Connect with us

Tech

It Seemed Like a Popular App. But It’s Secretly an Emirati Spy Tool – News18

Published

 on


Washington: It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.

But the service, ToTok, is actually a spying tool, according to US officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the US last week, according to app rankings and App Annie, a research firm.

ToTok amounts to the latest escalation in a digital arms race among wealthy authoritarian governments, interviews with current and former US foreign officials and a forensic investigation showed. The governments are pursuing more effective and convenient methods to spy on foreign adversaries, criminal and terrorist networks, journalists and critics — efforts that have ensnared people all over the world in their surveillance nets.

Persian Gulf nations like Saudi Arabia, the Emirates and Qatar previously turned to private firms — including Israeli and U.S. contractors — to hack rivals and, increasingly, their own citizens. The development of ToTok, experts said, showed that the governments can cut out the intermediary to spy directly on their targets, who voluntarily, if unwittingly, hand over their information.

A technical analysis and interviews with computer security experts showed that the firm behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm where Emirati intelligence officials, former National Security Agency employees and former Israeli military intelligence operatives work. DarkMatter is under FBI investigation, according to former employees and law enforcement officials, for possible cybercrimes. The U.S. intelligence assessment and the technical analysis also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm that appears to be tied to DarkMatter.

Pax AI’s headquarters operate from the same Abu Dhabi building as the Emirates’ signals intelligence agency, which until recently was where DarkMatter was based.

The UAE is one of America’s closest allies in the Middle East, seen by the Trump administration as a bulwark against Iran and a close counterterrorism partner. Its ruling family promotes the country as an example of a modern, moderate Arab nation, but it has also been at the forefront of using surveillance technology to crack down on internal dissent — including hacking Western journalists, emptying the banking accounts of critics, and holding human rights activists in prolonged solitary confinement over Facebook posts.

The government blocks specific functions of apps like WhatsApp and Skype, a reality that has made ToTok particularly appealing in the country. Huawei, the Chinese telecom giant, recently promoted ToTok in advertisements.

Spokesmen for the CIA and the Emirati government declined to comment. Calls to a phone number for Breej Holding rang unanswered, and Pax employees did not respond to emails and messages. An FBI spokeswoman said that “while the FBI does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose.”

When The Times initially contacted Apple and Google representatives with questions about ToTok’s connection to the Emirati government, they said they would investigate. On Thursday, Google removed the app from its Play store after determining ToTok violated unspecified policies. Apple removed ToTok from its App Store on Friday and was still researching the app, a spokesman said. ToTok users who already downloaded the app will still be able to use it until they remove it from their phones.

It was unclear when U.S. intelligence services first determined that ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that U.S. officials have warned some allies about its dangers. It is not clear whether U.S. officials have confronted their counterparts in the Emirati government about the app. One digital security expert in the Middle East, speaking on the condition of anonymity to discuss powerful hacking tools, said that senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.

ToTok appears to have been relatively easy to develop, according to a forensic analysis performed for The Times by Patrick Wardle, a former NSA hacker who works as a private security researcher. It appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences.

ToTok is a cleverly designed tool for mass surveillance, according to the technical analysis and interviews, in that it functions much like the myriad other Apple and Android apps that track users’ location and contacts.

On the surface, ToTok tracks users’ location by offering an accurate weather forecast. It hunts for new contacts any time a user opens the app, under the pretense that it is helping connect with their friends, much like how Instagram flags Facebook friends. It has access to users’ microphones, cameras, calendar and other phone data. Even its name is an apparent play on the popular Chinese app TikTok.

Though billed as “fast and secure,” ToTok makes no claim of end-to-end encryption, like WhatsApp, Signal or Skype. The only hint that the app discloses user data is buried in the privacy policy: “We may share your personal data with group companies.”

So instead of paying hackers to gain access to a target’s phone — the going rate is up to $2.5 million for a hacking tool that can remotely access Android phones, according to recent price lists — ToTok gave the Emirati government a way to persuade millions of users to hand over their most personal information for free.

“There is a beauty in this approach,” said Wardle, now a security researcher at Jamf, a software company. “You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone. By uploading contacts, video chats, location, what more intelligence do you need?”

In an intelligence-gathering operation, Wardle said, ToTok would be Phase 1. Much like the NSA’s bulk metadata collection program — which was quietly shut down this year — ToTok allows intelligence analysts to analyze users’ calls and contacts in search of patterns, though its collection is far more invasive. It is unclear whether ToTok allows the Emiratis to record video or audio calls of its users.

Each day, billions of people freely forgo privacy for the convenience of using apps on their phones. The Privacy Project by the Times’ Opinion section published an investigation last week revealing how app makers and third parties track the minute-by-minute movements of mobile phone users.

Private companies collected that data for targeted marketing. In ToTok’s case — according to current and former officials and digital crumbs the developers left behind — much of the information is funneled to intelligence analysts working on behalf the Emirati state.

In recent months, semiofficial state publications began promoting ToTok as the free app long sought by Emiratis. This month, users of a messaging service in the Emirates requiring paid subscriptions, Botim, received an alert telling users to switch to ToTok — which it called a “free, fast and secure” messaging app. Accompanying the message was a link to install it.

The marketing seems to have paid off.

In reviews, Emiratis expressed gratitude to ToTok’s developers for finally bringing them a free messaging app. “Blessings! Your app is the best App so far that has enable me and my family to stay connected!!!” one wrote. “Kudos,” another wrote. “Finally, an app that works in the UAE!”

ToTok’s popularity extended beyond the Emirates. According to recent Google Play rankings, it was among the top 50 free apps in Saudi Arabia, Britain, India, Sweden and other countries. Some analysts said it was particularly popular in the Middle East because — at least on the surface — it was unaffiliated with a large, powerful nation.

Though the app is a tool for the Emirati government, the exact relationship between the firms behind it is murky. Pax employees are made up of European, Asian and Emirati data scientists, and the company is run by Andrew Jackson, an Irish data scientist who previously worked at Palantir, a Silicon Valley firm that works with the Pentagon and U.S. spy agencies.

Its affiliate company, DarkMatter, is in effect an arm of the Emirati government. Its operations have included hacking government ministries in Iran, Qatar and Turkey; executives of FIFA, the world soccer organization; journalists and dissidents.

Last month, the Emirati government announced that DarkMatter would combine with two dozen other companies to create a defense conglomerate focused on repelling cyberattacks.

The FBI is investigating American employees of DarkMatter for possible cybercrimes, according to people familiar with the investigation. The inquiry intensified after former NSA hackers working for the company grew concerned about its activities and contacted the bureau. Reuters first reported the program they worked on, Project Raven.

At Pax, data scientists openly brag about their work on LinkedIn. One who listed his title as “data science team lead” said he had created a “message intelligence platform” that reads billions of messages to answer four questions: “who you are, what you do, how do you think, and what is your relationship with others.”

“With the answers to these four questions, we know everything about one person,” wrote the data scientist, Jingyan Wang.

Other Pax employees describe their experience creating tools that can search government data sets for faces from billions of video feeds and pinpoint Arabic dialects from transcribed video messages.

None mention an affiliation with ToTok.

Mark Mazzetti, Nicole Perlroth and Ronen Bergman c.2019 The New York Times Company

Get the best of News18 delivered to your inbox – subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what’s happening in the world around you – in real time.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Facebook says remote working move could slow jobs growth in Ireland

Published

 on

Facebook still plans to “aggressively” grow staff numbers in its European headquarters in Ireland but a company-wide policy allowing permanent remote work from other countries could slow that growth over time, its Irish chief said on Friday.

Ireland’s economy is hugely reliant on multinational firms that employ around one in eight Irish workers and any move to facilitate remote working abroad would add to the challenge already posed by a planned global corporate tax overhaul.

Facebook, which is one of Ireland’s largest such employers with around 3,000 full-time staff and another 3,000 contractors, will allow some workers to permanently relocate after more than a year of many working remotely due to the COVID-19 pandemic.

Eligible employees in Facebook offices in Ireland, France, Germany, Italy, the Netherlands, Poland, Spain and the United Kingdom will be able to move to another one of those locations. U.S.-based staff can also move to Canada, it added.

Facebook Ireland’s Gareth Lambe said it was still working out how many Irish-based employees would be eligible to take advantage of the policy. Fewer than half of its staff are Irish nationals.

“We’re going to continue to grow aggressively,” he told national broadcaster RTE, citing a move in the next year or two to a new 57,000 square metre campus in Dublin that it intends to fill with 7,000 employees.

“This won’t have on balance a material impact on the growth of employment for Facebook in Ireland,” he said, referring to the remote working policy. “We have a target this year of adding about an additional 700 employees and we’re going to continue to do that and we’re going to continue to grow,”

“But this is a significant evolution and in the future over the coming years and decades, it is possible that the growth of jobs and numbers may not be as fast in Ireland as it would have been before it.”

Lambe said Facebook’s main Europe, Middle East and Africa decision makers will continue to be based in Dublin, meaning its corporate tax status will not change. However those permanently relocating abroad would no longer pay income tax in Ireland.

Responding to the move, Irish Finance Minister Paschal Donohoe said one of the consequences of the pandemic will be a lot more mobility of workers across national borders but that foreign direct investment will remain “an indispensable part” of Ireland’s economic model.

 

(Reporting by Padraic Halpin; Editing by Frances Kerry)

Continue Reading

Tech

Apple hires former BMW executive for car project

Published

 on

Apple Inc has hired Ulrich Kranz, a former senior executive at BMW AG’s electric car division, to help its vehicle initiatives, Bloomberg News reported on Thursday, citing people familiar with the matter.

Kranz will report to Apple veteran Doug Field, who led development of Tesla Inc’s mass-market Model 3 and now runs Apple’s car project, the report said.

Apple did not immediately respond to Reuters request for comment.

The iPhone maker’s automotive efforts, known as Project Titan, have proceeded unevenly since 2014 when Apple first started designing its own vehicle from scratch.

In December, Apple said it was moving forward with its self-driving car technology and targeting to produce a passenger vehicle that could include its own breakthrough battery technology by 2024.

 

(Reporting by Mrinalika Roy in Bengaluru; Editing by Shinjini Ganguli)

Continue Reading

Tech

Amazon SideWalk in Canada

Published

 on

Amazon is ready to initiate the sidewalk throughout the world including Canada. So many people are concerned about what exactly is a sidewalk and should you be concerned in any way?

Well to put it simply amazon sidewalk is a new way of communication where amazon creates a network by using its echo devices and other devices. What is going to happen is that these devices would be using your home’s internet connection and creating a small network for communication. Using the ring and echo devices this will be executed where they would be forming a bridge (as the company calls it) between the two devices. While these various bridges would be used to create networks.

Amazon said this is done for easier connections and simpler setups even when your wifi goes out. Which would allow you to use title trackers and find pets easily. You would not have to spend 500 dollars on those devices but rather just use this to get updated information on your belongings. This is going to get a lot of people hooked on the devices. Using your ring and echo devices without your own internet connection sounds pretty good but is there a hidden reason for amazon to become an ISP on its own well that is something only time will tell.

So now the question is should you be concerned about this?

Well if you own an amazon echo device you will have to ask Alexa to opt you out of it because this is going to come in as activated by default. This means that you will need to put in some effort to change this if for any reason you don’t want to be a part of this program.

There are tutorials online that would help you to opt-out of this by using your Alexa app on your phone.

Another concern is that this is not the first time a company has done something like this. Apple has enhanced the find my network in a similar manner with the introduction of air tags and have responsibility for finding phones, and things using other users devices that might not know that their device is being used in the process.

Well most common people that are using the internet nowadays are more concerned about the data that is being used by these huge corporations and who are they gathering and using the data for their personal and private benefits. Additionally are data sharing policies being used and met with proper standards. Creating a rule is one thing and following it is completely another.

What bodies are placing a check on whether the huge tech giants are following these steps or not? These are the big questions with few answers and to think that now the internet is being owned by one of these giants. I mean the real question everyone should be asking is how big can these giants become and what kind of influence they hold onto our lives in the future?

Continue Reading

Trending