South African Spy Company Used by Gadaffi Touts its NSA-Like Capabilities

The South African company best known for selling Muammar Gaddafi’s regime spy equipment is now claiming it can intercept communications on a scale that rivals a government spy agency.

August 31- Tripoli, Libya: Libya's intelligence headquarters, headed by Abdullah Senussi, one of Gadhafi's most trusted aides (EDU BAYER/POLARIS) (Newscom TagID: polphotos009870.jpg) [Photo via Newscom]
On the ground floor of a six-story building here, agents working for Moammar Gadhafi sat in an open room, spying on emails and chat messages with the help of technology Libya acquired from the West. The recently abandoned room is lined with posters and English-language training manuals stamped with the name Amesys, a unit of French technology firm Bull SA, which installed the monitoring center. A warning by the door bears the Amesys logo. The sign reads: "Help keep our classified business secret. Don't discuss classified information out of the HQ." Photo: Edu Bayer/Polaris/Newscom

The South African company best known for selling Muammar Gaddafi’s regime spy equipment used to monitor millions of Libyans’ international phone calls is now claiming it can intercept communications on a scale that rivals a government spy agency, according to a company brochure obtained by The Intercept.

In a 2016 pamphlet produced by VASTech SA Pty Ltd., the company outlines its current capabilities for governments, militaries, and law enforcement agencies around the world, claiming it can conduct “passive detection” of communications transmitted from satellites, fix-and-mobile phones, and fiber optic cable.

The company is offering multiple tools to vacuum up communications from around the globe undetected, or what the company calls “communication intelligence extraction solutions” — a capability not unlike the U.S. National Security Agency’s PRISM program.

The new brochure “shows the company has continued its established route of selling very powerful surveillance technology focusing on international gateways,” says Matthew Rice, an advocacy officer at Privacy International, a U.K based nonprofit. “They’re commercializing some of the most intrusive capabilities and selling them on for profit, including to authoritarian regimes. Some of these companies, such as VasTech and Hacking Team, are even funded in part by public money.”

VASTech, founded in 1999 in Stellenbosch, South Africa, was a small tech startup, and gradually expanded globally — particularly after the September 11 attacks. The company’s technology eventually “caught the eye not only [of] potential customers, but also the government of South Africa,” according to an article in Surveillance Insider, a trade publication. “In a foreshadowing of CIA funding would [that] later kick-start Palantir, the government of South Africa began pouring funds into further VASTech development.”

VASTech’s founder focused on “developing countries that were hungry for advanced surveillance technology” rather than compete with more established international powers. One of those countries, the Wall Street Journal reported in 2011, was Gadaffi’s brutal regime.

Since its Libya operation was exposed, the company has flown relatively low on the radar. Yet it now claims to have a “global presence,” with offices in Dubai and Switzerland. It offers “current solutions” in “the Middle East, Europe, Africa, Asia, and the Americas” for “protecting sovereign interests,” according to the 2016 pamphlet.

Previous knowledge of the company’s capabilities — to intercept and record international phone calls, texts, social media messages, and more — comes primarily from The Wall Street Journal, older brochures and slideshows published by Wikileaks, and research done by nonprofit and academic organizations.

A 2011 brochure from VASTech published by Wikileaks revealed some of the specific products the company sells, like the Zebra, used for intercepting voice, fax, and text messages, and the Badger, which can monitor social media. The brochure says the tools are for “prevention of major crime and terrorism.”

“Without clear legal safeguards to limit surveillance in several countries around the world, we have a gray area that makes it easy for governments to use surveillance technology against their citizens — including the most vulnerable, such as dissidents, activists, and members of marginalized communities,” Amie Stepanovich, U.S. policy manager for digital rights group Access Now, wrote in an email to The Intercept. “These technologies are effective because our communications tools operate over insecure infrastructure.”

The company also makes an appearance in the trove of emails belonging to Hacking Team, the controversial Italian surveillance software company. VASTech visited Hacking Team representatives in Milan in 2015, where the vice president of business development hoped to “explore together how Vastech can help us with your local customers.” Following the meeting, Hacking Team discussed ways to provide hacking tools to VASTech to facilitate its passive intercept capabilities.

The new 2016 brochure specifically extends those capabilities to the large number of different types of data now readily available on average cellphones.

VASTech’s tools are capable of intercepting and mining calls, chats, emails, files, geolocation data, and more — neatly depicted in a graphic at the bottom of the pamphlet. VASTech markets three systems to intercept communications: “PORTEVIA,” which gathers information straight from the fiber cables of the Internet, “STRATA,” which monitors mobile devices, and “GALAXIA,” which collects communications from satellites.

The company boasts a repository of millions of phone calls and texts, stored for several years. “Innovative storage and retrieval design provide the ability to go back in time to investigate relationships, listen to calls and see communications content, including activities of previously unidentified individuals,” the 2016 reads.

These capabilities are a one-stop-shop for surveillance, “used in the fight against cross-border and international crime,” according to the company’s website.

The company has kept a low public profile, though company representatives gave two talks about surveillance over fiber and satellite networks and data analytics in Washington, D.C., in September — at a trade conference for government and law enforcement officials.

Privacy International, has pressed the South African government to stop funding the company, knowing its technology was used for mass surveillance — but the government has mostly brushed off those questions.

The company’s brochure says it sells products to “law enforcement” and “to national governments not under any sanctions.”

The company did not respond to a request for comment from The Intercept.

Top photo: Binders line the walls of a room in a surveillance center in Tripoli, Libya, photographed on Aug. 30, 2011. The center was filled with technology purchased from Western surveillance companies; though the center was built by several companies, the Wall Street Journal reported in 2011 that technology used for the surveillance of thousands of Libyan international phone calls was provided by the South African company VASTech while former president Muammar Gadaffi was in power.

Join The Conversation