Surveillance: Qosmos, a French enterprise specialized in interception probes, fueled Bachar El-Assad’s massacres

News websites Mediapart and Reflets.info joined efforts for an inquiry in three parts on Qosmos, a French society specialized in mass surveillance technology. Qosmos is under judiciary investigation for «complicity in torture». Qosmos is suspected of having participated in 2011 to a global surveillance project of the Syrian web.

Syria's President Bashar al-Assad answers journalists after a meeting at the Élysée Palace in Paris

Bloomberg’s initial revelation

In 2011, Bloomberg revealed that Qosmos, one of the French leader of deep-packet inspection technologies, was working as a subcontractor for the German firm Utimaco, itself a subcontractor for the Italian Area Spa. Area Spa delivered to Bachar El-Assad a global surveillance system of its population. The branding of Qosmos began to seriously suffer, given that the revolution began nine months earlier and already did 3000 deads.

French people discovered that France had not only supported the Lybian dictatorship but also the Syrian one. Selling willingly mass surveillance technologies is not the most reputable action. Those tools can be used to spy on all mail exchanges, real-time discussions and browsing activities. Alas France takes to often the lead in that sector.

To counter the effects of this publication, Qosmos announced its withdrawals from the project and declared having «non-operational» hardware on site.

In July 2012, human rights associations LDH and FIDH wrote a letter to the Prosecutor General of France and asked for an investigation against Qosmos. After two years of work, the vice-prosecutor, Aurélie Devos, just decided at the beginning of April to open an investigation for «complicity in torture». Judges will have to clarify the following points:

We shall see if Qosmos’ position will stand during the investigation of three instruction judges of the section «Crimes and genocides» at the request of plaintiffs LDH and FIDH (Human Rights League and International Federation of Human Rights).

Anyhow, Qosmos’s products were developed thanks to its contract with Utimaco and it has been proved that similar probes provided by another French firm, Amesys, which contracted with Kadhafi, were used just a short timespan before to torture in Lybia.

Mediapart and Reflets.info can confirm that Qosmos’ tools were installed in Syria and could easily be used by Syrian authorities, even if Qosmos officially stopped business. Qosmos continued to work with Utimaco until 2012 on projects officially unrelated to Syria. Utimaco had access to newest versions of Qosmos’ software and could very well better the product itself.

Besides, it is very unlikely that French authorities were not informed of Qosmos’ activities, given that its business is classified and are therefore closely followed by French security services.

What DPI is, and how French secret services use it

Qosmos denies naturally all allegations. The society signed a contract with Utimaco in 2009, when it was becoming a world reference in its specialty field, the development of monitoring probes. Those probes can be plugged inside a network and unpack communications in real time so that their content can be redirected to giant databases. Security agencies staff can thereafter search these databases for relevant informations or identify suspect behaviors. A mail address is often enough to reconstruct a whole relations tree and the centers of interest of each of its node.

In a dictatorship, deep-packet inspection is hence the ideal tool to monitor the population and target real or potential opponents. This is the obvious reason why the section «Crimes and genocides» of the Prosecutor-General offices is becoming interested in the market of DPI probes. In fact, because of constitutional safeguards, no democratic state should ever need such surveillance tools and Qosmos should be well aware of that fact.

A explanatory schema by Qosmos

Meanwhile, Qosmos continues to defend that it sells only secondary bricks for an efficient DPI system. Their probes could be used at the scale of a country or inside routers to simply prioritize traffic. Prioritizing traffic means allowing certain communication to flow quicker than others. For example, peer-to-peer or encrypted traffic can be slowed down purposely. Qosmos claims being only a «brick provider» and mostly a subcontractor.

It remains that Qosmos can not ignore the final use of its products. Technical constraints on «audience measuring» and global surveillance tools are not the same ones. Knowing that Bachar El-Assad wants to have the possibility of unpacking in real time of its citizens communications should have rung a bell for Qosmos CEO Thibaut Bechetoille. This is particularly true in the Syrian case where the network architecture is deliberately centralized. The government ISP, STE, controls all other providers’ connectivity. That precise ISP was the final client of the so-called Asfador project.

In France, Qosmos is not at all the only one enterprise doing such dirty business. In 2009, SOFRECOM, an Orange subsidiary also helped Bachar El-Assad to «modernize» its network. SOFRECOM is one of those enterprises specialized in authoritarian states. Congo, Vietnam, Thaïland, Syria, Mauritania, Ivory Coast, Tchad, Marocco or the former Tunisia are its clients. Orange is the historical ISP of France. 20 years ago it possessed a legal monopoly on all telco activities in France. Orange maintains close links to France government. Therefore it is not surprising to see this enterprise on all unstable territories where France has vested interests.

Given the frequency of those questionable partnerships (Lybia/Amesys, Syria/Qosmos, Birmanie/Alcatel), it seems clear that they are pushed at the highest level for intelligence reasons and probably with the support of other military powers.

Qosmos’ defence and judiciary procedure

Thibaut Bechetoille, PDG de Qosmos © extrait d’une vidéo de Tivipro.tv Thibault Bechetoille answered in November 2011 to Bloomberg that, given the changes of political circumstances, his society decided to stop the Asfador project, seven months after the beginning of the Syrian revolution:

It was not right to keep supporting this regime. The company’s board decided about four weeks ago to exit and is still figuring out how to unwind its involvement.

His head of marketing, Erik Larsson, added:

The company’s deep-packet inspection probes can peer into e-mail and reconstruct everything that happens on an Internet user’s screen. The mechanics of pulling out of this, technically and contractually, are complicated.

Utimaco confirmed in 2013 Qosmos’ version, adding that no working probes had been delivered. Yet, since no contract was signed with Syria directly by Qosmos, there is no proof of this canceling. Also the probes, be it in a usable state or not, had been delivered during the summer, that is several months after the beginning of the uprising. At least 5 to 10 servers that were capable of collecting informations were installed in the country.

An internal memo dated September 8 that we could consult teaches us that the Asfador project was in its «phase 2». According to the document, this is a validation phase. The client and the provider must test together the newly installed equipment. Thus in November we were apparently far from «non-working probes».

The internal memo dated September 8

According to an engineer of Qosmos:

For me, the project was not operational because we could not correctly handle such flow-rates. Between what we claim to be able to do when we respond to a tender and the reality, there is sometimes a difference.

Also, the full program had apparently not be deployed in December as it should have been. Some memos point to a delivery of probes to capture GSM and Voice-over-IP communications on December 29. Other refer to a staff formation on technical aspects of related protocols, MSRP and GTP, that should have occurred in May 2012.

Another internal listing

For other employees, the project could have been at least partly operational if updates were applied. Since, according to our documents, Utimaco officially continued its contract until the end of 2012 and Qosmos continued to deliver its products to Utimaco until at least June 2012, it is likely that Asfador did become partly operational.

In the case in which Asfador was really nonoperational, it remains intriguing that, nine months after the delivery of the hardware, Qosmos continued to provide information asked for by the STE on the configuration of this hardware.

There is the possibility that Qosmos and Utimaco had other common projects in Canada or Australia, as suggested by Qosmos’ managers. But none of the former employees that we could interview could confirm it. One of them even stated:

For me, these two projects have always been linked. I never could make the difference between them.

It is really difficult for Qosmos to deny its knowledge of the future use of their probes. First they were intentionally designed to massively intercept communications, second it was reported by journalist Jean-Marc Manach that an engineer went to Damascus in January 2011 to evaluate the needs of the Syrian government.

This engineer, who should be Sébastien Synold, could not ignore to what use his products would be put. Neither could the CEO Thibault Bechetoille. As already stated, mass scale surveillance and audience measures do not require the same tools, even if both use a sort of DPI. Finally, internal documents of Qosmos contain the sign «LI» for «Lawful Interception».

When Mediapart and Reflets contacted Qosmos to answer the doubts that we raised, the enterprise categorically refused to defend itself any further and stood on its version, that is that its probes have never been operational in Syria. Qosmos also added having filed a claim for false allegations against the two human rights associations LDH and FIDH.

Meanwhile, vice-prosecutor Aurélia Devos, who studied for two years all elements brought forward by the FIDH and LDH, decided to open an investigation. It is now up to the three instruction judges that have been charged with the file to decide if Qosmos is to be sentenced for «complicity in torture».

Commentaires !

Vous pouvez discuter en temps réel dans le webchat ou en pointant votre logiciel jabber sur polnetz@conference.sploing.be.

Vous pouvez aussi me contacter par mail à netz@sploing.be.

Mais surtout, contribuez !

Pourboire et parrainage

Pourboire

Sploing ! Bécassine wants your money

Bécassine vous propose de me donner quelques sous pour le temps et l'argent investi dans la rédaction de l'article que vous avez lu et la maintenance du blog aux adresses suivantes.

Pour chaque don je vous embrasse virtuellement et vous envoie un petit mot doux.

Si vous ne savez pas ce que sont des bitcoins, voici une foire aux questions et une présentation des logiciels disponibles.

Parrainage

Pour 0,02 BTC=1LTC=10000DOGE

Vous pouvez parrainer cet article ou un article déjà existant.

Pour 0,04BTC=2LTC=20000DOGE

Vous pouvez me demander de traduire un article dont vous serez automatiquement parrain. Envoyez-moi un mail à netz@sploing.be pour les détails.