Downloading email messages from an account using an external email client and without deleting the messages from the server is not difficult, Botezatu said. "The most difficult part is actually the credential harvesting," he said.
It would have also been possible for GCHQ to perform real-time traffic sniffing on the network and read email messages as they were being accessed by the user, Botezatu said. Back in 2009, most webmail providers were only using SSL encryption for the initial authentication, not for the full session like many of them do today, he said.
Other secret documents reportedly seen by The Guardian described successful data interception efforts against BlackBerry smartphones that allowed GCHQ to provide advance copies of G20 briefings to U.K. ministers.
"Diplomatic targets from all nations have an MO of using smartphones. Exploited this use at the G20 meetings last year," one document said, according to The Guardian.
This could have either been done by sniffing Wi-Fi traffic originating from the phones or -- and this is less likely -- by obtaining the encryption keys from BlackBerry, formerly Research In Motion, Botezatu said.
According to an internal review, during the September 2009 meeting between the G20 finance ministers, GHCQ analysts were able to watch an automatically updated live graphic that was using telephone call records to show who was talking to whom at the conference, The Guardian said.
This report of GHCQ targeting foreign politicians at past high-level political meetings comes as political leaders from Canada, France, Germany, Italy, Japan, Russia, the U.S. and the U.K. meet for the 39th G8 summit in Enniskillen, Northern Ireland, starting Monday.