• Sayeen

    Ok pardon my technical ignorance, but was that why Google services (specially related to android talk/gmail/playstore) were intermittent ever since youtube was blocked ? because it made no sense to me why Gov would do that ?

  • a pakistani

    Kash kay our government have such capitalises… i wish this could ever happen…..
    on the other hand google is sending this to people not specially Pakistanis one can read the full story over here on official google blog http://googleonlinesecurity.blogspot.co.uk/2012/06/security-warnings-for-suspected-state.html
    har banda yeahi bat kun karta hay kay us ko nashana bnjya ja rha hay… without knowing the technical things ..they just relate to any one…Our gov… is soo poor they might not know how to enable 2 factor authentication for their own personal accounts…

  • Asad

    Most probably a Backfire from Google in response to the blockage of youtube in Pakistan by this government & it’s advisors. Don’t know why we believe religiously on anything we are shown by Google & Wikileaks or survey reports from NGOs???

  • Pakistanis government, which is notorious for having very limited technological knowledge, to be able to decrypt Google emails.

    They can hire hard core gurus to do this… And this is exactly they are doing.

  • Shahid Saleem

    The last paragraph is nonsense. All you need is an SSL certificate that browsers accept is for “mail.google.com” and other services, and then you can do a “man in the middle” ssl proxy attack.

    And getting that certificate is not impossible for governments. Anyone who is a certifying authority can generate one. Unless your browser KNOWS what the mail.google.com certificate should be, it will not reject the false certificate. If you use Chrome, you are very likely to be safe because it has the google and gmail certificate hashes built into the browser: http://www.imperialviolet.org/2011/05/04/pinning.html

    For a REAL WORLD EXAMPLE of how our neighbour in the west actually attempted & succeeded at this kind of attack, see:


    But the people who did that attack had to fool or break into a certifying authority to generate the certificate. However, Etisalaat is also a CA, and can generate certificates claiming to be anyone. And we all know who owns PTCL…

    • Salman Abbas

      Excellent point with Etisalat as they have done shit like that before ( https://www.eff.org/deeplinks/2010/08/open-letter-verizon ) but given how much media attention internet censorship gets, they will get their privileges removed fast.

      Though IMO hacking a trusted CA or getting a trusted CA to issue you a certificate quite fits the definition “usually impossible” and he does say “decryption of any message is possible” later on.

      It should be noted that DigiNotar (the CA hacked by Iran) was promptly removed from Microsoft and Mozilla’s root certificates list and has gone bankrupt since then.

  • Shahid Saleem

    Second point: google may have detected ATTEMPTS to access their email addresses by some other method. That does not mean the attackers succeeded, but it does tell us that the PTI is being targetted by someone.

    Last point: after all this, you still want ISI to have a cyber cell?

    • Salman Abbas

      re Last Point: Yes. Osama had to go through so much trouble to send emails, could have been much easier for him if ISI had a cyber cell :P

  • MMMTheHacker

    “It merits mentioning here that all Google emails use encryption to securely transport messages over internet. Reading these emails messages for a third-party (other than Google) requires decryption which is usually impossible. Having said this, it must be noted that decryption of any message is possible, which may require plentiful of efforts and skills.”
    Common kid it’s easy to decrypt anything (for a hacker)

    • Salman Abbas

      Heh Aaamir is correct on that. It takes much more effort than what an average script kiddie like you thinks it does.

      • MMMTheHacker


        • Shahid Saleem

          Then why haven’t you decrypted my simple code?

    • Shahid Saleem

      Decrypt this: ZZZGurUnpxre_vf_n_zbeba

  • nestlepakistan

    this is not the PTI accounts only. even i got this warning in inbox as well. here is the explanation about this warning.