Profile picture
, 34 tweets, 16 min read
My Authors
Read all threads
Open Source Investigation - Communications App 'ToTok' and Reported Patronage by UAE Intelligence [Thread]
The New York Times published an expose quoting US officials that the increasingly-popular communcications app 'ToTok' was, in fact, developed for espionage by Emirati intelligence.
nytimes.com/2019/12/22/us/…
The app has been removed from Google Play but cache/ mirror copies reveal interesting insights.
The most-recent cache by Google shows that more than 81,000 people had already downloaded the app.
Further details reveal that in total, more than 5 million people had installed the app so far. It was 30MB in size and last updated on 17th December. Website and registration address provide leads for further investigations.
The website is registered not in the standard .ae (UAE-based) domain but .ai (domain name for Anguilla, a small island in the Eastern Caribbean which is part of British Overseas Territory).
As of yet, ToTok[dot]ai is functional. It is hosted on IP address 47.91.114.71 located in Dubai, UAE. Domain WHOIS shows it was registered on 29 June 2019 (not too old).
Yesterday, ToTok published a letter to its users trying to present itself as an entrepreneurial venture aiming to provide free connectivity which is appreciated by expats. They even planned to incorporate payment gateways in the future. Archived copy: archive.vn/5igAS
Singapore's business directory mentions a registered entity "ToTok Pte. Ltd" incorporated on 8th August 2019 (Registration Number 201926121C).
The specific address mentioned for ToTok's office (160 Robinson Road #16-02) is also used by several other businesses including "Gorilla Digital Marketing", "Just4Fun Pte Ltd" and "MSA Corporate Services Pte. Ltd", to name a few.
The building where ToTok's business was registered is the Singapore Business Federation (SBF) Centre, a commercial building with 48 medical suites and 199 offices. They also offer virtual spaces for rent.
A Gulf News report published a few days ago revealed that ToTok was apparently developed "from the team behind BOTIM". A screenshot was also published in which BOTIM urged its users to d/l ToTok as a continuation of their services (archive.vn/CkWpC). So, BOTIM = ToTok?
BOTIM was developed by 'Algento Cloud Computing Limited', a company registered in December 2016 in Hong Kong (Registration Number 2458987).
BOTIM Key Personnel:-

Lei Guo (CEO). Based in San Francisco, US. Past ventures include 'Coco App' and 'SOMA Messenger'. Apparently holds PhD in Statistics from Harvard University.
BOTIM Key Personnel:-

Zahrah Bachhus, Head of Sales and Partnerships since October 2018. It's safe to suggest she was directly involved in the process to partner/ merge with ToTok.
BOTIM Key Personnel:-

Hemanthee Rajendran, Business Development and Operations Executive since December 2018. Direct official engagements with General Manager and liaising in businesss development and coordination activities.
BOTIM Key Personnel:-

Nana Zhao, General Manager since February 2019.
BOTIM Key Personnel:-

Oliver Hayen, Co-Founder and COO since 2017. Partner with Lei Guo, he's based in Los Angeles (from what his LinkedIn suggests).
Patrick Wardle, a security researcher and former NSA employee, wrote an in-depth technical analysis on ToTok (objective-see.com/blog/blog_0x52…). Note his interesting conclusion in the attached screenshot.
Archived copy of Wardle's analysis: archive.vn/gOI6Q
On Apple App Store, 'Breej Holding Ltd' is mentioned as the publisher of ToTok.
Almost zero digital footprints of "Breej Holding Ltd" are available on open sources. This report by Washington Examiner says it might be a front for UAE's infamous "DarkMatter" company which was widely reported as employing US cyber intel veterans.
washingtonexaminer.com/news/one-of-th…
Some context: Israeli media reported in Oct 2019 that UAE's DarkMatter was actively recruiting graduates of IDF's Unit 8200, some of the world's best exploit developers. Reportedly, Israel's defence establishment were concerned about these developments.
timesofisrael.com/uae-based-inte…
It's interesting how leading UAE newspapers promoted ToTok. Gulf News published a praiseworthy report by its online editor, which one thought might have been sponsored content. Presented a 'must-have' image of ToTok playing the 'expat' card. Archived copy: archive.vn/BWUVY
The National also published a piece on ToTok, though somewhat balanced. Interesting how an unnamed user expressed suspicion on why ToTok was being offered for free. Archived copy: archive.vn/11sdj
This Gulf News article from 22nd December informs readers about ToTok's inaccessibility on Play Store and App Store via a notification, which suggested installating the file directly from their website. They were unaware about the expose. Archived copy: archive.vn/J7XKN
The apparent confluence of DarkMatter, BOTIM and UAE intelligence on ToTok, although fascinating, is entirely based on the NYT story. This disclosure by US intel officials is a clear indication how frustrated they are with Emiratis' cyber intel ambitions.
Ideally, US authorities should be investigating Algento, BOTIM's parent company based in California, for its patronage and marketing of ToTok. Simply shaming the UAE through reports won't suffice.
Internally, MoI (@MOIofficialPk) and MoITT should generate an advisory against ToTok and BOTIM; externally, Pak MoFA (@ForeignOfficePk) and Ministry of Overseas Pakistanis (@mophrd) should advise expat community to delete these apps immediately.
@MOIofficialPk @ForeignOfficePk @mophrd At a higher level, such reports merely add to the growing calls for Government of Pakistan to develop a coherent policy governing cyberspace which should include regulations related to application authentication/ registration and, if necessary, data localisation.
@MOIofficialPk @ForeignOfficePk @mophrd The state has the prerogative to say that "if so-and-so app gets this much of user base in Pakistan, it will have to register with relevant authorities and appoint a rep or liaison officer".
@MOIofficialPk @ForeignOfficePk @mophrd What is do-able is that Google and Apple should be persuaded to host a localised version of their app stores for users based in Pakistan through a compliance framework managed jointly by the federal government and industry bodies such as P@SHA.
@MOIofficialPk @ForeignOfficePk @mophrd In the larger scheme of things, the variety of dubious "free calls and messages" apps should be taken with a pinch of salt by ordinary users. Basic awareness of cyber security practices should be promoted by the federal government for the public as well as official functionaries.
@MOIofficialPk @ForeignOfficePk @mophrd @threadreaderapp unroll
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Zaki Khalid

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @misterzedpk see all

Profile picture
Zaki Khalid
@misterzedpk
Open Source Investigation: Noteworthy Elements Circulating Fake News about Indian Army's takeover of Keran Village, AJK [Thread]
After a thorough scan of public posts on multiple social media platforms, it is established that the originator of this fake news is Indian Army Major (Retd) Shailendra Kumar. He tweeted the 'news' at 2:18am GMT (7:18am PST and 7:48am IST). Archived copy: archive.vn/Xukfp
Correction: Shailendra Singh*
Read 24 tweets
Profile picture
Zaki Khalid
@misterzedpk
Vice Admiral (Retired) Ather Mukhtar - Pakistan's Ambassador-Designate to the Maldives [Thread]
As a Commodore, he received the President's Award. He was Commander of 9th Auxiliary comprising 9 ships, 2 coastal tankers (GWADAR, KALMAT), 2 fleet tankers (NASR, MOAWIN), 2 small tankers/utility ships (MADADGAR, RASADGAR) and 3 mine-hunting vessels (MUNSIF, MUHAFIZ, MUJAHID).
In the same rank, he was also Commander North (COMNOR) sometimes referred to as "North Navy". The COMNOR works closely with Pakistan Army to protect vital strategic interests in the north including intelligence gathering through a Naval Surveillance Unit (NSU).
Read 25 tweets
Profile picture
Zaki Khalid
@misterzedpk
Key statements in the aftermath of Indo-US 2+2 Ministerial in Washington D.C. as seen in the video during the press conference [Thread]
US State Sec Pompeo: "We secured new agreements on space exploration and defence industrial collaboration".
US State Sec Pompeo: "We value India's perspective on security in the Indo-Pacific and, frankly, all around the world. The future of Afghanistan matters to each of our two nations."
Read 31 tweets

Related threads

Profile picture
REESUS PATRIOT™
@ReesusP
Thread: The entire "Trump-Ukraine Impeachment Inquiry Report"
The impeachment inquiry into Donald J. Trump, the 45th President of the United States, uncovered a months-long effort by President Trump to use the powers of his office to solicit foreign interference on his behalf in the 2020 election.
As described in this executive summary and the report that follows, President Trump’s scheme subverted U.S. foreign policy toward Ukraine and undermined our national security in favor of two politically motivated investigations that would help his presidential reelection campaign
Read 484 tweets
Profile picture
Alex Salvi
@alexsalvinews
#NEW: New York Times fact-checker Gina Chérélus deletes over a decade worth of racist and homophobic Tweets (archived tweets shown below).
Read 4 tweets
Profile picture
Livid 🤦🏻‍♀️
@Livid2point0
#QAnon #QArmy Pizzagate is a religious DIVISION tactic. Who is paying for it? Is it the #Failing @NYTimes - or just those connected? @POTUS @realDonaldTrump
#QAnon #QArmy I've seen a lot of digging on the Guinness family, but many fail to look into Rachel Chandler's family - particularly her father - who had a lengthy history of political connections. @POTUS @realdonaldtrump legacy.com/obituaries/app…
#QAnon #QArmy In 2010, Rachel Chandler worked for the New York Times fashion magazine as a photographer... @POTUS @realDonaldTrump tmagazine.blogs.nytimes.com/2010/03/19/the…
Read 16 tweets
Profile picture
Doug Johnson Hatlem
@djjohnso
@aaronjmate Are we now over 50 major news stories that have had to be reracted or seriously corrected, all in the same direction, wrt Russia since 2016?
@aaronjmate I'll start a thread here to count them (I had started one for a CounterPunch article more than a year ago, but gave up partly because the list just kept growing as I tied to write). So:
@aaronjmate 1.1 On July 27, 2016 the @AP falsely reported that RT (formerly Russia Today) is part of the Russian state media complex. While it receives funding from the Russian government, it is a stand alone entity. On August 2, AP issued a correction on top of an accordingly updated story.
Read 51 tweets
Profile picture
This Is Africa
@ThisIsAfricaTIA
Following the pictures by the New York Times on the #RiversideAttack in Kenya, questions have been raised on the representation of black bodies in death. More importantly, how the Western media covers the death of Africans during crisis like the #DusitAttack in Kenya
Thread!!!
The New York Times published gory pictures of dead Kenyans who were victims of a terrorist attack. It was less than 24 hours after the attack that the pictures were published as the feature image of the New York Times article. Kenyans were still in mourning and shock from the
attack. Kenyans on Twitter raised ethical, moral and philosophical questions on the publishing and protection of the dignity and sanctity of those who had just died. Their singular demand to the @nytimes was to pull down the pictures. A demand the New York Times is yet to heed.
Read 19 tweets
Profile picture
ghost of daniel parker
@SeekerOTL
THIRTEEN DAYS IN MAY: THE RACE TO GET JARED KUSHNER

May 4, 2017 - May 17, 2017

newyorker.com/magazine/2018/…
May 4, 2017 - President Trump travels to his private golf club in Bedminster, NJ for a long weekend. He is accompanied by his daughter, Ivanka, and her husband, Jared Kushner, as well as advisor, Stephen Miller.
The New York Times reported that Kushner and Miller recommend firing FBI Director James Comey.

nytimes.com/2017/09/01/us/…
Read 23 tweets

Trending hashtags

#Berlin #Finnish #JCPOA #Filipino #Hodeida #Corruption #Pentagon #ClintonCrimeCartel #Aden #Intervention #MeToo #WorldHypocrisy #ClintonCorruption #Saudi #اليمن #ArabiaSaudita #ClintonCrimeFamily #NationalEmergency #TankerAttack #YemenGenocide #SchoolBusMassacre #POTUS #America #WarCrime #UnitedNations
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!