Over the past couple days more and more information has been coming out in the mainstream press (BBC, WSJ, Le Figaro to name but a few) on just how paramount and key a role Western and international firms played in training and outfitting Gaddafi’s repressive secret agents with the technology and know-how required to spy on almost the totality of Libya’s Internet and telecommunication infrastructure in an attempt to track and squash dissidents.

French firms and the Directorate of Military Intelligence among others worked alongside and signed lucrative contracts with arms dealers, dictators and known anti-western terrorists worth tens of millions of Euros and took on a leading roll in helping to setup up Gaddafi’s surveillance infrastructure with the U.S., Chinese and South African’s following closely behind.

French technology company Bull SA utilized their shady subsidiary called Amesys (who took all their international websites offline after the news hit and started steps to limit PR damage) to help setup a full blown highly sophisticated central monitoring center for Gaddafi’s gung-ho intelligence services and provide them with personalized English language training on how to efficiently utilize their deep packet inspection software codenamed “Eagle” in order to eavesdrop on as much of Libya’s Internet traffic as was possible. Incidentally, according to Le Figaro the Eagle software is also now setup at many French ISP’s and being used by the French government since 2009 to spy on its own citizens and Internet users in France (apparently legally) after having gone through its test phase in Libya, which was basically their live laboratory to fine tune the software as they could conduct invasive tests without any limits.

Le Figaro today released an exclusive interview with an anonymous French intelligence officer who revealed some more details on the project. To quote, “We set in motion the Libyan surveillance system in July 2008. The Bull executives were extremely involved and personally attached to this mission.” He proceeded to explain how the corrupt Franco-lebanese business man and arms dealer Ziad Takieddine acted as an intermediary between the French company and the Libyans and managed much of the commercial side of this particular contract. Honestly I wonder why the French government keeps using this guy as an intermediary, perhaps he’s well connected but he sure seems to get caught in corrupt and shady deals an awful lot. The soldier went on to explain how Libya was basically viewed by Bull as an inaugural test bed for its software in advance of it being marketed to other countries looking to spy on their own citizens. Presumably one can imagine they will now be doing this under a different company and product name since this negative PR hit.

The French soldier went on to explain how Libya was an easy target for their packet analysis software because they have so few external Internet links and almost all their network traffic heads outbound of the country because Libya itself has hardly any Internet services or content sites of consequence hosted internally. Therefore all you needed to do is plug yourself into the main international node connection and right away you’ve already got 98% or more of all the country’s Internet traffic at your fingertips he explained.

The Eagle system supposedly allows operators to observe network traffic using deep packet inspection and log everything to an indexed multilingual Oracle database searchable via keywords. It claims to be able to log and peer into people’s emails (POP3, IMAP, SMTP), IM’s (MSN, Yahoo, Gmail, Skype), VOIP (RTP, SIP, H323), HTTP/Web (Facebook, Twitter, Skype, Gmail, Yahoo) and all sorts of other traffic going over common communication protocols. Alas, all pretty basic and simple stuff when dealing with unsophisticated Internet users who don’t bother with encryption or take steps to try and preserve their anonymity. I am a bit dubious though on their claims of being able to “peer into” traffic of web services which are known by default to force SSL or other forms of encryption even though it is true many companies now offer inspection and analysis of encrypted traffic even if the content itself cannot necessarily be read plainly it can still hint on the parties communicating and what sort of communication is taking place. Libya was apparently particularly interested in gaining access to tools that would allow them to control the encrypted Skype service and censor YouTube videos as well as detecting and blocking access to proxy servers. I wonder how that worked out for them?

To quote from Amesys’s promotional Eagle SMINT PDF which you can find mirrored here, “All network protocols are recognized through advanced techniques based on protocol syntax analysis, called Deep Packet Inspection, whereas competitive products do it through network port identification that can easily be misled.” Amesys aka Bull SA seem particularly proud of this, with one of the posters stuck on the wall at Gaddafi’s central surveillance monitoring centers with the Amesys logo on it proudly reminding operators and agents in the room that “Whereas many Internet interception systems carry out basic filtering on IP address and extract only those communications from the global flow (Lawful Interception), EAGLE Interception system analyses and stores all the communications from the monitored link (Massive interception).” Isn’t that impressive, apparently Amesys is aware of the Link layer!

The anonymous French soldier also provided details on how the different levels of the Libyan Internet surveillance program operated. Probably very similar to how it does in many other countries. At the first level you had the so called “base operators” who were responsible for following suspected anti-regime individuals and compiling basic preliminary reports on their online activities. He detailed how this was part of the first French mission and they were trained on how to find targets in the massive traffic flow using keyword searches. He even gave an example of how they tapped traffic from specific universities and targeted individuals using those networks to train the Libyan operators.

The second level was comprised of the “analysts” who were in charge of configuring interceptions on a national level and defining the key words of interest across the whole system. The second level was made up of Libyan intelligence officers who were also in charge of bringing their information to the direct staff of the head of state. He explained how in his time there they had “formed approximately twenty officers at that three separate sites in Tripoli: one for the army, the other for the police, and the last belonging to the government.”

The French soldier explained that at the third level which was comprised of the direct staff to the head of state, this was apparently the level who the French military and Bull executives were in routine and direct contact with, in particular Gaddafi’s brother in law and convicted international terrorist Abdallah Senoussi who was the head of Libya’s secret service. The soldier said that “it was him who negotiated the functionality of the product [Eagle] and would give us directives”.

U.S. corporate giant Boeing‘s subsidiary Narus who also specializes in DPI traffic-monitoring software and is a NSA partner specializing in warrant-less wiretapping of U.S. citizens also is alleged to have had dealings and potentially provided technology to Gaddafi’s spy apparatus however so far it would appear they have done a better job at staying out of the press with the company only acknowledging to having held discussions with the dictator’s regime and refusing all further comment. It will be interesting to see what comes of this though as people probe further into their involvement as they have already been found to have provided similar technology to many other despots the World over.

The Chinese telecom company ZTE Corp also had won contracts and apparently was instrumental in providing key technology to Gaddafi’s surveillance operations. Interestingly enough though, it has been reported that apparently they only agreed to deal with segmented sections of his security apparatus, sections who allegedly were not to come in contact with the other sections who were dealing with Western governments and firms although I’m not too sure how that would work. One can only speculate why the Chinese took this approach. The Chinese of course seem to have a knack to efficiently cover their involvement in these types of situations perhaps this was part of it.

Disingenuously enough, these technology firm’s proprietary deep packet inspection and surveillance software which they try to keep as secret as possible and being sold to fascists the world over under restrictive NDA’s for millions upon millions of dollars are actually frequently built on or utilize open source software and libraries, yet these companies are allowed to make a killing (literally) often by infringing the original open source software licenses and intellectual property of the creators apparently without their express knowledge.

A smaller South African company called VASTech SA Pty Ltd also was heavily involved and gained some lucrative contracts to provide Libya with network recording and passive surveillance technology to tap and log all inbound and outbound international phone calls from the country. If this company’s website is anything to go by, they certainly seek to maintain a low profile. They have also refused to comment on their dealings with Libya citing confidentiality agreements. Of course this just sounds like an excuse to not comment as what validity can such confidentiality agreements signed without the authorization of a valid legislative body now hold since the corrupt shady parties they were signed with have been ousted from power. Or have they really? One wonders sometimes. The head may be gone but what about the rest?

UPDATE: On September 1st 2011 at around 20:00 CET Amesys re-enabled their websites and posted an image file split into 4 parts on their amesys.fr site containing a press release which you can find mirrored here and in text below. We’ve translated the French text via Google Translate for now to save time so there are quite a few errors of direct translation and thus cannot be considered legally or otherwise accurate. It’s just to give people a general idea. So far though, as far as we can tell Amesys are the only company to have actually issued a proper press communique to try and get their side of the story out and do some damage control.

One comment on their press communique though, I find it interesting that they state their technology cannot be used to monitor phone calls, even though in the footage shot by the BBC in Gaddafi’s abandoned homeland security center we can clearly see the paper on the wall titled “GSM Geolocation” with a screenshot of one of the Eagle software GUI pictured below it. So what’s worse, being able to listen to the actual calls or geolocate the device making the calls? Combine Amesys’s geolocation with ZTE Corp and VASTech’s call monitoring technology and I think you pretty much have a winner. Oh and since when do cyber cafes all use satellite internet? Curious stuff indeed.

IN FRENCH quoted verbatim from amesys.fr

Communiqué Direction de la Communication Amesys (A Bull group company)

Suite à un grand nombre d’informations erronées ou fausses parues dans les médias, Amesys tient à apporter les précisions suivantes. Amesys a signé un contrat en 2007 avec les autorités libyennes. La livraison du matériel a eu lieu en 2008. Le contrat concernait la mise à disposition d’un matériel d’analyse portant sur une fraction des connexions internet existantes, soient quelques milliers. Il n’incluait ni les communications internet via satellite-utilisées dans les cybercafés -, ni les données chiffrées-type Skype -, ni le filtrage de sites web. Le matériel utilisé ne permettait pas non plus de surveiller les lignes téléphoniques fixes ou mobiles.

Ce contrat a été signé à l’époque dans un contexte international de rapprochement diplomatique avec la Libye qui souhaitait lutter contre le terrorisme et les actes perpétrés par AI-Qaïda. (2007 : année de la libération des infirmières bulgares). (Déc. 2007 :visite officielle de Mouammar Kadhafi en France; Juil. 2009 : rencontre de Ba rack Obama et Mouammar Kadhafi en Italie).

Toutes les activités d’ Amesys respectent strictement les exigences légales et règlementaires des conventions internationales, européennes et françaises. Amesys n’opère aucun centre d’écoute téléphonique ni internet à aucun point du globe.

Amesys a toujours privilégié un développement dans les zones géographiques avec lesquelles la France ou l’Europe nouent des partenariats stratégiques.

La stratégie d’ Amesys est de mettre au point des systèmes informatiques critiques permettant la protection du patrimoine numérique de ses clients ou la sécurité physique des personnes (véhicule shadow :contre les déclenchements à distance de bombes lors de passages de convois). Les activités d’ Amesys s’intègrent également dans les procédures de contrôle interne définies pour éviter toute irrégularité au sein du Groupe Bull, dont elle est filiale depuis 2010.

Amesys ne communique jamais sur ses activités par région mais souhaite -compte tenu de circonstances exceptionnelles en Lybie-éviter toute désinformation préjudiciable à ses équipes, ses clients et ses partenaires.

Amesys réserve ses droits concernant les atteintes qui pourraient être portées à son image ou à sa réputation.

Le 1er septembre 2011

IN ENGLISH translated and quoted verbatim from translate.google.com

Press Communications Department Amesys (A Bull group company)

After many false or erroneous information that appeared in the media, Amesys like to make the following points. Amesys signed a contract in 2007 with the Libyan authorities. Delivery of equipment took place in 2008. The contract involved the provision of analytical equipment on a portion of the existing internet connections, are a few thousand. It did not include Internet communications via satellite, used in Internet cafes – or encrypted data, such as Skype – or filtering websites. The material used does not allow to monitor the phone lines fixed or mobile.

The contract was signed at the time in an international context of diplomatic rapprochement with Libya who wanted the fight against terrorism and acts perpetrated by al Qaeda. (2007: year of the release of Bulgarian nurses). (December 2007: official visit by Muammar Gaddafi to France in July 2009: Meeting of Ba rack Obama and Gaddafi in Italy).

All activities of Amesys strictly follow the legal and regulatory requirements of international conventions, European and French. Amesys operates no center hotline or internet to any point on the globe.

Amesys has always favored development in geographical areas with which France and Europe forge strategic partnerships.

The strategy is Amesys to develop computer systems critical to the protection of digital heritage of its customers or the physical safety of persons (vehicle shadow: against the remote triggering of bombs during passages of convoys). The activities of Amesys also integrate in the internal control procedures established to avoid any irregularities in the Groupe Bull, which is a subsidiary since 2010.

Amesys never communicate on its activities by region, but wish the light of exceptional circumstances in Libyan-avoid misinformation detrimental to its staff, customers and partners.

Amesys reserves its rights relating to infringement could be brought to its image or reputation.

September 1, 2011

Some additional videos and links that may be of interest to this article’s subject matter.

Deep Packet Inspection Resource Site (Operated by the Office of the Privacy Commissioner of Canada)

The BBC’s Orla Guerin gained access to Col Gaddafi’s homeland security headquarters and found hundreds of secret files.

A non technical discussion on deep packet inspection which aired on DemocracyNow.org in 2009

And just for fun, a very classic Big Brother’esc promotional video from Amesys’s website in 2009.