The Ethiopian Telecommunication Corporation, which happens to be the sole telecommunication service provider in Ethiopia, has deployed or begun testing Deep Packet Inspection (DPI) of all Internet traffic. We have previously analyzed the same kind of censorship in China, Iran, and Kazakhstan.

Reports show that Tor stopped working a week ago — even with bridges configured. Websites such as https://gmail.com/, https://facebook.com/, https://twitter.com/, and even https://torproject.org/ continue to work. The graphs below show the effects of this deployment of censorship based on Deep Packet Inspection:

An analysis of data collected by a volunteer shows that they are doing some sort of TLS fingerprinting. The TLS server hello, which is sent by the Tor bridge after the TLS client hello, never reaches the client. We don’t know exactly what they are fingerprinting on, but our guess is that it is either the client hello or the server hello. An illustration can be found in this network flow diagram.

https://blog.torproject.org/blog/ethiopia-introduces-deep-packet-inspection

In 2007, Philippe Vannier, former head of Amesys and current chief executive of Bull, reportedly met with Abdullah Senussi, Libya’s head of intelligence, in Tripoli. A deal was signed that year, and beginning in 2008 Amesys engineers and technicians, many of them former French military personnel, traveled to Libya to set up several data and monitoring centers for the country’s Internal Security service. According to engineers at Libyan Internet provider LTT, two high-bandwidth “mirrors” were installed—one on the country’s main fiber-optic trunk and one inside the DSL switchboard—to copy all Internet traffic and feed it into the Eagle system, which became operational in 2009.

One of the monitoring centers, known as HQ 2, was located on the ground floor of a tan six-story Internal Security building on Sikka Street in Tripoli. The dreaded structure was sometimes called the Heretics House, after the Counter-Heresy Office—Gadhafi’s squad charged with combating Islamists—which was based there. Inside, a sign on an interior door bore the logos of both Amesys and the Libyan government and warned: help keep our classified business secret. don’t discuss classified information out of the hq. Behind it, analysts sat at their terminals and used a web browser to log on to the Eagle system, where they would peruse their latest intercepts or search for new targets to monitor using keywords, phone numbers, or email and IP addresses. The system was capable of collecting email, chat and voice-over-IP conversations, file transfers, and even browsing histories from anyone who used broadband or dialup Internet in Libya. The analysts could call up social-network diagrams for the targets they were hunting, with the links between each suspect showing the frequency and type of communication. Emails of interest were labeled “follow-up” for the security services.

A filing room with shelves of pink folders held thousands of printed-out emails and chat logs, case files with fingerprints and photographs of the targets, and transcripts of phone intercepts faxed to the center. The email intercepts (which are marked “https://eagle/interceptions” at the top, indicating they were printed from the Eagle system) typically contain the IP addresses and port numbers, and sometimes even usernames and passwords. They list everything from mundane conversations about building maintenance to business deals to political discussions among dissidents—a vast catalog of private lives.

In one intercept, a dissident’s search history is described as being “sexual in nature.” In another, dated December 2010, a well-known dissident living in Tripoli, Jamal al-Hajji, writes to a central figure in the then-ongoing Tunisian revolution, Munsif al-Marzouqi, advising him on resistance tactics: “Demonstrations in front of the UN’s offices in French, British, German, and American capitals, in conjunction with hunger strikes, will strengthen the Tunisian street, scare the regime, and limit its assaults.” Later, on January 19, an unnamed woman writes to Hajji, saying, “The revolution will be here very soon, by the will of the people.” At the outbreak of demonstrations in Libya, Hajji would be arrested, tortured, and imprisoned in a tiny cell for seven months.

Amesys, with its Eagle system, was just one of Libya’s partners in repression. A South African firm called VASTech had set up a sophisticated monitoring center in Tripoli that snooped on all inbound and outbound international phone calls, gathering and storing 30 million to 40 million minutes of mobile and landline conversations each month. ZTE Corporation, a Chinese firm whose gear powered much of Libya’s cell phone infrastructure, is believed to have set up a parallel Internet monitoring system for External Security: Photos from the basement of a makeshift surveillance site, obtained from Human Rights Watch, show components of its ZXMT system, comparable to Eagle. American firms likely bear some blame, as well. On February 15, just prior to the revolution, regime officials reportedly met in Barcelona with officials from Narus, a Boeing subsidiary, to discuss Internet-filtering software. And the Human Rights Watch photos also clearly show a manual for a satellite phone monitoring system sold by a subsidiary of L-3 Communications, a defense conglomerate based in New York. (Amesys, VASTech, ZTE and Narus did not respond to multiple interview requests; L-3 declined to comment.)

Much more:
http://www.wired.com/threatlevel/2012/05/ff_libya/all/1