By Matthieu Aikins
He once was known as al-Jamil—the Handsome One—for his chiseled features and dark curls. But four decades as dictator had considerably dimmed the looks of Moammar Gadhafi. At 68, he now wore a face lined with deep folds, and his lips hung slack, crested with a sparse mustache. When he stepped from the shadows of his presidential palace to greet Ghaida al-Tawati, whom he had summoned that evening by sending one of his hulking female bodyguards to fetch her, it was the first time she had seen him without his trademark sunglasses; his eyes were hooded and rheumy. The dictator was dressed in a white Puma tracksuit and slippers. How tired and thin he looked in person, Tawati thought.
It was February 10, 2011, and Libya was in an uproar. Two months earlier, in neighboring Tunisia, a street vendor named Mohammed Bouazizi had set himself on fire after a policewoman beat him and confiscated his wares. It was the beginning of the Arab Spring, a series of uprisings, revolutions, and civil wars that would radically alter the politics of the Middle East. In Libya, opponents of the Gadhafi regime had called for a day of protest on February 17, to mark the anniversary of a 2006 protest in the city of Benghazi, where security forces had killed 11 demonstrators and wounded dozens more.
Tawati was one of the most outspoken dissidents blogging openly from inside Libya. Thirty-four years old, with a gravelly childlike voice and singsong laugh that belied her deep stubbornness, she had come to political consciousness during the mid-2000s, at a time when Gadhafi, seeking reconciliation with the West, had ceased using his most heavy-handed tactics of repression—such as outright massacres—and allowed a modicum of public dissent. During her university days, when the Internet had begun to ease the country’s isolation, Tawati took naturally to the roles of gadfly and outsider. Her parents had divorced when she was young; in Libya’s deeply conservative culture, growing up with a single mother made her a social outcast. The injustice she experienced as a child led her to critique the injustice of the dictatorial regime, particularly on women’s issues—for example, she blogged about a sexual abuse scandal at a home for unwed mothers institutionalized by the Gadhafi government. Over time she won a modest following online. As the planned protests of February 17 approached, Tawati, always prone to impassioned rhetoric, blogged that if Libyans failed to turn out for the demonstrations she would burn herself just as Bouazizi had done. Somehow Gadhafi himself had heard news of this threat and decided he needed to meet her.
Despite the dictator’s haggard appearance, his manner remained confident and effusive. When he wanted to be, Gadhafi was a legendary charmer, a man deeply at ease with ordinary Libyans. He shook Tawati’s hand and patted her shoulder paternally, directing her to sit next to him on the sofa. He asked her about her health, her family, where she was from. He asked her who had taught her to write. She told him about her demands for greater openness and accountability in Libya, taking care not to criticize him directly. He seemed sympathetic, nodding at various points. Finally she worked up the courage to ask him why the government had blocked YouTube several months earlier.
Gadhafi acted oblivious. “Is it switched off?” he asked.
She complained to him about the way that allies of his regime had treated her. Ever since she’d started blogging under her own name in 2007, Tawati had been harassed—and worse. “Ghaida al-Tawati, the goat of the Internet,” read one Facebook page her attackers created; a string of graphic sexual comments were posted underneath her photo. More bewildering, though, was the invasion of privacy: Somehow, emails of hers had been leaked onto the Internet, even displayed on state television, she told Gadhafi. She had been accused of working with foreign agents. Her reputation as a woman had been smeared.
“If you want to get married,” he interjected, “we’ll get you married to the best man.”
“I’m not interested in getting married,” she replied.
“So, have you made an appointment to burn yourself, then?” Gadhafi asked suddenly, a wry smile curling his lips.
Tawati said that she hadn’t—yet.
“What do you really want from me?” he asked with exasperation.
“You already know the reason why people are demonstrating,” she replied.
Gadhafi’s gaze settled on her for a moment. He asked her to come work for him. The two of them would solve these problems together, he said.
It was an odd show of vulnerability, this bid to co-opt her rather than threaten or crush her. This was the moment, Tawati would later say, that she realized the uprising would succeed. The old man didn’t understand just how committed she and other dissidents were to his downfall. In Libya, as in Egypt and elsewhere, the drive toward revolution drew much of its energy from young, educated activists like Tawati, for whom online tools served as an unprecedented means for communicating and rallying support.
But like Tawati, these activists would suffer greatly at the hands of Gadhafi’s spy service, whose own capabilities had been heightened by 21st-century technology. By now, it’s well known that the Arab Spring showed the promise of the Internet as a crucible for democratic activism. But, in the shadows, a second narrative unfolded, one that demonstrated the Internet’s equal potential for government surveillance and repression on a scale unimaginable with the old analog techniques of phone taps and informants. Today, with Gadhafi dead and a provisional government of former rebels in charge, we can begin to uncover the secret, high tech spying machine that helped the dictator and his regime cling to power.
The regime had been following Tawati online for years, and the harassment of her was mostly orchestrated by a group that came to be called the Electronic Army. According to former members, this loose organization was founded several years ago when Mutassim Gadhafi, one of the dictator’s playboy sons, had been enraged after videos of him attending a nude beach party on New Year’s Eve were posted online. Mutassim, who chaired Libya’s National Security Council, created a group of Internet users, some paid, some volunteer, to try to take down those videos and other anti-Gadhafi material posted online. They bombarded YouTube with flags for copyright infringement and inappropriate content; they waged a constant back-and-forth battle with critics of the regime, whom they would barrage with emails and offensive comments.
After all the cruelties she had endured as a child, Tawati could deal with the insults directed at her. But it stunned her when, in August 2010, some of her private email exchanges with other dissidents somehow got leaked to Hala Misrati, a notorious TV propagandist and one of the Electronic Army’s apparent leaders. How had her accounts been compromised, she wondered?
The answer, though she would not know it until after the regime fell, lay in a secret deal Gadhafi had made with a company called Amesys—a subsidiary of the French defense firm Bull SA—for technology that would allow his spy services to access all the data flowing through Libya’s Internet system. In a proposal to the regime dated November 11, 2006, Amesys (then called i2e Technologies) laid out the specifications for its comprehensive Homeland Security Program. It included encrypted communications systems, bugged cell phones (with sample phones included), and, at the plan’s heart, a proprietary system called Eagle for monitoring the country’s Internet traffic.
A related Amesys presentation explained the significance of Eagle to a government seeking to control activities inside its borders. Warning of an “increasing need of high-level intelligence in the constant struggle against criminals and terrorism,” the document touted Eagle’s ability to capture bulk Internet traffic passing through conventional, satellite, and mobile phone networks, and then to store that data in a filterable and searchable database. This database, in turn, could be integrated with other sources of intelligence, such as phone recordings, allowing security personnel to pick through audio and data from a given person all at once, in real time or by historical time stamp. In other words, instead of choosing targets and monitoring them, officials could simply sweep up everything, sort it by time and target, and then browse through it later at their leisure. The title of the presentation—”From Lawful to Massive Interception”—gestured at the vast difference between so-called lawful intercept (traditional law enforcement surveillance based on warrants for specific phone numbers or IP addresses) and what Amesys was offering.
In 2007, Philippe Vannier, former head of Amesys and current chief executive of Bull, reportedly met with Abdullah Senussi, Libya’s head of intelligence, in Tripoli. A deal was signed that year, and beginning in 2008 Amesys engineers and technicians, many of them former French military personnel, traveled to Libya to set up several data and monitoring centers for the country’s Internal Security service. According to engineers at Libyan Internet provider LTT, two high-bandwidth “mirrors” were installed—one on the country’s main fiber-optic trunk and one inside the DSL switchboard—to copy all Internet traffic and feed it into the Eagle system, which became operational in 2009.
One of the monitoring centers, known as HQ 2, was located on the ground floor of a tan six-story Internal Security building on Sikka Street in Tripoli. The dreaded structure was sometimes called the Heretics House, after the Counter-Heresy Office—Gadhafi’s squad charged with combating Islamists—which was based there. Inside, a sign on an interior door bore the logos of both Amesys and the Libyan government and warned: help keep our classified business secret. don’t discuss classified information out of the hq. Behind it, analysts sat at their terminals and used a web browser to log on to the Eagle system, where they would peruse their latest intercepts or search for new targets to monitor using keywords, phone numbers, or email and IP addresses. The system was capable of collecting email, chat and voice-over-IP conversations, file transfers, and even browsing histories from anyone who used broadband or dialup Internet in Libya. The analysts could call up social-network diagrams for the targets they were hunting, with the links between each suspect showing the frequency and type of communication. Emails of interest were labeled “follow-up” for the security services.
A filing room with shelves of pink folders held thousands of printed-out emails and chat logs, case files with fingerprints and photographs of the targets, and transcripts of phone intercepts faxed to the center. The email intercepts (which are marked “https://eagle/interceptions” at the top, indicating they were printed from the Eagle system) typically contain the IP addresses and port numbers, and sometimes even usernames and passwords. They list everything from mundane conversations about building maintenance to business deals to political discussions among dissidents—a vast catalog of private lives.
In one intercept, a dissident’s search history is described as being “sexual in nature.” In another, dated December 2010, a well-known dissident living in Tripoli, Jamal al-Hajji, writes to a central figure in the then-ongoing Tunisian revolution, Munsif al-Marzouqi, advising him on resistance tactics: “Demonstrations in front of the UN’s offices in French, British, German, and American capitals, in conjunction with hunger strikes, will strengthen the Tunisian street, scare the regime, and limit its assaults.” Later, on January 19, an unnamed woman writes to Hajji, saying, “The revolution will be here very soon, by the will of the people.” At the outbreak of demonstrations in Libya, Hajji would be arrested, tortured, and imprisoned in a tiny cell for seven months.
Ghaida al-Tawati had her email hacked and her Skype conversations recorded. Both were leaked to state television and broadcast to the nation.
Eagle was only one of the tools the regime used against its online opponents. Unaware of the system’s watchful gaze, Tawati assumed that her emails had started leaking because someone had gained access to her account. So in August 2010, she began chatting with a Libyan computer expert she had heard of, a man named Ahmed Gwaider. She asked if she could hire him to help her, and Gwaider agreed. Unfortunately for her, he was a hacker in the employ of Libya’s secret police.
Gwaider was thin and short, with a broad forehead and an awkward, cold demeanor. Self-taught, he had cut his teeth hacking into sites like Al Jazeera’s web forum, defacing their landing pages or stealing their domain names by transferring the registration. Afterward he would upload screenshots and boast about his exploits on hacker forums under his nom de guerre, Prohacker. As a result, he was one of the better known figures in Libya’s tiny hacker scene.
The attitude of most Libyan hackers toward the Gadhafi regime tended to be hostile or at best neutral. But somehow Gwaider got lured in. Rabia Ragoubi, a rebel sympathizer who befriended Gwaider when he joined a Linux users group that Ragoubi had founded, thinks that the money proved too strong a pull. At first, Ragoubi said, Gwaider was aiding the regime on a purely freelance basis. But by 2010 he had joined the government full-time, working out of a villa with a small team of hackers under his supervision. Despite their differences in politics, Ragoubi and Gwaider kept in touch, and the latter would boast of being above the law now that he worked for state security. “I’m more powerful than a minister,” he said.
Gwaider’s favored method, like that of Kevin Mitnick, the famous American hacker he admired, was “social engineering,” which meant tricking the victims into giving up access themselves. In Tawati’s case, all he had to do was send her a Word document infected with a Trojan, which installed malware on her computer when she opened it. At that point he had access to everything, including her Facebook account and her supposedly encrypted Skype conversations, which Gwaider siphoned off with malware that recorded all the audio on her machine. All of it eventually got posted to the Internet in an effort to smear her. The hacker even stole photos showing her without a head scarf—rather embarrassing in Libya’s conservative culture—and regime supporters then posted these to Facebook. Hala Misrati, the TV presenter who previously had broadcast some of her emails, now played audio from a Skype conversation she had with a foreign journalist, trumpeting it as proof of her collusion with outside forces. Tawati was devastated.
The skills of hackers like Gwaider were ideally suited to the more subtle forms of repression that the Gadhafi regime had come to favor. A faction led by Saif al-Islam Gadhafi, Moammar’s son and heir apparent, hoped to put a gentler face on the Libyan dictatorship, and that meant forgoing some of his father’s previous techniques—like killing or locking up peaceful dissidents—that might have made international investors squeamish. In the “Libya of tomorrow,” as Saif called it, a certain measure of dissent would be tolerated, at least officially. Of course, when certain lines were crossed, the state did not hesitate to use deadly violence. But for the most part the regime opted for less visible techniques like harassment and blackmail.
Even expatriate dissidents, who lived out of reach of the Eagle system, were targets of Gadhafi’s hackers. One such case concerned a Libyan who was studying in Scotland and blogging under the name Walid Sheikh. He was of particular concern to the regime because of his seemingly intimate knowledge of its inner circles. He often published details about embarrassing incidents that were not publicly known, such as the time Gadhafi’s son Mutassim struck another senior official during a dispute at the National Security Council. In real life, Walid Sheikh was a 36-year-old dental student named Ali Hamouda. An unlikely dissident, Hamouda was the scion of an important family in the southwestern city of Sebha; in fact, Hamouda hailed from the same tribe as Abdullah Senussi and had even attended the wedding of the security chief’s daughter. As such, Hamouda was well connected and seemingly had less to fear and more to gain from Gadhafi’s regime than most Libyans. His connections had gotten him a plum scholarship to a dental hospital in Dundee, Scotland. But studying overseas exposed him for the first time to the true history of the regime. Shaken by human rights abuses like the 1996 massacre at Abu Salim prison and by Gadhafi’s support for overseas terrorism, Hamouda began contributing to Libya al-Mostakbal, a website run by Hassan al-Amin, an exiled Libyan dissident living in London.
Hamouda was cautious in his communications with Amin. The two never met in person, and Hamouda corresponded with him only under the name Nabeel. One day, while in Scotland, Hamouda answered a call on the special phone number he kept solely for his political activities.
“Hello, Nabeel, what’s your student number?” a man asked him in Arabic. No one besides Hassan al-Amin should have known that name, let alone connected it to that phone number. He hung up and called Amin to tell him that one of their email accounts must have been hacked.
“Nabeel” had been compromised, but Hamouda felt confident that his true identity remained secure. In December 2010, after he had finished his degree and returned home to Sebha, he received a call from Senussi. This wasn’t necessarily suspicious in itself; the intelligence chief had gotten Hamouda’s phone number when the two met at his daughter’s wedding.
“Welcome back to Libya,” Senussi said. Hamouda thanked him. Senussi asked him to visit when he was in Tripoli.
“You’re so busy—tell me when I can have an appointment,” Hamouda said.
“How about tomorrow?” Senussi replied.
That night Hamouda stayed awake and pondered his options. He could try to hide, but then the punishment would fall on his family. He had to take responsibility for his actions. Besides, he wasn’t even sure that Senussi really knew about his rebellious activities—after all, how could he? Hamouda booked an early-morning flight for Tripoli. He had already called a friend in France and asked her to change the passwords to his email and Facebook accounts. Under no circumstances, he told her, should she reveal the passwords to him until he was out of Libya again.
Arriving in the capital, he had breakfast in a café and then showed up at Central Intelligence, where he was ushered in to see Senussi, who hugged him and congratulated him on his master’s degree. Hamouda was wary. The curly-haired intelligence chief was infamous for the way that his bland, friendly manner concealed a ruthless cunning and propensity for terrible violence. It was allegedly Senussi who had given the order to slaughter the prisoners at Abu Salim. He was absolutely loyal to the regime and to Gadhafi.
Where exactly did he study? Senussi asked. Which city had he lived in? Hamouda answered truthfully. What was his phone number and email address there? Now we are turning to the real business, Hamouda thought. An aide came in with some papers.
“Do you know Hassan al-Amin, that dog?” Senussi asked, taking two files and placing them on the table.
“Yes, I saw him on TV,” Hamouda replied slowly.
“Do you know him?” Senussi asked again, his tone sharpening.
Hamouda broke eye contact and glanced down at the table. At that moment, he noticed that each file had a different name. On one was his own. On the other was written “Walid Sheikh.” He felt his stomach clench.
“I contacted him—” Hamouda began, but Senussi cut him off, shouting furiously: “You are an agent of foreign enemies! You are a betrayer!” Something snapped in Hamouda. He stood up, the blood rushing to his face, and began to shout back. “I never swore an oath to Moammar!” Hearing the commotion, two guards burst into the room and grabbed Hamouda, dragging him out to the hallway. He was thrown in prison for two months, where he was interrogated repeatedly about his activities online. He was made to give up his email address and password, though due to his foresight they didn’t work, and his contacts were protected. He also confirmed his suspicion about how his identity had been compromised in the first place: From the IP address on his emails to Amin, the spies had traced him to the dental school at the University of Dundee. Only four Libyan students were on scholarships there; only Ali Hamouda fit the profile of Walid Sheikh.
Because of his family connections and the relative mildness of his offense, Hamouda was released on February 7, 10 days before the Libyan revolution exploded. When he was brought in to see the intelligence chief, Senussi was curt with him.
“There will be no February 17,” Senussi told him. “Go home.” Hamouda caught a flight back to Sebha that day.
On February 17, 2011, demonstrators filled the streets of Benghazi, in eastern Libya. The protests quickly turned violent when the regime attacked the crowds, and within days the armed uprising began. The city soon spiraled out of government control. On February 20, emboldened and outraged by the scenes of violence reaching them on satellite television and the Internet, residents of Tripoli came into the streets en masse to call for Gadhafi’s ouster. That night, the ostensible reformer Saif Gadhafi came on TV and warned that “rivers of blood” would flow. Then the crackdown started, and regime security forces fired on crowds of unarmed demonstrators. Over the following days, hundreds were killed as the army locked down the streets of the capital. The regime declared a general amnesty for common criminals and emptied the jails to make room for political prisoners. Dissidents like Tawati were rounded up—she was arrested and taken to Abu Salim. Others had it worse. Rabia Ragoubi, the Linux group founder, was betrayed by a friend for his rebel sympathies; he spent three days being beaten and tortured with electric prods, after which he was imprisoned for the remainder of the war.
By the beginning of March, the regime had shut off access to the Internet, rendering the Eagle system for the most part deaf. Now, as the battle seesawed between the regime and the rebels across Libya, the cyberwar would be directed outward, committed to the task of distributing pro-Gadhafi propaganda to the world and shutting down any attempts by rebels to send out their own message. A senior official at the country’s Internet provider, Mohammed Bayt al-Mal, was put in charge of expanding the Electronic Army, which grew to roughly 600 members in Tripoli alone.
Nadia (not her real name) volunteered for the Electronic Army to protect herself after her uncle was arrested for helping protestors during the demonstrations. A plump, dark-haired medical student, she submitted her ID papers and was accepted. After that, she would go in whenever she felt like it to work at a three-story electronics factory in a suburb of Tripoli that housed one of the three wartime offices of the Electronic Army. She and the other volunteers would sit at the 40 or so PCs in the office, making pro-Gadhafi images, posting propaganda videos, and creating dozens of fake accounts to leave comments online.
Or at least that’s what they were supposed to do; after a while Nadia realized that the whole thing was a bit of a joke. Many members of the Electronic Army, she soon learned, were there largely because it was the only way to get Internet access in Tripoli during the war. She did meet a handful of genuine supporters of the regime, whom she found obnoxious and tried to avoid. On the second floor of the building, off-limits to ordinary members, there was a team of hackers, and occasionally she talked to some of them during lunch. Mostly older than the Electronic Army members, they were getting paid to break into the email and instant messenger accounts of expat dissidents. Some of the hackers were foreigners. “Gadhafi doesn’t trust you Libyans,” one of them, a Palestinian, told her.
It was during the summer, as NATO bombs were falling on Tripoli, that she met Ahmed Gwaider—first on Facebook and then in person at an event that the regime had organized for refugees fleeing the fighting. Though she found him arrogant, they cultivated a friendship online, and he told her about his hacking exploits. She asked him about the dissidents who had been writing online before the war. “Ha ha, those who emerged inside the country?” he wrote back. “They were captured, and I know them all by name.”
Now all the targets were outside Libya. A website called Enough Gadaffi, which tried to aggregate whatever information could be gleaned from inside the country, was taken down by denial-of-service attacks and then had its domain name stolen. Regime hackers were also able to place malware on the computers of the rebel fighters themselves. According to a Western expert who worked with the rebels, the logistics team in the besieged city of Misrata experienced suspicious activity on its systems. One of its hard drives was found to contain several Trojans that were keylogging, exfiltrating data, and passing themselves on via chat software; this was disturbing news indeed, since the logistics team handled sensitive information on weapons imported from abroad.
Despite the Internet shutdown, it became clear that information was somehow getting out of Tripoli. At first the Electronic Army’s own members were suspected. One day, Nadia says, Asian technicians came through to install monitoring gear in the factory where they all worked. The watchers would have to be watched.
But soon it was evident that the culprits were at large in the city. A memo from External Security, one of Libya’s spy services, was sent out. “This is to inform you,” it began, “that there is a group of people within Tripoli who call themselves the Free Generation Movement. They commit vandalism against the police and are distributing flags from the king’s era. They have also done interviews with a number of journalists inside of Tripoli.” Worse, the group had somehow found a way to get videos of all this subversive activity onto the Internet. They needed to be stopped.
← (Mokhtar Mhani, one of the founders of the Free Generation Movement. During the war, when the regime had shut down the Internet, Mokhtar and his cousin Niz hacked one of the few connections out. Photo by Michael Christopher Brown)
Under the scorching May sun, Niz and Mokhtar Mhani wallowed in sweat as they wrestled a satellite dish into the back of their car. Everything had gone smoothly until now. The two young men, cousins with identical close-cropped haircuts, had picked a time when no one would be at the office. They had simply climbed up to the roof and unbolted the dish. Mokhtar was jumpy, paranoid, but Niz remained nonchalant; he even paused to shoot video of cars lined up for rationed gasoline down the street, until Mokhtar begged him to stop. It had been that way since they were kids, growing up together in Tripoli—Niz was always getting Mokhtar into trouble.
Now, as they tried to push the heavy dish into the car, they realized it wasn’t going to fit. The drivers lining up for gas all watched with increasing interest as the pair tried to figure out their next move. At any moment, one of Gadhafi’s patrols might drive by and catch them in the act. Just then, Mokhtar saw his coworker Tareq come out of the office. Passing by them, Tareq looked at them, startled, and his face darkened. “God help you,” he muttered, walking quickly past. Embarrassed, Mokhtar realized they’d been taken for looters—there were a lot of them in wartime Tripoli, as the social order broke down.
Niz and Mokhtar weren’t stealing the dish for themselves. They were two leaders of the Free Generation Movement, an underground group of roughly a dozen young activists, founded in the wake of February 17. They had hoped the revolution would succeed peacefully, but after witnessing the brutal crackdown in the streets, they had decided to show the world that Tripolitanians opposed the regime and supported NATO’s intervention. For that, they needed Internet access. In a stroke of luck, Mokhtar had been able to hack into the satellite Internet connection at his office, where he worked as a network administrator; by creating a secure VPN, he even set it up so that he and Niz could connect from home. When the satellite subscription ran out, they decided to steal the dish and set that up at home too, so there would be even less risk of discovery. A contact in Egypt could get them a new subscription, but first they needed to modify the dish.
Eventually they called a friend to bring a larger car and got the dish home without arrest. At first, they used it to upload videos of themselves and friends, staging quick mini-demonstrations in recognizable areas of the capital. Soon they were hanging huge rebel flags from well-trafficked overpasses downtown. Once, they even attacked a giant billboard of Gadhafi with a homemade incendiary device. Their videos went viral and were played on the rebel satellite TV channel. The group’s members were constantly interviewed by foreign journalists, and the Free Generation Movement became central to directing international press coverage about resistance in the capital. Thanks to that stolen dish, they had one of the few Internet links out of Libya.
So naturally the regime was hunting them. One day in July, a Libyan girl named Isra Rais started chatting with Mokhtar through his Free Generation account on Facebook. Her profile picture showed a comely brunette, and Mokhtar assumed that, since she had Internet access and was chatting in English, she must be an expatriate. Thanking him for his service to the country, she asked him to send her a photo. He demurred. Could she call him on his phone? she asked. Again, Mokhtar declined, citing the movement’s rules. She asked for his address. Sensing something was up, he gave her an obviously phony reply. The mask dropped, and “Isra” wrote: “You are a traitor. When we catch you we gonna kill you.”
By this point, the regime’s electronic warfare had become even more sophisticated. Cell phone and landline calls had long been monitored, but now the spies turned their attention to satellite phones. To avoid NATO air strikes, one team of Ukrainian mercenaries set up shop in a kindergarten, right around the corner from the intelligence headquarters; from there they snooped on sat-phone traffic using frequency scanners. Gadhafi had declared that anyone caught with a satellite phone could be sentenced to death.
In the end, though, it was likely a compromised email account that led Gadhafi’s forces to the house of Mokhtar’s parents. (Mokhtar believes the regime was monitoring the FGM’s private email address—email@example.com—and that someone slipped and used Mokhtar’s real name in an email.) His father and brother were arrested, and he and Niz barely escaped when they were warned by his sister. Fortunately they had already moved the pilfered dish to a nearby farm, but soon they had to go into hiding themselves. The Free Generation Movement went quiet.
It would be the final chapter in Gadhafi’s cyberwar. Around the country, the battle had turned in favor of the rebels, who were closing in on the capital. The noose was tightening around Tripoli.
At dusk on August 20, 2011, a tremendous cry rose up from the loudspeakers of the mosques of Tripoli: Allahu Akbar. God is great. After months of civil war, the rebel forces had besieged the capital. For the past few days, a rumor had spread through the city that the signal for the final assault would come from the mosques; now that call had arrived, resounding through the city streets. Deep in the festering cells of Ain Zara prison, Rabia Ragoubi, gaunt and filthy from seven months of imprisonment and abuse, raised his head and smiled. Not far from the walls of Gadhafi’s complex, Ghaida al-Tawati—herself recently released after three months in a different prison—watched as her brother and the men of their neighborhood unearthed a cache of AK-47s they had hidden in the old Christian cemetery. She climbed to the roof for a better view as her brother shouldered his rifle and ran off to join the battle in the presidential palace.
Over the next few days, all the important government sites fell into rebel hands. The prisons were liberated, the palace captured. (Gadhafi went into hiding, but death would find him two months later.) Even the intelligence centers, for so long black holes of terror, were forced to yield up their secrets. Later, researchers from Human Rights Watch and The Wall Street Journal obtained a massive cache of documents from their archives.
Wired reviewed many of these documents and conducted extensive interviews with dissidents and former regime officials to reveal the extent of Gadhafi’s spying on his people. Because the colonel, in his paranoia, liked to create multiple, rival agencies with overlapping capabilities, it’s difficult to get a comprehensive view of just how his surveillance empire was structured. There is, however, substantial documentary and eyewitness evidence of the involvement of a number of important multinational companies.
Amesys, with its Eagle system, was just one of Libya’s partners in repression. A South African firm called VASTech had set up a sophisticated monitoring center in Tripoli that snooped on all inbound and outbound international phone calls, gathering and storing 30 million to 40 million minutes of mobile and landline conversations each month. ZTE Corporation, a Chinese firm whose gear powered much of Libya’s cell phone infrastructure, is believed to have set up a parallel Internet monitoring system for External Security: Photos from the basement of a makeshift surveillance site, obtained from Human Rights Watch, show components of its ZXMT system, comparable to Eagle. American firms likely bear some blame, as well. On February 15, just prior to the revolution, regime officials reportedly met in Barcelona with officials from Narus, a Boeing subsidiary, to discuss Internet-filtering software. And the Human Rights Watch photos also clearly show a manual for a satellite phone monitoring system sold by a subsidiary of L-3 Communications, a defense conglomerate based in New York. (Amesys, VASTech, ZTE and Narus did not respond to multiple interview requests; L-3 declined to comment.)
It’s true that all these systems were sold to Gadhafi at a time when sanctions had been lifted and the regime was ostensibly collaborating with Western intelligence agencies. The export restrictions that limit the sale of arms to rogue nations do not currently cover this kind of surveillance gear, which is how some of it has turned up in countries like Syria and Myanmar, where Western weapons sales are forbidden. (A bill put before Congress this year, the Global Online Freedom Act, could end this disparity for American companies. Also, in April, President Obama issued an executive order that authorized visa bans and financial restrictions against foreigners—or foreign companies—that provide surveillance technology to Iran or Syria.) “Massive intercept” technology, like countless other innovations of the West’s military-industrial complex, has now become cheap, small, and simple enough to export as a commercial, off-the-shelf technology, for sale to any government that can cough up a few tens of millions of dollars. Today you can run an approximation of 1984 out of a couple of rooms filled with server racks. And that’s precisely what Libya’s spies did—and what dictatorships all around the world continue to do.
An uneasy peace now holds in Tripoli. Libyans are exuberant at having thrown off Gadhafi’s rule, but the government is barely functional, and a patchwork of militias holds the capital, sometimes breaking out into gun battles over turf boundaries. The city is full of strutting young men in mismatched uniforms, wielding weapons.
Niz has returned to Britain to work at a hospital, but Mokhtar and the Free Generation Movement are active in Libya’s fledgling civil society, where they’ve sponsored a campaign for disarmament, among other initiatives. Ragoubi is jobless for the moment, wracked by traumatic stress from his months in prison; the former programmer now makes a point of keeping an assault rife in his home. Tawati, meanwhile, carries on as a gadfly, attacking the corruption of the new government in her incautious way. (Sometimes she finds herself labeled a Gadhafi supporter, which entertains her quite a bit.)
As for Ahmed Gwaider, the state security hacker, he went to ground. Some of his peers had been arrested in Tripoli—including Hala Misrati, the TV presenter, who infamously brandished a pistol on television as the rebels closed in. But Gwaider has stayed out of trouble.
“Do you think I’m going to get caught, like Misrati?” he sneered at Nadia, the Electronic Army volunteer, when she called him.
A number of sources say that Gwaider, like many members of Gadhafi’s intelligence services, have been called back to work for the new government—as an IT manager in the intelligence service. Reached by phone in December, he admitted to being a proficient hacker and having worked for the former regime, but he declined to talk specifics.
“I’m not going to implicate myself,” he said. “Everything I did was for the country.”