Libya: Foreign Hackers and Surveillance

Since the fall of Tripoli, reporters, researchers, and former employees of the Libyan Telecom and Technology company have been uncovering and sharing details about how the Libyan government surveilled and monitored internet and phone networks.

These reports demonstrate the depth of the relationship between foreign information technology companies and the Gaddafi regime, mirroring similar relationships with the repressive regimes of Tunsia, Egypt, Syria, and others in the Middle East.

In the case of Libya, it is now clear that prior to the rebellion, the regime emphasized surveillance and data gathering over filtering. With the onset of conflict, the Gaddafi regime scrambled to put in place filtering and blocking technologies, and employed outsiders to attack opposition sites and communications.

Former and current LTT staff speak

Libya was collecting massive quantities of data on both phone networks and internet usage. In August, The Wall Street Journal described seeing surveillance equipment manufactured by Narus, a wholly owned subsidiary of Boeing, Inc., and Amesys, part of French company Bull S.A., in an abandoned security unit.

In recent conversations in Tripoli, sources who are current and former employees of Libya Telecom and Technology (LTT) have described the efforts of the Gaddafi regime to ramp up surveillance in the weeks after the rebellion. The efforts were led out of an Internet monitoring center run by the Interior Ministry in Tripoli, a center connected to Libyan security agencies. They describe recruitment of hackers from China and Eastern Europe to block key opposition sites and social media such as Facebook and YouTube, run phishing campaigns to steal Facebook passwords, and generate viruses to infect user computers and compromise data security. They also describe extensive efforts to eavesdrop on Skype, phone networks, and internet running through VSAT connections. This confirms earlier Global Voices reporting that describes “cyber attacks on [Libyan] opposition websites coming from Serbia.”

A backdoor to Thuraya satellite phones?

In addition, the same individuals assert that the Libyan government was able to gain backdoor access to voice and data on Thuraya satellite phones sold in Tripoli through official providers. Thuraya, who are based in the United Arab Emirates, deny they granted the Libyan government a backdoor.

Libya’s General Post and Telecommunications Corporation is a shareholder in Thuraya, but the relationship between the company and the Gaddafi regime has not always been smooth. In 2006, Libya was accused by Thuraya of jamming its mobile satellite communications. The jamming occurred over six months, and disrupted service in Libya and surrounding regions. In February 2011, Thuraya once again said that they had “conclusive evidence” that Libya was jamming signals on its Thuraya-2 satellite network.

Ebrahim E. Ebrahim, Thuraya’s Vice-President for Corporate & Marketing Communications, referred to the February incident in an email interview and says, Thuraya’s network “was subjected to harmful and unlawful interference in Libya, which we have evidence to suggest was intentional,” but that the “alleged backdoor never existed, which is why our network was subjected to the intentional jamming.”

Thuraya and other satellite phones have been used by media and NGOs during protests in authoritarian countries with the hope of data security – an assumption that may be misplaced, given the sophisticated technology available to monitor telecommunications networks. Thuraya says there are around 3000 subscribers to its service in Libya – with a focus on rural access where cell networks do not reach.

In the weeks before the rebel attack on Tripoli, Gaddafi threatened death to anyone using Thuraya phones not registered in Libya. This may suggest that unregistered Thuraya phones were perceived as a threat by the government.

Is the Libyan internet safe now?

Libya has been able to legally purchase internet technology since the end of international trade sanctions in 2003 and 2004, following Gaddafi's disavowal of a weapons of mass destruction program and reparations payments for the Lockerbie airplane bombing. By several accounts Libya invested in technology manufactured in North America, Europe, and China, used to monitor and capture data on both internet and telephone networks.

In interviews, current and former employees of Libya Telecom and Technology assert that the Chinese companies Huawei and ZTE provided Libya with software for content filtering and blocking. The core Libyan internet has been built using technology from global providers, such as Cisco, Nera Networks, Alcatel-Lucent, Siemens Ericcson, and Huawei and ZTE.

Surveillance of these networks accompanied by occasional filtering and blocking by the Gaddafi regime has been public knowledge for several years. The Open Network Initiative's study from August 2009 asserts that Libya practiced selective filtering, but significant surveillance at both the personal level in internet cafes and other public access points.

Libyans under Gaddafi were very wary about both personal and electronic surveillance. Many bloggers stayed far away from politically sensitive material, or published their work pseudonymously or anonymously. Citizen media remained dispersed, with active bloggers meeting rarely and never in large groups. This practice, it seems, was wise. The return of internet to Libya after the fall of Tripoli has meant the end of censorship and surveillance, at least in its earlier form. However, many bloggers and activists using social media remain cautious about revealing their identity, what they write, and where they are.

Given Libya’s uncertain political future, personal and data security will likely remain a key concern for Libyan citizens for some time.


  • Jimmy

    Incorrect! The WSJ journal article never mentioned Narus equipment being in Libya. It only alleged that Libyan officials and Narus might have spoken, whatever that means. It did mention seeing the French companies equipment, however. -Jimmy

  • […] Libya's interim government seems confident the country can reach pre-war oil p more… Libya: Foreign Hackers and Surveillance – Global Voices Online – 10/27/2011 Global Voices OnlineLibya: Foreign Hackers and […]

  • John

    Qaddafi’s regime has launched a strong attack on the users of social networks
    Identify sources of information security: Haitham Thabit is done with the help of Internet users and network protection for the eastern region in Libya.

    ALHaithem Thebat is a known Libyan Security Expert .
    He studied Computer Sciences . Before this he started working as a Systems Analyst and programmer . In 2000 he became interested in viruses due to an incident with the ‘aids-information’-diskette Trojan incident. His solution was well received in the World media and businesses. In 2002 he became a founding member of SE (Security Encyclopaedia for Computer Anti-Virus Research). Over the years he maintained a reference library of software, books and almost everything that has been published in the computer security field.

    In 2003 he became a Penetration Tester . Since 2004 ALHaithem started giving seminars and workshops about security. He wrote the “Virus Article” for the Encyclopedia Security, . In March 2006 ALHaithem became a member AV . He has been working as Anti-Malware Technology Expert for the anti-virus industry .

    Since the beginning of 2007 he is working as Security for the security Expert . He is doing anti-malware and security research, consultancy, training and communication with press, distributors, resellers and endusers.ALHaithem often speaks at known security conferences like Virus Bulletin, EICAR, AVAR, InfoSec and others. He is also a recognized security media expert .

Join the conversation

Authors, please log in »


  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.