Cyber Security and Emerging Threats Ryan Atkinson

Spying for Gadhafi: The Foreign Export of Surveillance Capabilities to Libya

Colonel Muammar Gadhafi ruled Libya until his regime collapsed during the revolution and conflict that ensued as a result of the Arab Spring in 2011. Previously secret archives discovered after the fall of Tripoli in 2011 revealed the export of pervasive surveillance technologies to the regime by foreign corporations. The case of exported surveillance capabilities to the Gadhafi regime demonstrates the willingness of foreign corporations and intelligence organizations to aid the brutal dictatorship in human rights abuses and torture by providing technologies and services used by the regime to curtail political opposition and dissent.


This information was first reported by the Wall Street Journal from within a monitoring center in Tripoli, where extensive surveillance technologies installed by foreign surveillance companies were discovered. Amesys, a unit of the French technology firm Bull SA, installed the monitoring center’s surveillance equipment, which included its Eagle system that provided deep packet inspection (DPI) technology. DPI allows for the monitoring of internet meta-data communications and information sent and received by computers, as packets with labelled headers that describe “what they are, who they’re from and where they’re going.” The contents of each packet can be scanned with DPI software to monitor individual internet use by scanning for specific keywords or blocking access to specific websites.


A proposal dated November 11th, 2006, between Amesys (then i2e Technologies) and the Gadhafi regime included encrypted communications, bugged cell phones, and its Eagle internet monitoring system. Philippe Vannier, former head of Amesys and current chief executive of Bull, met with Abdullah Senussi, Libya’s Head of Intelligence in Tripoli in 2007, and a deal was signed that year to install the technology. Amesys officials and retired soldiers of France’s Military Intelligence Directorate (DRM) provided training for Libyan intelligence in July 2008 for €10 million. Le Figaro interviewed a soldier that organized training for Gadhafi’s intelligence service in the Eagle system, who claimed to have “put the whole country on tune […] we were doing massive [interception] […] all the data going on the Internet: mails, chats, Internet browsing and IP conversation” were collected.


In addition to Amesys, other surveillance companies were discovered operating within Libya after the fall of Gadhafi. Chinese telecom company ZTE was discovered with their ZXMT system with similar capabilities to Eagle. South African firm VASTech provided its Zebra technology supplying agents with “link analysis” to “identify relationships between individuals based on analysis of their calling patterns.” Another monitoring facility in Tripoli housed VASTech’s equipment, which “captured roughly 30 to 40 million minutes of mobile and landline conversations a month and archived them for years”, with capabilities to tap and log all international phone calls entering and exiting the country.


Libya’s highly intrusive surveillance system enabled intelligence agents to surveil regime dissidents. Reportedly thousands of case files were found in the basement of the Tripoli monitoring facility and included transcripts of phone calls, email printouts, photographs, email intercepts, IP addresses, port numbers, and even usernames and passwords. Libyan intelligence agents were not confined within state borders and dissidents abroad were also put under surveillance.


In 2012, Wired reported the story of Ali Hamouda, a 36-year-old dental student studying in Scotland, which exemplifies the reach of Libyan intelligence. Hamouda blogged against regime abuse under the name Walid Sheik, and began writing for Libya al-Mostakbal, a website run by Hassan al-Amin, a Libyan dissident living in exile in London. Upon returning to Libya, Hamouda received a call from Senussi to meet in Tripoli. At the meeting, Hamouda was accused of being Walid Sheikh, was thrown in prison for two months, and repeatedly interrogated for his user name and passwords to access his contacts. Hamouda’s identity had been compromised as a result of the “IP address on his emails to Amin” which Libyan intelligence agents traced to the dental school at the University of Dundee. Only four Libyan students were on scholarships there; only Ali Hamouda fit the profile of Walid Sheikh.


The sale of invasive technologies to states that are human rights violators demonstrates how surveillance corporations use diplomatic relations between a regime and the company’s country of origin as a means of justifying export. Trevor Timm, co-founder and Executive Director of the Freedom of the Press Foundation argues the need for “know your customer” regulatory standards which formulate a framework that requires companies to study non-partisan human rights reports rather than just focusing on legal restrictions. In addition, Dr. Kirsten E. Martin, Associate Professor at George Washington University, argues for global Information and Communication Technologies (ICT) to closely examine “the stakeholders of the technology, the roles and responsibilities of the actors within a particular community, and the alternatives to the innovation.”


The incorporation of moral justifications into already established legal ones requires surveillance companies to justify doing business with certain states based on how these regimes would use the technologies and whether they would harm civilian populations. Establishing such principles within the ICT industry and the private sector more generally is how the international community can work towards mitigating the capabilities of undemocratic regimes to commit mass atrocities against their populations.


Featured Photo: “Benghazi Anti-Gadhafi Protests” | 6 July 2011 by Mbi3000 via Wikimedia Commons.


Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Ryan Atkinson
Ryan Atkinson is Program Editor for Cyber Security and Information Warfare at the NATO Association of Canada. Ryan completed a Master of Arts in Political Science from the University of Toronto, where his Major Research Project focused on Russia’s utilization of information and cyber strategies during military operations in the war in Ukraine. He worked as a Research Assistant for a professor at the University of Toronto focusing on the local nature of Canadian electoral politics. He graduated with an Honours Bachelor of Arts in Political Science and Philosophy from the University of Toronto. Ryan conducted research for Political Science faculty that analyzed recruitment methods used by Canadian political parties. Ryan’s research interests include: Cyber Threat Intelligence, Information Security, Financial Vulnerability Management, Disinformation, Information Warfare, and NATO’s Role in Global Affairs.