Connect with us

Tech

It Seemed Like a Popular App. But It’s Secretly an Emirati Spy Tool – News18

Published

 on


Washington: It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.

But the service, ToTok, is actually a spying tool, according to US officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the US last week, according to app rankings and App Annie, a research firm.

ToTok amounts to the latest escalation in a digital arms race among wealthy authoritarian governments, interviews with current and former US foreign officials and a forensic investigation showed. The governments are pursuing more effective and convenient methods to spy on foreign adversaries, criminal and terrorist networks, journalists and critics — efforts that have ensnared people all over the world in their surveillance nets.

Persian Gulf nations like Saudi Arabia, the Emirates and Qatar previously turned to private firms — including Israeli and U.S. contractors — to hack rivals and, increasingly, their own citizens. The development of ToTok, experts said, showed that the governments can cut out the intermediary to spy directly on their targets, who voluntarily, if unwittingly, hand over their information.

A technical analysis and interviews with computer security experts showed that the firm behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm where Emirati intelligence officials, former National Security Agency employees and former Israeli military intelligence operatives work. DarkMatter is under FBI investigation, according to former employees and law enforcement officials, for possible cybercrimes. The U.S. intelligence assessment and the technical analysis also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm that appears to be tied to DarkMatter.

Pax AI’s headquarters operate from the same Abu Dhabi building as the Emirates’ signals intelligence agency, which until recently was where DarkMatter was based.

The UAE is one of America’s closest allies in the Middle East, seen by the Trump administration as a bulwark against Iran and a close counterterrorism partner. Its ruling family promotes the country as an example of a modern, moderate Arab nation, but it has also been at the forefront of using surveillance technology to crack down on internal dissent — including hacking Western journalists, emptying the banking accounts of critics, and holding human rights activists in prolonged solitary confinement over Facebook posts.

The government blocks specific functions of apps like WhatsApp and Skype, a reality that has made ToTok particularly appealing in the country. Huawei, the Chinese telecom giant, recently promoted ToTok in advertisements.

Spokesmen for the CIA and the Emirati government declined to comment. Calls to a phone number for Breej Holding rang unanswered, and Pax employees did not respond to emails and messages. An FBI spokeswoman said that “while the FBI does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose.”

When The Times initially contacted Apple and Google representatives with questions about ToTok’s connection to the Emirati government, they said they would investigate. On Thursday, Google removed the app from its Play store after determining ToTok violated unspecified policies. Apple removed ToTok from its App Store on Friday and was still researching the app, a spokesman said. ToTok users who already downloaded the app will still be able to use it until they remove it from their phones.

It was unclear when U.S. intelligence services first determined that ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that U.S. officials have warned some allies about its dangers. It is not clear whether U.S. officials have confronted their counterparts in the Emirati government about the app. One digital security expert in the Middle East, speaking on the condition of anonymity to discuss powerful hacking tools, said that senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.

ToTok appears to have been relatively easy to develop, according to a forensic analysis performed for The Times by Patrick Wardle, a former NSA hacker who works as a private security researcher. It appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences.

ToTok is a cleverly designed tool for mass surveillance, according to the technical analysis and interviews, in that it functions much like the myriad other Apple and Android apps that track users’ location and contacts.

On the surface, ToTok tracks users’ location by offering an accurate weather forecast. It hunts for new contacts any time a user opens the app, under the pretense that it is helping connect with their friends, much like how Instagram flags Facebook friends. It has access to users’ microphones, cameras, calendar and other phone data. Even its name is an apparent play on the popular Chinese app TikTok.

Though billed as “fast and secure,” ToTok makes no claim of end-to-end encryption, like WhatsApp, Signal or Skype. The only hint that the app discloses user data is buried in the privacy policy: “We may share your personal data with group companies.”

So instead of paying hackers to gain access to a target’s phone — the going rate is up to $2.5 million for a hacking tool that can remotely access Android phones, according to recent price lists — ToTok gave the Emirati government a way to persuade millions of users to hand over their most personal information for free.

“There is a beauty in this approach,” said Wardle, now a security researcher at Jamf, a software company. “You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone. By uploading contacts, video chats, location, what more intelligence do you need?”

In an intelligence-gathering operation, Wardle said, ToTok would be Phase 1. Much like the NSA’s bulk metadata collection program — which was quietly shut down this year — ToTok allows intelligence analysts to analyze users’ calls and contacts in search of patterns, though its collection is far more invasive. It is unclear whether ToTok allows the Emiratis to record video or audio calls of its users.

Each day, billions of people freely forgo privacy for the convenience of using apps on their phones. The Privacy Project by the Times’ Opinion section published an investigation last week revealing how app makers and third parties track the minute-by-minute movements of mobile phone users.

Private companies collected that data for targeted marketing. In ToTok’s case — according to current and former officials and digital crumbs the developers left behind — much of the information is funneled to intelligence analysts working on behalf the Emirati state.

In recent months, semiofficial state publications began promoting ToTok as the free app long sought by Emiratis. This month, users of a messaging service in the Emirates requiring paid subscriptions, Botim, received an alert telling users to switch to ToTok — which it called a “free, fast and secure” messaging app. Accompanying the message was a link to install it.

The marketing seems to have paid off.

In reviews, Emiratis expressed gratitude to ToTok’s developers for finally bringing them a free messaging app. “Blessings! Your app is the best App so far that has enable me and my family to stay connected!!!” one wrote. “Kudos,” another wrote. “Finally, an app that works in the UAE!”

ToTok’s popularity extended beyond the Emirates. According to recent Google Play rankings, it was among the top 50 free apps in Saudi Arabia, Britain, India, Sweden and other countries. Some analysts said it was particularly popular in the Middle East because — at least on the surface — it was unaffiliated with a large, powerful nation.

Though the app is a tool for the Emirati government, the exact relationship between the firms behind it is murky. Pax employees are made up of European, Asian and Emirati data scientists, and the company is run by Andrew Jackson, an Irish data scientist who previously worked at Palantir, a Silicon Valley firm that works with the Pentagon and U.S. spy agencies.

Its affiliate company, DarkMatter, is in effect an arm of the Emirati government. Its operations have included hacking government ministries in Iran, Qatar and Turkey; executives of FIFA, the world soccer organization; journalists and dissidents.

Last month, the Emirati government announced that DarkMatter would combine with two dozen other companies to create a defense conglomerate focused on repelling cyberattacks.

The FBI is investigating American employees of DarkMatter for possible cybercrimes, according to people familiar with the investigation. The inquiry intensified after former NSA hackers working for the company grew concerned about its activities and contacted the bureau. Reuters first reported the program they worked on, Project Raven.

At Pax, data scientists openly brag about their work on LinkedIn. One who listed his title as “data science team lead” said he had created a “message intelligence platform” that reads billions of messages to answer four questions: “who you are, what you do, how do you think, and what is your relationship with others.”

“With the answers to these four questions, we know everything about one person,” wrote the data scientist, Jingyan Wang.

Other Pax employees describe their experience creating tools that can search government data sets for faces from billions of video feeds and pinpoint Arabic dialects from transcribed video messages.

None mention an affiliation with ToTok.

Mark Mazzetti, Nicole Perlroth and Ronen Bergman c.2019 The New York Times Company

Get the best of News18 delivered to your inbox – subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what’s happening in the world around you – in real time.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Valorant has a new agent named Astra: Abilities, and more to know about the character – Sporting News

Published

 on


Valorant revealed a new agent on Saturday and her name is Astra. Although Astra won’t be fully available to use in-game until March 2.

[embedded content]

Astra becomes the 15th agent in the game. Her backstory is that she’s a space-themed Agent from Ghana. A teaser from Valorant in the YouTube description says with Astra, you can “harness the cosmos and control the fight.” In the video, Astra’s first words are, “You can tell a person’s character by their first action.” And then her first action is a sniper shot.

A more full description of Astra is below:

Astra harnesses the energies of the cosmos to reshape battlefields to her whim. With full command of her astral form and a talent for deep strategic foresight, she’s always eons ahead of her enemy’s next move.

Astra is a Controller, which means she uses smokes, walls, and other abilities to help block the sight of the enemy.

We’ll go through Astra’s full abilities list below.

Astra abilities in Valorant

Astra has four main abilities, and then her ultimate ability. Her four main abilities are Gravity Well, Nova Pulse, Nebula and Dissipate. Her ultimate ability is Astral Form/Cosmic Divide.

We’ll go more in depth as to what those abilities are below. (this information is via Valorant Leaks)

Gravity Well

The Gravity Well will pull players within the area toward the center before it explodes. Any player trapped inside will become fragile.

Nova Pulse

When the Nova Pulse is placed, it will charge briefly before detonating. When it goes off, it will concuss all player within the area.

Nebula

This is Astra’s signature ability, and it’s essentially just her smoke. You simply place a star, and then activate it to transform it into a Nebula.

Dissipate

When you dissipate a star, it allows it to be placed in a new location. 

Astral Form/Cosmic Divide (Ultimate)

Activate to enter Astral Form where you can place stars with primary fire. Stars can be reactivated later, transforming them into a Nova Pulse, Nebula, or Gravity Well.

When cosmic divide is charged, use secondary fire in astral form to begin aiming it, then primary fire to select two locations. An infinite cosmic divide connects the two points you select. Cosmic divide blocks bullets and heavily dampens audio.


https://images.daznservices.com/di/library/sporting_news/1f/d1/astra-ability-ftr_gr904205d9c81b1952n4p48xw.png?t=-458081657&w=500&quality=80

 

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

AirPods Max: Rumored Spatial Audio Upgrade Isn’t Coming, After All – Forbes

Published

 on


A recent rumor suggested that Spatial Audio on AirPods Max and AirPods Pro was about to become available on Netflix. But it now seems that’s not the case, which is disappointing.

If you’ve listened to Apple AirPods Pro or the more recent AirPods Max, you may have marveled at the audio quality Spatial Audio offers. It’s a surround-sound effect that works really well.

Part of its success is dynamic head tracking. This means that if you’re watching the right content there’s a whole extra level of fidelity.

Say you’re playing The Mandalorian on your iPad and listening through AirPods Pro. Dynamic head tracking means that even when you turn your head left or right, the software instantly and subtly adjusts the relative volume in each ear so that the audio appears to be locked to the screen.

It’s phenomenally effective. My first experience was so realistic that I had to stop to make sure I was really connected by headphone, so perfectly did the sound seem to come from the iPad itself.

So, the prospect that Spatial Audio was coming to Netflix was very welcome, something which was rumored last month. After all, Apple TV+, Amazon Prime Video, Vudu, HBO Go, Hulu and Disney+ were already on board, with selected content.

So, Netflix was easily the biggest beast of the streaming jungle which was missing.

This week, though, Netflix told MacRumors that contrary to previous reports, it is not testing Spatial Audio support. It is testing multi-channel support for built-in speakers, the company said.

This is a shame and although it can change, the fact that Netflix has gone out of its way to say Spatial Audio isn’t coming suggests that any change would not happen for a while.

Netflix is such a big player in this world that it doesn’t need to follow what others have done, but it would have been great to be able to hear programming with the improved audio Spatial Audio delivers. Of course, if you mostly watch Netflix on a TV or another screen without headphones, then Spatial Audio won’t be there anyway and maybe that was part of Netflix’s thinking.

Even so, let’s hope Netflix changes its mind in time.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Riot unveils Astra, VALORANT's new controller – Dot Esports

Published

 on


Riot Games’ latest agent for the tactical shooter VALORANT is on her way.

The developer revealed the agent on Twitter today. Her name is Astra, she originates from Ghana, and she’s a new controller agent.

“African Futurism was a huge inspiration for us when it came to designing Astra’s thematics,” John “Riot MEMEMEMEME” Goscicki, a character producer at Riot, said. “Once that element was brought into her development all the pieces naturally fell in place.”

Astra joins Brimstone, Omen, and Viper in the controller category. She’s the first controller added to VALORANT since the game released. Duelists Raze, Reyna, Yoru, and sentinel Killjoy were added since the game’s release.

Astra’s abilities

Before activating the C, Q, and E abilities, you need to hang some of Astra’s Stars in the sky with her X ability.

Here are Astra’s abilities:

C: Gravity Well

Activates a Star with C to form a Gravity Well. Players in the area are pulled toward the center before it explodes, making all players still trapped inside “fragile.”

Q: Nova Pulse

Activates a Star to detonate a Nova Pulse. The Nova Pulse charges briefly then strikes, concussing all players in its area.

E: Nebula

Activates a Star to transform it into a Nebula (smoke).

F: Dissipate

Use F on a Star to Dissipate it, returning the star to your inventory be placed in a new location after a delay.

Dissipate briefly forms a fake smoke (Nebula) at the Star’s location before returning.

X: Astral Form, Cosmic Divide

Activate with X to enter Astral Form, where you can place Stars with your primary fire key. Astra will leave her physical body behind in favor of a top-down view of the map. Her physical body will be vulnerable in this form.

When Cosmic Divide is charged, use your secondary fire in Astral Form to begin aiming it, then your primary fire to select two locations. An infinite teleport-esque tunnel connects the two points you select.


Make sure to follow us on YouTube for more esports news and analysis.

[embedded content]

Let’s block ads! (Why?)



Source link

Continue Reading

Trending