News Source: BBC
Writer: Secundar Kermani
Afghan diplomats in Pakistan have been warned they are believed to be victims of “government-backed” digital attacks trying to steal their email passwords.
Afghan embassy sources told the BBC two staff members and a generic account received alerts from Google this month.
Last week Amnesty International detailed attempts to install malware on computers and phones of activists critical of Pakistan’s military.
The army did not comment on allegations intelligence services were to blame.
After the Google warning alerts were sent out, another Afghan diplomat’s email account was hacked and made to send out emails, without his knowledge, containing suspicious attachments.
The emails purported to contain photographs of rallies by protesters known as the Pashtun Protection Movement (PTM). In fact the attachments appear to contain malicious files, although it was not possible to download and examine them.
The PTM movement has accused the Pakistani military of committing human rights abuses in the country’s fight against terrorism. Protests have been non-violent but controversial due to their unusually direct criticism of the Pakistani intelligence services.
Why were the emails sent?
Supporters of the Pakistani military have accused the PTM of working on behalf of the Afghan intelligence services – the two countries regularly accuse each other of working to undermine the other’s security.
A source in the Afghan embassy told the BBC he was concerned that recipients of the emails sent out from the diplomat’s account could believe the Afghan embassy was linked to the movement.
The email was sent to addresses publicly linked to a number of political figures in Pakistan. They include a former information minister, and a former law minister.
It was also sent to a former senator from a Pashtun nationalist party, Bushra Gohar. Ms Gohar told the BBC: “I know for a fact that all my accounts are being observed… this is condemnable.”
She added: “Parliament needs to form a committee and look into what is going on.”
Have there been other cyber-attacks?
An employee of the Afghan embassy and a former member of staff were also both targeted by a fake Facebook profile linked to cyber-attacks.
A report by Amnesty International released last week revealed that the profile, “Sana Halimi”, had repeatedly sent malware to a human rights activist in Lahore.
One of the Afghan embassy staff members befriended by “Sana Halimi” told colleagues “she” had engaged him in conversation pretending to be an Afghan woman from the city of Herat.
The Facebook account also befriended a number of other human rights activists. One told the BBC it had messaged him in a “flirtatious” manner.
In a report released last week, mobile security company Lookout documented “Sana Halimi” sending out malware via Facebook Messenger on at least two occasions.
The incidents form part of an investigation they carried out into the successful hacking of devices by a team they describe as “likely” being run by the Pakistani military. Their report examined around 30GB of stolen data, a significant part of which appeared to have been taken from Afghan officials.
Who was ‘Sana Halimi’?
The BBC has learnt that the pictures of “Sana Halimi” were in fact stolen from the social media accounts of a 21-year-old chef in Lahore called Salwa Gardezi with no connection to Afghanistan.
Ms Gardezi is a close relative of a prominent political commentator, Ayesha Siddiqa, known for her work critiquing the Pakistani military. It is not clear if her photographs were used because of this connection.
Ms Gardezi said she had only realised her pictures had been copied from her Facebook and Instagram accounts after a BBC article on the malware attacks last week. She told the BBC it was “shocking” her images had been used in this way, and that she had “no connection” to political work at all.
She added that she is planning to lodge a complaint with Pakistan’s Federal Investigations Agency as she is concerned she could wrongly be mistaken as being linked to the cyber attackers.
“I want to clear my image,” she said.