, 34 tweets, 16 min read
My Authors
Read all threads
Open Source Investigation - Communications App 'ToTok' and Reported Patronage by UAE Intelligence [Thread]
The New York Times published an expose quoting US officials that the increasingly-popular communcications app 'ToTok' was, in fact, developed for espionage by Emirati intelligence.
nytimes.com/2019/12/22/us/…
The app has been removed from Google Play but cache/ mirror copies reveal interesting insights.
The most-recent cache by Google shows that more than 81,000 people had already downloaded the app.
Further details reveal that in total, more than 5 million people had installed the app so far. It was 30MB in size and last updated on 17th December. Website and registration address provide leads for further investigations.
The website is registered not in the standard .ae (UAE-based) domain but .ai (domain name for Anguilla, a small island in the Eastern Caribbean which is part of British Overseas Territory).
As of yet, ToTok[dot]ai is functional. It is hosted on IP address 47.91.114.71 located in Dubai, UAE. Domain WHOIS shows it was registered on 29 June 2019 (not too old).
Yesterday, ToTok published a letter to its users trying to present itself as an entrepreneurial venture aiming to provide free connectivity which is appreciated by expats. They even planned to incorporate payment gateways in the future. Archived copy: archive.vn/5igAS
Singapore's business directory mentions a registered entity "ToTok Pte. Ltd" incorporated on 8th August 2019 (Registration Number 201926121C).
The specific address mentioned for ToTok's office (160 Robinson Road #16-02) is also used by several other businesses including "Gorilla Digital Marketing", "Just4Fun Pte Ltd" and "MSA Corporate Services Pte. Ltd", to name a few.
The building where ToTok's business was registered is the Singapore Business Federation (SBF) Centre, a commercial building with 48 medical suites and 199 offices. They also offer virtual spaces for rent.
A Gulf News report published a few days ago revealed that ToTok was apparently developed "from the team behind BOTIM". A screenshot was also published in which BOTIM urged its users to d/l ToTok as a continuation of their services (archive.vn/CkWpC). So, BOTIM = ToTok?
BOTIM was developed by 'Algento Cloud Computing Limited', a company registered in December 2016 in Hong Kong (Registration Number 2458987).
BOTIM Key Personnel:-

Lei Guo (CEO). Based in San Francisco, US. Past ventures include 'Coco App' and 'SOMA Messenger'. Apparently holds PhD in Statistics from Harvard University.
BOTIM Key Personnel:-

Zahrah Bachhus, Head of Sales and Partnerships since October 2018. It's safe to suggest she was directly involved in the process to partner/ merge with ToTok.
BOTIM Key Personnel:-

Hemanthee Rajendran, Business Development and Operations Executive since December 2018. Direct official engagements with General Manager and liaising in businesss development and coordination activities.
BOTIM Key Personnel:-

Nana Zhao, General Manager since February 2019.
BOTIM Key Personnel:-

Oliver Hayen, Co-Founder and COO since 2017. Partner with Lei Guo, he's based in Los Angeles (from what his LinkedIn suggests).
Patrick Wardle, a security researcher and former NSA employee, wrote an in-depth technical analysis on ToTok (objective-see.com/blog/blog_0x52…). Note his interesting conclusion in the attached screenshot.
Archived copy of Wardle's analysis: archive.vn/gOI6Q
On Apple App Store, 'Breej Holding Ltd' is mentioned as the publisher of ToTok.
Almost zero digital footprints of "Breej Holding Ltd" are available on open sources. This report by Washington Examiner says it might be a front for UAE's infamous "DarkMatter" company which was widely reported as employing US cyber intel veterans.
washingtonexaminer.com/news/one-of-th…
Some context: Israeli media reported in Oct 2019 that UAE's DarkMatter was actively recruiting graduates of IDF's Unit 8200, some of the world's best exploit developers. Reportedly, Israel's defence establishment were concerned about these developments.
timesofisrael.com/uae-based-inte…
It's interesting how leading UAE newspapers promoted ToTok. Gulf News published a praiseworthy report by its online editor, which one thought might have been sponsored content. Presented a 'must-have' image of ToTok playing the 'expat' card. Archived copy: archive.vn/BWUVY
The National also published a piece on ToTok, though somewhat balanced. Interesting how an unnamed user expressed suspicion on why ToTok was being offered for free. Archived copy: archive.vn/11sdj
This Gulf News article from 22nd December informs readers about ToTok's inaccessibility on Play Store and App Store via a notification, which suggested installating the file directly from their website. They were unaware about the expose. Archived copy: archive.vn/J7XKN
The apparent confluence of DarkMatter, BOTIM and UAE intelligence on ToTok, although fascinating, is entirely based on the NYT story. This disclosure by US intel officials is a clear indication how frustrated they are with Emiratis' cyber intel ambitions.
Ideally, US authorities should be investigating Algento, BOTIM's parent company based in California, for its patronage and marketing of ToTok. Simply shaming the UAE through reports won't suffice.
Internally, MoI (@MOIofficialPk) and MoITT should generate an advisory against ToTok and BOTIM; externally, Pak MoFA (@ForeignOfficePk) and Ministry of Overseas Pakistanis (@mophrd) should advise expat community to delete these apps immediately.
@MOIofficialPk @ForeignOfficePk @mophrd At a higher level, such reports merely add to the growing calls for Government of Pakistan to develop a coherent policy governing cyberspace which should include regulations related to application authentication/ registration and, if necessary, data localisation.
@MOIofficialPk @ForeignOfficePk @mophrd The state has the prerogative to say that "if so-and-so app gets this much of user base in Pakistan, it will have to register with relevant authorities and appoint a rep or liaison officer".
@MOIofficialPk @ForeignOfficePk @mophrd What is do-able is that Google and Apple should be persuaded to host a localised version of their app stores for users based in Pakistan through a compliance framework managed jointly by the federal government and industry bodies such as P@SHA.
@MOIofficialPk @ForeignOfficePk @mophrd In the larger scheme of things, the variety of dubious "free calls and messages" apps should be taken with a pinch of salt by ordinary users. Basic awareness of cyber security practices should be promoted by the federal government for the public as well as official functionaries.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Zaki Khalid

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!