Image Image Image Image Image Image Image Image Image Image
Scroll to top

Top


PTI Alleges Government for Monitoring its Emails

By  | 05, Oct 2012 | 14 Comments

PTI PTI Alleges Government for Monitoring its EmailsPakistan Tehreek-e-Insaf, through a high ranking party member, has alleged the government of Pakistan for monitoring its emails that are hosted with Google using Google Apps, an email service offered by Google for businesses.

Dr. Awab Alvi, a senior member of PTI’s social media team, in a blogpost today, alleged the government (establishment division) for monitoring Pakistan’s cyber space to track political activities. Dr. Alvi’s allegations are based upon a message appearing in PTI’s email boxes that reads as following:

WARNING: We Believe State-Sponsored Attackers may be attempting to compromise your account or computer

Clicking on warning message takes users to a new URL where Google explains the methods of safeguarding email accounts.

hacked1 PTI Alleges Government for Monitoring its Emails

Awab Alvi confirmed that all PTI members are getting this hack-warnings despite 2-step verification, a process through which access to Google accounts is granted to authorized users after verification through SMS or phone call.

Google started warning its email users, largely to those residing in China, of such state-sponsored attacks in June this year. Google, on its official blog, had said:

We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorized. When we have specific intelligence—either directly from users or from our own monitoring efforts—we show clear warning signs and put in place extra roadblocks to thwart these bad actors.  We believe may be the target of state-sponsored attacks.

You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.

Internet experts had then criticized Google for not fully explaining the threat types and the way Google detects it. They questioned Google for troubling users without communicating a clear and complete message, especially when Eric Grosse, VP of security engineering, said that the alert doesn’t mean there has been an attack—just “that we believe you may be a target.”

Two security experts from Pakistan termed these allegations by PTI meaningless. They didn’t rule out the possibility of getting email accounts compromised (through state owned filters and monitors) but said it is very less likely for Pakistanis government, which is notorious for having very limited technological knowledge, to be able to decrypt Google emails.

It merits mentioning here that all Google emails use encryption to securely transport messages over internet. Reading these emails messages for a third-party (other than Google) requires decryption which is usually impossible. Having said this, it must be noted that decryption of any message is possible, which may require plentiful of efforts and skills.

Related Stories:

  • Sayeen

    Ok pardon my technical ignorance, but was that why Google services (specially related to android talk/gmail/playstore) were intermittent ever since youtube was blocked ? because it made no sense to me why Gov would do that ?

  • a pakistani

    Kash kay our government have such capitalises… i wish this could ever happen…..
    on the other hand google is sending this to people not specially Pakistanis one can read the full story over here on official google blog http://googleonlinesecurity.blogspot.co.uk/2012/06/security-warnings-for-suspected-state.html
    har banda yeahi bat kun karta hay kay us ko nashana bnjya ja rha hay… without knowing the technical things ..they just relate to any one…Our gov… is soo poor they might not know how to enable 2 factor authentication for their own personal accounts…

  • Asad

    Most probably a Backfire from Google in response to the blockage of youtube in Pakistan by this government & it’s advisors. Don’t know why we believe religiously on anything we are shown by Google & Wikileaks or survey reports from NGOs???

  • http://www.isharearena.com/ M.Aswad Mehtab

    Pakistanis government, which is notorious for having very limited technological knowledge, to be able to decrypt Google emails.

    They can hire hard core gurus to do this… And this is exactly they are doing.

  • Shahid Saleem

    The last paragraph is nonsense. All you need is an SSL certificate that browsers accept is for “mail.google.com” and other services, and then you can do a “man in the middle” ssl proxy attack.

    And getting that certificate is not impossible for governments. Anyone who is a certifying authority can generate one. Unless your browser KNOWS what the mail.google.com certificate should be, it will not reject the false certificate. If you use Chrome, you are very likely to be safe because it has the google and gmail certificate hashes built into the browser: http://www.imperialviolet.org/2011/05/04/pinning.html

    For a REAL WORLD EXAMPLE of how our neighbour in the west actually attempted & succeeded at this kind of attack, see:

    https://www.google.com/search?oq=iran+gmail+ssl

    But the people who did that attack had to fool or break into a certifying authority to generate the certificate. However, Etisalaat is also a CA, and can generate certificates claiming to be anyone. And we all know who owns PTCL…

    • Salman Abbas

      Excellent point with Etisalat as they have done shit like that before ( https://www.eff.org/deeplinks/2010/08/open-letter-verizon ) but given how much media attention internet censorship gets, they will get their privileges removed fast.

      Though IMO hacking a trusted CA or getting a trusted CA to issue you a certificate quite fits the definition “usually impossible” and he does say “decryption of any message is possible” later on.

      It should be noted that DigiNotar (the CA hacked by Iran) was promptly removed from Microsoft and Mozilla’s root certificates list and has gone bankrupt since then.

  • Shahid Saleem

    Second point: google may have detected ATTEMPTS to access their email addresses by some other method. That does not mean the attackers succeeded, but it does tell us that the PTI is being targetted by someone.

    Last point: after all this, you still want ISI to have a cyber cell?

    • Salman Abbas

      re Last Point: Yes. Osama had to go through so much trouble to send emails, could have been much easier for him if ISI had a cyber cell :P

  • MMMTheHacker

    “It merits mentioning here that all Google emails use encryption to securely transport messages over internet. Reading these emails messages for a third-party (other than Google) requires decryption which is usually impossible. Having said this, it must be noted that decryption of any message is possible, which may require plentiful of efforts and skills.”
    Common kid it’s easy to decrypt anything (for a hacker)

    • Salman Abbas

      Heh Aaamir is correct on that. It takes much more effort than what an average script kiddie like you thinks it does.

      • MMMTheHacker

        Buahahahahahahhah
        Disagreed!!!!!

        • Shahid Saleem

          Then why haven’t you decrypted my simple code?

    • Shahid Saleem

      Decrypt this: ZZZGurUnpxre_vf_n_zbeba

  • nestlepakistan

    this is not the PTI accounts only. even i got this warning in inbox as well. here is the explanation about this warning.

    http://techcrunch.com/2012/10/05/google-warns-thousands-of-users-about-potential-state-sponsored-cyber-attacks/