Is it possible to intercept GMails?

F

FunnyWan

Active Member
Joined
Sep 22, 2005
Messages
81
Reaction score
0
Location
JHB, S.A.
Is it technically possible/feasable to intercept Gmails?:confused:

The reason I ask is that there have been rumours at my company (small company BTW) that management have the capability (if they wanted to do it) to intercept/read our Gmails.

Never mind that this would be a total invasion of privacy but we have all been debating at work whether this is possible or not, etc. so i thought i would try to settle it once and for all - with your help of course.:D

So...

1) Is this even possible?

2) If it is, how easy/difficult would it be to do (i.e. would it require major resources and infrastructure, etc.) ?

3) What would the technical limitations of this be?

e.g. Would they need packet sniffers? Would they need tons of hard drive space to store all internet traffic etc.? Would someone have to physically be intercepting the traffic in real-time as it is being sent/received?

Please help to finalise the Gmail interception debate - you will receive nothing for your input but hey, at least it's friday today. :D

Thanks.
 
If they can monitor the network then it would be possible. It might not be that easy though. Make sure you use a secure connection ( https://gmail.com ) to make it really difficult. The easiest would probably be to get your password when you log in, or look at you cookies when you don't sign out or have 'remember me' checked.
This firefox plugin makes gmail switch to a secure connection (as well as a few other useful things)
http://www.customizegoogle.com/

I don't think you have anything to worry about though. They will have to be pretty determined to do it and it is probably not worth the effort. Also remember that any password can be guessed if it is simple enough. So if you are really paranoid - change your password often and use a lot of different letters/numbers.
 
Last edited:
Yes it is possible to intercept emails or any http traffic.

The key to prevent this is too always use https.
If you are using Outlook or Thunderbird, you can also use a secure SMTP and POP server so that they can't intercept.


EDIT: $#$# sparlehorse - you beat me too it. :)
 
sparklehorse said:
Make sure you use a secure connection ( https://gmail.com ) to make it really difficult.
Click to expand...

My firefox automatically switches Gmail over to https.
EDIT: During login only. Then it switches back to normal http. Grr.

If you're retrieving Gmail into your local email client - it uses encryption, so they wouldn't be able to read it, but if you're accessing the web interface on normal http, then yes, it's possible that they can read it.
 
Last edited:
ic said:
AFAIK, that only protects your GMail username & password, i.e. your authentication data, it does not mean that every email downloaded via pop3 or sent via smtp, will be encrypted - it should be easy to intercept & read the emails, but not to get hold of the person's password for their GMail account...
Click to expand...

No, it uses TLS/SSL for the entire transaction, so everything is encrypted.
 
Xenophon said:
don't know the difference between gmail and email, but I know it is illegal.:p
Click to expand...
No its not. The machines, network and everything on it belongs to the company. You have no privacy there and are open to inspection at any time. In fact some companies consider it theft if you use their equipment and time to access private email.
 
why would they bother to intercept gmail to see what is and isnt going on...this takes time....surely they could just block gmail at the proxy? much easier, less time spent...

I know that is how they do it at my work...any form of free webmail (gmail, hotmail, yahoo et al) is just simply blocked, period. There is no reason why anybody would need access to free personal webmail at work. Company resources are meant to be used for company business.

(p.s. I dont actually agree with it, but I 100% see their point, so abide by the rules=still have a job)
 
Something I would like to add so that you guys can understand more of where i'm coming from with this thread:

The management at my company are literally insane and live in a dream world.:eek:

They would purely want to read our Gmails because (a) They go through employees like toilet paper and prefer to control, dictate and slave-drive rather than address the issues at hand; (b) They have no ethics, are absolutely paranoid, love playing big brother and creating unnecessary drama; and (c) They have nothing better to do.

That is why we would like to know how possible and/or difficult/easy it is to intercept our Gmails. :confused:

If you're not sure what i'm going on about then please re-read my first post in this thread.
 
Last edited:
I would say, if you go via any caching proxy, this would be very possible with some knowledge.

Being on a company network, im sure your going via some sort of proxy setup, so ya, in theory, they can easily do this.
 
werner said:
why would they bother to intercept gmail to see what is and isnt going on...this takes time....surely they could just block gmail at the proxy? much easier, less time spent...
Click to expand...
AFAIK proxy blocking will only work for http, not https (at least that's what happens on our office network. They have DansGuardian filtering gmail and all other http webmail traffic, but https works fine (different port, encrypted..?)

-A
 
First off, thanks to everyone for their responses. Much appreciated.

Clipse said:
I would say, if you go via any caching proxy, this would be very possible with some knowledge.

Being on a company network, im sure your going via some sort of proxy setup, so ya, in theory, they can easily do this.
Click to expand...

Granted, this is possible.

But now that we know that, the questions are a) How easy is it to do? I know you're saying it's easy but how easy? and

b) What kind of resources are we talking here? Do they need terabytes of HDD space to capture all traffic? Would they need expensive tools? Would someone need to physically sit there capturing the data as it is sent?

Essentailly, what would the limitations from their perspective be?
 
That will depend on how many users there are and how much data they transfer. But to keep the data from a caching proxy wont be difficult and you certainly won't need terabytes. A 80GB harddrive can hold almost 3 months worth of data on a 30GB cap ;)

The software is also widely available. Everything can be automaticly saved so you don't have to physically sit there, except if you want to monitor whatever's happening.

But all this cached data is useless if it is encrypted. I doubt they have the resources or the time to crack SSL/TLS. Read more about it here: http://en.wikipedia.org/wiki/Secure_Sockets_Layer
 
Last edited:
This kind of crap makes me highly die moer-in. @FunnyWan: tell your management that resources would be better spent on training staff in pursuit of organisational objectives, whatever they might be - will result in improved productivity, higher profit, increased loyalty, etc. Unacceptable use of infrastructure will automatically drop, and management can then pat themselves on the back. Deployment of infrastructure not designed to positively promote organisational imperatives is strategically misplaced. Sounds to me like your management need to go back to business school.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X