.
Ms. Morayef, reached Monday in Cairo, where she is based, said she was last in contact with the Benghazi-based activist on Feb. 16. She said she believes he went into hiding when civil war broke out a week later.
Another file, dated Jan. 6, 2011, monitors two people, one named Ramadan, as they struggle to share an anti-Gadhafi video and upload it to the Web. One message reads: "Dear Ramadan : Salam : this is a trial to see if it is possible to email videos. If it succeeds tell me what you think."
Across town from the Internet monitoring center at Libya's international phone switch, where telephone calls exit and enter the country, a separate group of Col. Gadhafi's security agents staffed a room equipped with VASTech devices, people familiar with the matter said. There they captured roughly 30 to 40 million minutes of mobile and landline conversations a month and archived them for years, one of the people said.
Andre Scholtz, sales and marketing director for VASTech, declined to comment on the Libya installation, citing confidentiality agreements. The firm sells only "to governments that are internationally recognized by the U.N. and are not subject to international sanctions," Mr. Scholtz said in a statement. "The relevant U.N., U.S. and EU rules are complied with."
The precise details of VASTech's setup in Libya are unclear. VASTech says its interception technology is used to fight crimes like terrorism and weapons smuggling.
A description of the company's Zebra brand surveillance product, prepared for a trade show, says it "captures and stores massive volumes of traffic" and offers filters that agents can use to "access specific communications of interest from mountains of data." Zebra also features "link analysis," the description says, a tool to help agents identify relationships between individuals based on analysis of their calling patterns.
Capabilities such as these helped Libya sow fear as the country erupted in civil war earlier this year. Anti-Gadhafi street demonstrators were paranoid of being spied on or picked up by the security forces, as it was common knowledge that the regime tapped phones. Much of the early civil unrest was organized via Skype, which activists considered safer than Internet chatting. But even then they were scared.
"We're likely to disappear if you aren't careful," a 22-year-old student who helped organize some of the biggest protests near Tripoli said in a Skype chat with a foreign journalist before fleeing to Egypt. Then, on March 1, two of his friends were arrested four hours after calling a foreign correspondent from a Tripoli-based cellphone, according to a relative. It is unclear what division of the security service picked them up or whether they are still in jail.
The uprising heightened the regime's efforts to obtain more intrusive surveillance technology. On Feb. 15 of this year, as anti-government demonstrations kicked off in Benghazi, Libyan telecom official Bashir Ejlabu convened a meeting in Barcelona with officials from Narus, the Boeing unit that makes Internet monitoring products, according to a person familiar with the meeting. "The urgency was high to get a comprehensive system put in place," the person said.
In the meeting, Mr. Eljabu told the Narus officials he would fast-track visas for them to go to Libya the next day, this person said. Narus officials declined to travel to Tripoli, fearing damage to the company's reputation.
But it was too late for the regime. One week later, Libyan rebels seized control of Benghazi, the country's second largest city, and the capital of Tripoli was convulsing in antiregime protests. In early March, Col. Gadhafi shut down Libya's Internet entirely. The country remained offline until last week, when rebels won control of Tripoli.
Write to Paul Sonne at paul.sonne@wsj.com and Margaret Coker at margaret.coker@wsj.com