Friday, January 25, 2019

Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs

Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs

Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs

SEC Consult also published a blog post regarding the identified security issues with further background information: 
"Xiong-who?! And Why We Care"


Vendor description

"Hangzhou Xiongmai Technology Co., Ltd concentrates on security surveillance, Video intelligent research and development. We devote ourselves to providing good products, technical services for manufacturers, wholesaler and service provider, in order to offer better experience for our customers.  We are global leading providers in security video products and technology. Established from 2009, many years development, the headquarter of XM locate in Yinhu Innovation Center, Fuyang district, Hangzhou now. Total registered capital reach to 60 million.
Now we owns nearly 2000 employees including a strong R&D team (more than 300 experienced engineers)."

Source: http://www.xiongmaitech.com/en/index.php/about/company/18

Business recommendation

SEC Consult has identified highly critical vulnerabilities in Xiongmai products and the "XMeye P2P Cloud" feature which is being used in many 3rd party OEM devices as well.

The vendor does not provide proper mitigations and hence it is recommended not to use any products associated with the XMeye P2P Cloud until all of the identified security issues have been fixed and a thorough security analysis has been performed by professionals.

Vulnerability overview/description

1) Predictable XMEye Cloud IDs (CVE-2018-17915)

All Xiongmai devices come with a feature called "XMeye P2P Cloud". It is a proprietary, UDP-based protocol that allows users to access their IP cameras or NVRs/DVRs via the internet. The feature is enabled by default, no setup by the user is required.

The device initiates and keeps a connection to a Xiongmai cloud server. All connections between clients and the devices are established via Xiongmai cloud servers. This approach allows users to connect to devices that are behind firewalls, NATed etc.

The unique, per-device identifier is the cloud ID. It is a 16 character long hexadecimal string (e.g. f7e708f21de0fde0). Anyone who knows the device identifier and the admin credentials can establish a connection to a device using the XMEye apps (Android, iOS) or a "VMS" desktop application.

The Cloud ID may be unique, but it is not random. It is derived (at boot time) from the device MAC address using a few simple operations (see get_sn_from_mac()) below.

An attacker can enumerate potential MACs/cloud IDs and find valid ones. Then use the weak default credentials to log in. This allows the attacker to watch the video feed, change the device configuration and possibly gain remote code execution using other vulnerabilities. The XMEye functionality allows an attacker to attack devices that are behind firewalls, NATed networks etc.

MAC addresses have a well defined structure: 3-octet OUI (Vendor) + 3-octet NIC ID OUIs are assigned by the IEEE. Interestingly Xiongmai does not own an OUI, but instead uses the OUIs of other companies.

The following OUIs are used by Xiongmai devices (OUIs based on internet research, scanning, company names based on https://regauth.standards.ieee.org/standards-ra-web/pub/view.html#registries):

001210 WideRay Corp  001211 Protechna Herbst GmbH & Co. KG  001212 PLUS Corporation  001213 Metrohm AG  001214 Koenig & Bauer AG  001215 iStor Networks, Inc.  001216 ICP Internet Communication Payment AG  001217 Cisco-Linksys, LLC  001218 ARUZE Corporation  003E0B - Not assigned  

We developed a cloud ID scanner that queries the Xiongmai cloud server. The responses indicate if there is a device online that uses the given cloud ID, plus provide the IP of a Xiongmai Cloud hop server that is geographically close to the device. One query is one UDP packet.

We scanned 0.02% of the devices (random choice) in each OUI range (16 Million devices per range) and extrapolated the results.

OUI: 001210; IDs checked 3,365;  Devices online 3; Success rate: 0.1%; extrapolated devices online: 14,957  OUI: 001211; IDs checked 3,363;  Devices online 9; Success rate: 0.3%; extrapolated devices online: 44,898  OUI: 001212; IDs checked 3,351;  Devices online 492; Success rate: 14.7%; extrapolated devices online: 2,463,261  OUI: 001213; IDs checked 3,402;  Devices online 218; Success rate: 6.4%; extrapolated devices online: 1,075,083  OUI: 001214; IDs checked 3,440;  Devices online 67; Success rate: 1.9%; extrapolated devices online: 326,765  OUI: 001215; IDs checked 3,347;  Devices online 255; Success rate: 7.6%; extrapolated devices online: 1,278,216  OUI: 001216; IDs checked 3,377;  Devices online 448; Success rate: 13.3%; extrapolated devices online: 2,225,701  OUI: 001217; IDs checked 3,315;  Devices online 286; Success rate: 8.6%; extrapolated devices online: 1,447,446  OUI: 001218; IDs checked 3,196;  Devices online 1; Success rate: 0.0%; extrapolated devices online: 5,249  OUI: 003E0B; IDs checked 4,224;  Devices online 21; Success rate: 0.5%; extrapolated devices online: 83,409  

We estimate that there are about 9 Million devices online in the given OUI ranges.

The responses from the cloud server allow us to estimate the geographic distribution of the devices:

Hop server location: CN; extrapolated devices 5,438,757  Hop server location: DE; extrapolated devices 1,319,845  Hop server location: JP; extrapolated devices 577,743  Hop server location: SG; extrapolated devices 697,276  Hop server location: TR; extrapolated devices 189,260  Hop server location: US; extrapolated devices 742,101  

We assume the hop server locations serve devices on the same continent.

2) Default admin password

The devices include an empty password for the admin user account which has the highest privileges on the devices and allows attackers to view the video feed or change the configuration.

3) Insecure default credentials for user "default" (CVE-2018-17919)

In the default configuration, the user account "default" exists on the device. The purpose of this user is not documented.

These user credentials can be used to log in to a device via the XMEye cloud (checked via custom client using the Xiongmai NetSDK).

This user seems to at least have permissions to access video feeds (more investigation required!).

4) Multiple unencrypted communication channels (CVE-2018-1791

All device communication is not encrypted. This includes the XMeye service and firmware update communication.

  • An attacker can eavesdrop on video feeds or steal XMeye login credentials to get control over the device.
  • An attacker can also impersonate the update server and offer malicious firmware updates.

5) Firmware update integrity not checked

Firmware updates are not signed. It is possible to create a firmware update file that contains malicious code (CWE-494). This is either possible by modifying the filesystems contained in a firmware update or modifying the "InstallDesc" file in a firmware update file. The "InstallDesc" is a text file that contains commands that are executed during the update.


Combining the vulnerabilities makes a very powerful attack, "The worst case scenario":

  1. Attacker exploits Predictable XMEye Cloud IDs to get list of valid IDs.
  2. Attacker exploits Insecure default credentials for user "admin" and possibly user "default", to get access to devices via the XMEye cloud.
  3. Attacker changes the DNS configuration of the devices to impersonate the update server "upgrade.secu100.net".
  4. Attacker sets up fake firmware update webserver.
  5. Attacker creates firmware updates containing malicious code. Imagination is the limit here, could be a Mirai-like agent or something focused on lateral movement in the target environment (local network of the organization using the devices).
  6. Attacker performs a firmware update on devices via the XMEye cloud API command H264_DVR_Upgrade_Cloud()(custom client using the Xiongmai NetSDK). The malicious firmware update is persisted on the devices. If the attacker desires, it cannot be removed by rebooting the device.

Proof of concept

1) Predictable XMEye Cloud IDs (CVE-2018-17915)

The Python code to derive the cloud ID from the MAC address of the device has been removed from this advisory.

2) Default admin password

The default username and password is admin:[BLANK].

3) Insecure default credentials for user "default" (CVE-2018-17919)

The credentials for the hardcoded user "default" are "tluafed"

4) Multiple unencrypted communication channels (CVE-2018-17917)

No proof of concept available for this advisory.

5) Firmware update integrity not checked

The following "InstallDesc" contents would launch an arbitrary command, in this case starting the telnet daemon.

   "UpgradeCommand" : [        {           "Command" : "Shell",           "Script" : "/bin/busybox telnetd"        },  

Vulnerable / tested versions

Xiongmai acts as an OEM. Various vendors sell branded devices with Xiongmai hardware/firmware inside. More information can be found in the blog post: "Xiong-Who?! And Why We Care"

Vendor contact timeline

2018-03-15:Contacting ICS-CERT for coordination support.
2018-03-26:ICS-CERT assigns ICS-VU-638768 for this case.
2018-05-04:ICS-CERT provides answer from Xiongmai, the vendor argues that SEC Consult tested the "old" firmware/devices. Furthermore, per default user passwords need to be changed upon first login since 2016. They informed their key customers to update to the latest firmware & change default passwords.
2018-05-07SEC Consult anwser: we verified that we are running the latest firmware versions and they are affected. Furthermore, there is no password change request implemented.
2018-05-15SEC Consult sends further/newly identified vulnerabilities to ICS-CERT for Xiongmai, describing worst case scenario, asking to inform FTC about this case.
2018-05-15ICS-CERT: Xiongmai is very slow in responding, and requests for affected firmware versions have been sent to them already.
2018-05-25Asking ICS-CERT for a status update.
2018-05-29ICS-CERT: small update from Xiongmai received:
–Vendor Response–
Regarding the device information from Researcher, it is our "old" model and "old" firmware version, that's why there is no more update. Even for DVR model it is already discontinued, therefore we will work a new "latest" version based on current baseline version, for those Researcher's devices specially.
–End Vendor Response–
Xiongmai also said they will provide version numbers for fixed & vulnerable versions, but no answer.
2018-06-04ICS-CERT: Xiongmai provided a firmware update for our test devices.
2018-06-11SEC Consult: tested firmware "SimpGeneral_General_AHB7804R-ELS_V4.02.R11.Nat.OnvifC.20180525.bin" There are no apparent changes, it uses the same cloud ID, the admin password is still empty and there are no warnings to change the password (checked via web interface and VMS software)
2018-06-15ICS-CERT: received an update from Xiongmai as to why the firmware did not seem to fix anything:
–Vendor Response–
After check the message we believe there is some misunderstanding on IE operation due to the Plug-in ( or called as ActiveX ) issues, As currently this ActiveX technology even is quite an "ancient" technology but still widely used in most of Video Surveillance products. The issues that Researcher have met, it is due to his PC still have "old" plug-in installed, and with new update of firmware we provided, The camera and NVR already have functions but his PC with "old" plug-in, it is like using same "old" computer to connect new devices, that's why he still didn't see anything new.
So the solution is quite simple, just delete and uninstall "old" Plug-in, and then install new one from devices with new version. Please kindly check attached file, we have some instructions and steps, on how to renew this ActiveX, please help to forward to this Researcher and we believe he could understand the reason, and he could recheck about the new firmware we had sent.
–End Vendor Response–
2018-06-18SEC Consult: the ActiveX controls are unrelated to any of the issues we reported. For the sake of completeness, SEC Consult tested it anyways and all the security issues are still not fixed. Raising doubts that the vendor understands the impact.
2018-06-21ICS-CERT: concurs with our opinion and if Xiongmai does not fix the issues we will have to publish. Xiongmai did not yet react to the additional findings reported on 2018-05-15.
2018-07-24ICS-CERT: Xiongmai provided "improved" instructions to help ensure the forced password change happens.
2018-07-27SEC Consult: the default admin password is just a small subset of the identified critical issues. Intention to publish end of September.
Asking further questions to Xiongmai:
  • What devices are affected by the vulnerabilities?
  • What is the plan/timeline to fix the issues?
  • Are there issues that will not be fixed? Why?
  • Are there devices that will not receive fixes for the vulnerabilities? Which ones?
  • Will the updates be rolled out automatically or are manual steps by the user required?
  • Will Xiongmai publish a public warning/advisory on their website?
  • Will Xiongmai inform their OEM customers about the vulnerabilities so they can inform end users?
2018-08-01ICS-CERT: questions & deadline have been passed to Xiongmai. Possibility of contacting CNCERT/CC.
2018-09-04ICS-CERT: Still waiting for a response from Xiongmai. CNCERT/CC has responded.
2018-09-24SEC Consult: Asking for a status update. Proposed release date 8th October Recommendations are to stop using the devices, other workarounds are not effective.
2018-09-27ICS-CERT: CNCERT/CC only replied with generic email response. ICS-CERT proposes Tuesday or Thursday for releases. Decided for the 9th October.
2018-10-04Informing CERT-Bund and CERT.at about the security issues and release.
2018-10-09Coordinated release of security advisory.

Solution

The vendor did not provide proper mitigations and solution attempts since ICS-CERT contacted them back in March 2018.

SEC Consult advises not to use the products of Xiongmai and any 3rd party OEM device associated with the XMeye cloud feature.

Workaround

There are no workarounds available as the devices are connected via the cloud, the usual recommendations changing default passwords, strict firewalling and network segmentation unfortunately do not mitigate the whole range of discovered issues.

Advisory URL

https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html

EOF Stefan Viehböck / @2018

Interested to work with the experts of SEC Consult? Send us your application.
Want to improve your own cyber security with the experts of SEC Consult?
Contact our local offices.
  • ProductXiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices


  • Elyssa D. Durant
    Policy & Research Analyst

    Wednesday, January 16, 2019

    2019-01-16 07:17:41:016 WPAnalytics session started 2019-01-16 07:17:41:029 =========================================================================== 2019-01-16 07:17:41:029 Launching WordPress for iOS 11.3.1 (11.3.1.0)... 2019-01-16 07:17:41:030 Crash count: 7 2019-01-16 07:17:41:030 Debug mode: Production 2019-01-16 07:17:41:030 Extra debug: YES 2019-01-16 07:17:41:032 Device model: iPad7,6 (iPad7,6) 2019-01-16 07:17:41:032 OS: iOS, 12.1 2019-01-16 07:17:41:033 Language: en-US 2019-01-16 07:17:41:033 UDID: 91C0B200-DBE9-4530-A0B9-6B22D35093B5 2019-01-16 07:17:41:034 APN token: 96e23011a780715405b13f238d732e3fc3fd62eebfccf50dd509c42023bad172 2019-01-16 07:17:41:036 Launch options: [:] 2019-01-16 07:17:41:036 wp.com account: powersthatbeat (ID: 18647202) (verified) 2019-01-16 07:17:41:037 All blogs on device: 2019-01-16 07:17:41:042 <Blog Name: Comcast Must Die URL: https://comcastmustdie.wordpress.com XML-RPC: https://comcastmustdie.wordpress.com/xmlrpc.php wp.com account: powerst

    2019-01-16 07:17:41:016 WPAnalytics session started
    2019-01-16 07:17:41:029 ===========================================================================
    2019-01-16 07:17:41:029 Launching WordPress for iOS 11.3.1 (11.3.1.0)...
    2019-01-16 07:17:41:030 Crash count: 7
    2019-01-16 07:17:41:030 Debug mode: Production
    2019-01-16 07:17:41:030 Extra debug: YES
    2019-01-16 07:17:41:032 Device model: iPad7,6 (iPad7,6)
    2019-01-16 07:17:41:032 OS: iOS, 12.1
    2019-01-16 07:17:41:033 Language: en-US
    2019-01-16 07:17:41:033 UDID: 91C0B200-DBE9-4530-A0B9-6B22D35093B5
    2019-01-16 07:17:41:034 APN token: 96e23011a780715405b13f238d732e3fc3fd62eebfccf50dd509c42023bad172
    2019-01-16 07:17:41:036 Launch options: [:]
    2019-01-16 07:17:41:036 wp.com account: powersthatbeat (ID: 18647202) (verified)
    2019-01-16 07:17:41:037 All blogs on device:
    2019-01-16 07:17:41:042 <Blog Name: Comcast Must Die URL: https://comcastmustdie.wordpress.com XML-RPC: https://comcastmustdie.wordpress.com/xmlrpc.php wp.com account: powersthatbeat blogId: 148364682 plan: Free (1)>
    2019-01-16 07:17:41:042 <Blog Name: PALM BITCH URL: https://palmbitchresist.wordpress.com XML-RPC: https://palmbitchresist.wordpress.com/xmlrpc.php wp.com account: powersthatbeat blogId: 126298627 plan: Free (1)>
    2019-01-16 07:17:41:042 <Blog Name: Powers That Beat ©️ 2018 URL: https://powersthatbeat.wordpress.com XML-RPC: https://powersthatbeat.wordpress.com/xmlrpc.php wp.com account: powersthatbeat blogId: 18033618 plan: Free (1)>
    2019-01-16 07:17:41:042 <Blog Name: TOS Terms of Silence URL: https://tosthegoodthebadtheugly.wordpress.com XML-RPC: https://tosthegoodthebadtheugly.wordpress.com/xmlrpc.php wp.com account: powersthatbeat blogId: 126146545 plan: Free (1)>
    2019-01-16 07:17:41:042 ===========================================================================
    2019-01-16 07:17:41:090 Zendesk - read profile from User Defaults: ["email": elyssad@outlook.com, "name": Penguin]
    2019-01-16 07:17:41:093 Zendesk Enabled: true
    2019-01-16 07:17:41:097 User-Agent set to: Mozilla/5.0 (iPad; CPU OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16B92 wp-iphone/11.3.1
    2019-01-16 07:17:41:272 Loading Stats for the following blog: https://powersthatbeat.wordpress.com
    2019-01-16 07:17:41:290 Loading Stats for the following blog: https://powersthatbeat.wordpress.com
    2019-01-16 07:17:41:483 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:17:41:702 🔵 Tracked: my_site_tab_accessed
    2019-01-16 07:17:41:811 Loading Stats for the following blog: https://powersthatbeat.wordpress.com
    2019-01-16 07:17:41:858 Last stats period type: 1
    2019-01-16 07:17:41:921 🔵 Tracked: stats_period_accessed, properties: {
    "blog_id" = 18033618;
    period = days;
    }
    2019-01-16 07:17:41:929 Last stats period type: 1
    2019-01-16 07:17:41:929 Last stats period type: 1
    2019-01-16 07:17:41:985 🔵 Tracked: my_site_tab_accessed
    2019-01-16 07:17:42:091 didFinishLaunchingWithOptions state: 1
    2019-01-16 07:17:42:107 PingHub connecting
    2019-01-16 07:17:42:330 🔵 Tracked: stats_period_accessed, properties: {
    "blog_id" = 18033618;
    period = days;
    }
    2019-01-16 07:17:42:349 🔵 Tracked: stats_insights_accessed, properties: {
    "blog_id" = 18033618;
    }
    2019-01-16 07:17:42:396 Error syncing menu: Optional(Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.})
    2019-01-16 07:17:42:404 Error refreshing settings (unrecoverable): Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:405 Could not sync sites: Optional(Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.})
    2019-01-16 07:17:42:407 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:17:42:413 Failed syncing post formats for blog https://powersthatbeat.wordpress.com: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:415 Failed syncing site details for blog https://powersthatbeat.wordpress.com: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:415 Failed checking muti-author status for blog https://powersthatbeat.wordpress.com: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:417 Failed syncing categories for blog https://powersthatbeat.wordpress.com: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:420 Failed updating the plans for blog https://powersthatbeat.wordpress.com: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:421 Failed syncing publicize connections for blog https://powersthatbeat.wordpress.com: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:455 Failed syncing settings for blog https://powersthatbeat.wordpress.com: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:489 Device Token received in didRegisterForRemoteNotificationsWithDeviceToken: 96e23011a780715405b13f238d732e3fc3fd62eebfccf50dd509c42023bad172
    2019-01-16 07:17:42:707 Error while fetching Visits: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:738 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:17:42:740 Unable to register Device for Push Notifications: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:42:743 <WordPressAppDelegate: 0x283da0c40> applicationDidBecomeActive:
    2019-01-16 07:17:42:743 🔵 Tracked: application_opened
    2019-01-16 07:17:42:755 retrieveAllStatsForDate - Cached data exists.
    2019-01-16 07:17:43:834 PingHub connecting
    2019-01-16 07:17:44:165 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:17:46:197 PingHub connecting
    2019-01-16 07:17:46:537 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:17:51:797 PingHub connecting
    2019-01-16 07:17:52:104 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:17:53:929 🔵 Tracked: activity_log_list_opened
    2019-01-16 07:17:55:545 🔵 Tracked: site_menu_opened, properties: {
    "blog_id" = 18033618;
    "menu_item" = plans;
    }
    2019-01-16 07:17:56:188 🔵 Tracked: stats_accessed, properties: {
    "blog_id" = 18033618;
    }
    2019-01-16 07:17:56:194 Loading Stats for the following blog: https://powersthatbeat.wordpress.com
    2019-01-16 07:17:56:219 Last stats period type: 1
    2019-01-16 07:17:56:233 🔵 Tracked: stats_period_accessed, properties: {
    "blog_id" = 18033618;
    period = days;
    }
    2019-01-16 07:17:56:239 Last stats period type: 1
    2019-01-16 07:17:56:239 Last stats period type: 1
    2019-01-16 07:17:56:250 🔵 Tracked: stats_period_accessed, properties: {
    "blog_id" = 18033618;
    period = days;
    }
    2019-01-16 07:17:56:256 🔵 Tracked: stats_insights_accessed, properties: {
    "blog_id" = 18033618;
    }
    2019-01-16 07:17:56:652 Error while fetching Visits: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:17:58:152 TracksService sendQueuedEvents completed. Sent 14 events.
    2019-01-16 07:17:58:290 🔵 Tracked: site_menu_opened, properties: {
    "blog_id" = 18033618;
    "menu_item" = pages;
    }
    2019-01-16 07:18:00:806 🔵 Tracked: post_list_status_filter_changed, properties: {
    "blog_id" = 18033618;
    filter = Published;
    type = page;
    }
    2019-01-16 07:18:02:464 🔵 Tracked: site_menu_opened, properties: {
    "blog_id" = 18033618;
    "menu_item" = library;
    }
    2019-01-16 07:18:05:284 🔵 Tracked: site_menu_opened, properties: {
    "blog_id" = 18033618;
    "menu_item" = posts;
    }
    2019-01-16 07:18:07:412 PingHub connecting
    2019-01-16 07:18:07:690 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:18:08:841 🔵 Tracked: notifications_accessed
    2019-01-16 07:18:09:139 Error while Updating Last Seen Timestamp: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:18:11:870 🔵 Tracked: me_tab_accessed
    2019-01-16 07:18:12:099 Failed to fetch user details for account <WPAccount: 0x2835be8f0> (entity: Account; id: 0xf1f886086a2aeadb <x-coredata://8F80F48C-9BBB-489F-85D9-675D9C98B990/Account/p2> ; data: {
    avatarURL = "https://0.gravatar.com/avatar/ff394455f5a7503a3ab7eb1b62fccb87?s=96&d=identicon";
    blogs = "<relationship fault: 0x28168f5e0 'blogs'>";
    dateCreated = "2010-11-28 12:29:14 +0000";
    defaultBlog = "0xf1f886086a3aead9 <x-coredata://8F80F48C-9BBB-489F-85D9-675D9C98B990/Blog/p6>";
    displayName = Chillieh;
    email = "powersthatbeat@gmail.com";
    emailVerified = 1;
    settings = "0xf1f886086a2aeadf <x-coredata://8F80F48C-9BBB-489F-85D9-675D9C98B990/AccountSettings/p2>";
    userID = 18647202;
    username = powersthatbeat;
    uuid = "E977E709-E70F-4D31-9840-E2DD7B07898C";
    }). Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:18:13:342 TracksService sendQueuedEvents completed. Sent 6 events.
    2019-01-16 07:18:39:397 PingHub connecting
    2019-01-16 07:18:39:679 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:19:11:816 PingHub connecting
    2019-01-16 07:19:12:104 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:19:42:464 PingHub connecting
    2019-01-16 07:19:42:785 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:20:15:696 PingHub connecting
    2019-01-16 07:20:16:066 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:20:49:063 PingHub connecting
    2019-01-16 07:20:49:398 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:21:22:296 PingHub connecting
    2019-01-16 07:21:22:599 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:21:38:315 🔵 Tracked: account_settings_opened
    2019-01-16 07:21:38:723 Error refreshing settings (unrecoverable): Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:21:41:754 🔵 Tracked: app_settings_opened
    2019-01-16 07:21:43:844 TracksService sendQueuedEvents completed. Sent 2 events.
    2019-01-16 07:21:45:764 🔵 Tracked: notification_settings_list_opened
    2019-01-16 07:21:45:966 Could not sync sites: Optional(Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.})
    2019-01-16 07:21:49:610 Could not sync sites: Optional(Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.})
    2019-01-16 07:21:53:147 🔵 Tracked: reader_accessed
    2019-01-16 07:21:53:312 🔵 Tracked: news_card_shown, properties: {
    origin = reader;
    version = "10.8";
    }
    2019-01-16 07:21:53:327 PingHub connecting
    2019-01-16 07:21:53:614 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:21:59:113 🔵 Tracked: reader_search_loaded
    2019-01-16 07:21:59:128 TracksService sendQueuedEvents completed. Sent 3 events.
    2019-01-16 07:21:59:788 🔵 Tracked: reader_saved_list_viewed, properties: {
    source = "reader_filter";
    }
    2019-01-16 07:22:07:699 🔵 Tracked: reader_tag_loaded, properties: {
    tag = biometrics;
    }
    2019-01-16 07:22:14:301 TracksService sendQueuedEvents completed. Sent 3 events.
    2019-01-16 07:22:15:406 🔵 Tracked: notifications_accessed
    2019-01-16 07:22:15:645 Error while Updating Last Seen Timestamp: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:22:26:163 PingHub connecting
    2019-01-16 07:22:26:436 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:22:29:533 TracksService sendQueuedEvents completed. Sent 1 events.
    2019-01-16 07:22:59:396 PingHub connecting
    2019-01-16 07:22:59:725 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:23:07:727 Pushing Notification Details for: [3516021618]
    2019-01-16 07:23:07:839 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:23:07:954 Error marking note as read: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:23:07:998 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:23:11:897 Pushing Notification Details for: [3516021618]
    2019-01-16 07:23:11:897 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:23:12:093 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:23:15:587 TracksService sendQueuedEvents completed. Sent 2 events.
    2019-01-16 07:23:16:384 🔵 Tracked: notification_tapped_segmented_control, properties: {
    "selected_filter" = Unread;
    }
    2019-01-16 07:23:16:432 Pushing Notification Details for: [3522145033]
    2019-01-16 07:23:16:479 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:23:16:648 Error marking note as read: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:23:16:684 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:23:17:974 🔵 Tracked: notification_tapped_segmented_control, properties: {
    "selected_filter" = Comments;
    }
    2019-01-16 07:23:18:000 Pushing Notification Details for: [3509342642]
    2019-01-16 07:23:18:000 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = comment;
    }
    2019-01-16 07:23:18:190 [Rest API] ! The specified path was not found. Please visit https://developer.wordpress.com/docs/ for valid paths.
    2019-01-16 07:23:19:723 🔵 Tracked: notification_tapped_segmented_control, properties: {
    "selected_filter" = Follows;
    }
    2019-01-16 07:23:19:745 Pushing Notification Details for: [3499506577]
    2019-01-16 07:23:19:745 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = follow;
    }
    2019-01-16 07:23:22:544 🔵 Tracked: notification_tapped_segmented_control, properties: {
    "selected_filter" = Likes;
    }
    2019-01-16 07:23:22:587 Pushing Notification Details for: [3509341056]
    2019-01-16 07:23:22:587 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = like;
    }
    2019-01-16 07:23:25:363 🔵 Tracked: notification_tapped_segmented_control, properties: {
    "selected_filter" = Follows;
    }
    2019-01-16 07:23:25:385 Pushing Notification Details for: [3499506577]
    2019-01-16 07:23:25:386 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = follow;
    }
    2019-01-16 07:23:27:188 Pushing Notification Details for: [936374739]
    2019-01-16 07:23:27:218 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = follow;
    }
    2019-01-16 07:23:27:377 Error marking note as read: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:23:29:736 PingHub connecting
    2019-01-16 07:23:30:067 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:23:30:814 TracksService sendQueuedEvents completed. Sent 11 events.
    2019-01-16 07:23:34:560 Pushing Notification Details for: [3473226956]
    2019-01-16 07:23:34:560 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = follow;
    }
    2019-01-16 07:23:39:863 Pushing Notification Details for: [936374739]
    2019-01-16 07:23:39:863 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = follow;
    }
    2019-01-16 07:23:45:970 TracksService sendQueuedEvents completed. Sent 2 events.
    2019-01-16 07:24:01:929 PingHub connecting
    2019-01-16 07:24:02:196 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:24:07:952 <WordPressAppDelegate: 0x283da0c40> applicationWillResignActive:
    2019-01-16 07:24:09:363 <WordPressAppDelegate: 0x283da0c40> applicationDidEnterBackground:
    2019-01-16 07:24:09:464 🔵 Tracked: application_closed, properties: {
    "last_visible_screen" = Notifications;
    "time_in_app" = 387;
    }
    2019-01-16 07:24:20:675 <WordPressAppDelegate: 0x283da0c40> applicationWillEnterForeground:
    2019-01-16 07:24:20:678 PingHub connecting
    2019-01-16 07:24:21:035 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:24:21:689 <WordPressAppDelegate: 0x283da0c40> applicationDidBecomeActive:
    2019-01-16 07:24:21:691 🔵 Tracked: application_opened
    2019-01-16 07:24:22:133 PingHub connecting
    2019-01-16 07:24:22:217 🔵 Tracked: notifications_accessed
    2019-01-16 07:24:22:405 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:24:22:416 Error while Updating Last Seen Timestamp: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:23:913 🔵 Tracked: notification_tapped_segmented_control, properties: {
    "selected_filter" = Unread;
    }
    2019-01-16 07:24:23:981 Pushing Notification Details for: [3513040666]
    2019-01-16 07:24:24:113 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:24:24:273 Error marking note as read: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:24:334 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:24:24:605 PingHub connecting
    2019-01-16 07:24:24:880 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:24:26:794 🔵 Tracked: notification_tapped_segmented_control, properties: {
    "selected_filter" = Unread;
    }
    2019-01-16 07:24:26:840 Pushing Notification Details for: [3512323824]
    2019-01-16 07:24:26:871 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:24:26:978 Error marking note as read: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:27:021 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:24:29:968 PingHub connecting
    2019-01-16 07:24:30:282 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:24:33:295 PingHub connecting
    2019-01-16 07:24:33:626 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:24:37:613 TracksService sendQueuedEvents completed. Sent 7 events.
    2019-01-16 07:24:41:674 Pushing Notification Details for: [3448365157]
    2019-01-16 07:24:41:704 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:24:41:812 Error marking note as read: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:41:897 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:24:43:722 Pushing Notification Details for: [3447411789]
    2019-01-16 07:24:43:753 🔵 Tracked: notifications_notification_details_opened, properties: {
    "notification_type" = "new_post";
    }
    2019-01-16 07:24:43:883 Error marking note as read: Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:43:926 Error fetching post for detail: Optional("The OAuth2 token is invalid.")
    2019-01-16 07:24:45:775 🔵 Tracked: me_tab_accessed
    2019-01-16 07:24:45:820 🔵 Tracked: notification_settings_list_opened
    2019-01-16 07:24:45:880 PingHub connecting
    2019-01-16 07:24:46:012 Failed to fetch user details for account <WPAccount: 0x2835be8f0> (entity: Account; id: 0xf1f886086a2aeadb <x-coredata://8F80F48C-9BBB-489F-85D9-675D9C98B990/Account/p2> ; data: {
    avatarURL = "https://0.gravatar.com/avatar/ff394455f5a7503a3ab7eb1b62fccb87?s=96&d=identicon";
    blogs = "<relationship fault: 0x28168f5e0 'blogs'>";
    dateCreated = "2010-11-28 12:29:14 +0000";
    defaultBlog = "0xf1f886086a3aead9 <x-coredata://8F80F48C-9BBB-489F-85D9-675D9C98B990/Blog/p6>";
    displayName = Chillieh;
    email = "powersthatbeat@gmail.com";
    emailVerified = 1;
    settings = "0xf1f886086a2aeadf <x-coredata://8F80F48C-9BBB-489F-85D9-675D9C98B990/AccountSettings/p2>";
    userID = 18647202;
    username = powersthatbeat;
    uuid = "E977E709-E70F-4D31-9840-E2DD7B07898C";
    }). Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:46:174 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)
    2019-01-16 07:24:47:234 🔵 Tracked: editor_post_created, properties: {
    "blog_id" = 18033618;
    "tap_source" = "tab_bar";
    }
    2019-01-16 07:24:47:334 🔵 Tracked: post_epilogue_displayed
    2019-01-16 07:24:48:792 [Rest API] ! The specified path was not found. Please visit https://developer.wordpress.com/docs/ for valid paths.
    2019-01-16 07:24:50:596 🔵 Tracked: editor_discarded_changes, properties: {
    "blog_id" = 18033618;
    "editor_source" = aztec;
    "has_gutenberg_blocks" = 0;
    }
    2019-01-16 07:24:50:609 🔵 Tracked: editor_closed, properties: {
    "blog_id" = 18033618;
    "editor_source" = aztec;
    "has_gutenberg_blocks" = 0;
    }
    2019-01-16 07:24:51:144 🔵 Tracked: post_epilogue_displayed
    2019-01-16 07:24:52:445 🔵 Tracked: account_settings_opened
    2019-01-16 07:24:52:653 Error refreshing settings (unrecoverable): Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:52:773 TracksService sendQueuedEvents completed. Sent 10 events.
    2019-01-16 07:24:53:826 🔵 Tracked: my_profile_opened
    2019-01-16 07:24:54:007 Error refreshing settings (unrecoverable): Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.}
    2019-01-16 07:24:55:812 🔵 Tracked: app_settings_opened
    2019-01-16 07:24:56:693 🔵 Tracked: notification_settings_list_opened
    2019-01-16 07:24:56:916 Could not sync sites: Optional(Error Domain=WordPressKit.WordPressComRestApiError Code=1 "The OAuth2 token is invalid." UserInfo={WordPressComRestApiErrorCodeKey=invalid_token, NSLocalizedDescription=The OAuth2 token is invalid., WordPressComRestApiErrorMessageKey=The OAuth2 token is invalid.})
    2019-01-16 07:24:59:419 🔵 Tracked: support_opened
    2019-01-16 07:24:59:428 Zendesk - read profile from User Defaults: ["email": elyssad@outlook.com, "name": Penguin]
    2019-01-16 07:24:59:428 Zendesk - read profile from User Defaults: ["email": elyssad@outlook.com, "name": Penguin]
    2019-01-16 07:25:05:729 PingHub connecting
    2019-01-16 07:25:06:065 PingHub disconnected: WSError(type: Starscream.ErrorType.upgradeError, message: "Invalid HTTP upgrade", code: 403)

    Secure a hacked or compromised account - Google Account Help

    Secure a hacked or compromised account - Google Account Help

    This describes what I was experiencing. 




    Secure a hacked or compromised account

    If you notice unfamiliar activity on your Google Account, someone else might be using it without your permission. Use the info below to help spot suspicious activity, get back into your account, and make it more secure.

    Step 1: Sign in to your account

    Sign in to the Google Account you want to secure.

    If you can't sign in

    Go to the account recovery page, and answer the questions as best you can. These tips can help.

    Use the account recovery page if:

    • Someone changed your account info, like your password or recovery phone number.
    • Someone deleted your account.
    • You can't sign in for another reason.

    Tip: To make sure you're trying to sign in to the right account, try recovering your username.

    Step 2: Review activity & help secure your account

    1. Go to your Google Account.
    2. On the left navigation panel, click Security.
    3. On the Your devices panel, click Manage devices.
    4. Check for any devices you don't recognize.
      • If you find a device that you don't recognize, tap Don't recognize a device? Then, follow the steps on the screen to help secure your account.
      • If you recognize all the devices, but still believe someone else is using your account, find out if your account has been hacked.

    Step 3: Take more security steps

    If you think your account has suspicious activity, you might need to remove harmful software. To improve your account's security, install and run trusted anti-virus software.

    You can also reset your computer to its factory settings and reinstall the operating system.

    Important: Make sure to back up the files you need. Learn how to upload files to Google Drive.

    Find out if your account has been hacked

    If you notice any of these signs, someone else may be using your Google Account.

    Important: If you think someone else is using your Google Account, change your password immediately for:

    • Your Google Account (if you didn't already change it after you noticed suspicious activity)
    • Apps and sites where you use the same password you used for your Google Account
    • Apps and sites that contact you through your Google Account email address
    • Apps and sites where you sign in with your Google Account email address
    • Apps and sites for which you've saved passwords in your Google Account

    Suspicious account activity

    Correct the setting immediately if you see unfamiliar changes to these settings:

    Your financial activity might be suspicious if:

    Note: We'll use your recovery phone number and email address to tell you about suspicious activity.

    We'll inform you of unusual activity through:

    • A notification about an unusual sign-in or a new device using your account.
    • A notification that there was a change to your username, password, or other security settings, and you didn't make the change.
    • A notification about some other activity you don't recognize.
    • A red bar at the top of your screen that says, "We've detected suspicious activity in your account."
    • Your "Device activity and security events" page.

    Suspicious activity in Google products you use

    Gmail settings

    Correct the setting immediately if you see unfamiliar changes to:

    Gmail activity

    Your Gmail activity might be suspicious if:

    • You stopped getting emails.
    • Your friends say they got spam or unusual emails from you.
    • Your username has been changed.
    • Your emails were deleted from your inbox and aren't found in Trash. You can report emails have gone missing and possibly recover them.

    Your YouTube activity might be suspicious if:

    Your Google Drive activity might be suspicious if:

    Your Google Photos activity might be suspicious if:

    Your Blogger activity might be suspicious if:

    • Posts you didn't publish appear on your blog.
    • You get comments on posts you didn't publish.
    • Your mail-to-Blogger address has changed, but you didn't change it.
    • Your blog has disappeared or been blocked.


    Elyssa D. Durant
    Policy & Research Analyst

    Saturday, January 12, 2019

    Customer Support

    Customer Support



    Customer Support

    PC Office has been integrated with Sync in our new PC Office so that you can now manage documents conveniently from one product. 

    After installing PC Office(www.polarisoffice.com/en-us/products/windows) on your PC, refer to the information below to understand how you can sync your documents easily using Sync folder(Windows explorer). 

    First, check to see whether your PC Office "Sync" preferences are set: 
    1. Run PC Office program and make sure you are signed in.
    2. From the Windows Start menu's task tray bar > right-click PC Office icon 


    4. Select Settings icon > select Settings. 


    5. Select "Sync" tab > mark the Sync checkbox then select Ok to save changes.  (If you wish to change the Sync's file path location, you may do so from here.)


    Sync documents from Sync folder(Windows explorer): 
    After turning on Sync settings(refer above), "My Polaris Drive" will show up in the Windows explorer or search the file path location of the designated Sync folder. (image shown)


    *Please note syncing may take some time to complete depending on internet strength, size/number of documents you have.

    For users that are familiar with Polaris Office Sync(Win), the functions are similar to the Sync folder where you can drag/copy/delete documents in the Windows explorer's "My Polaris Drive" and these document will be reflected the same in all connected devices. 

    If you are in Offline network mode, documents will automatically sync to Polaris Drive when internet connection is detected. 
    (Internet connection is mandatory for document synchronization)


    Elyssa D. Durant
    Policy & Research Analyst

    Thursday, January 10, 2019

    Anonymous 2008

    Anonymous

    Written January 2008

    When YouTube pulled down a leaked Tom Cruise video hyping the Church of Scientology, it unleashed the wrath of the hacker collective Anonymous. The group attacked Scientology websites and rallied protests of the church via social media. Over the next several years, Anonymous became a potent political force. During 2011's Arab Spring, the group launched Operation Tunisia to fight against government surveillance. The next year, Anons claimed to have attacked 650 websites in Israel after the country's latest actions in the Gaza Strip.

    Power Grids and Fighter Jets are where we are now. 


    Fast forward to April 2009.  

    Current and former U.S. officials revealed to The Wall Street Journal that Chinese and Russian spies hacked our critical infrastructure, including power  grids. One official said that the intruders had not yet sought to destroy these systems, but had left behind software programs that would enable them to do so at the flick of a switch. "If we go to war with them," he warned, "they will try to turn them on." Department of Homeland Security head Janet Napolitano said that "the vulnerability is something [we] have known about for years." Reports also implicated China for hacking into the plans for the Pentagon's $300 billion Joint Strike Fighter project. The Chinese Embassy responded in a statement that China "opposes and forbids all forms of cybercrimes" and called the reports "a product of the Cold War mentality…fabricated to fan up China threat sensations."

    North Korea

    July 2009

    After sanctions were imposed on North Korea following nuclear tests in late May, the U.S. and South Korea faced days of sustained cyberattacks. In the U.S., computers at agencies including the Defense Department, the Treasury Department, the Secret Service, the State Department, the Federal Trade Commission and the Federal Aviation Administration were subjected to denial-of-service attacks, along with tens of thousands of computers in South Korea, according to that country's National Intelligence Service. Though North Korea was suspected of having orchestrated the attacks, the source remains unknown.

    Operation Aurora

    January 2010

    Google was attacked by hackers in China. Dubbed Operation Aurora, after the type of application the hackers used, the massive case of cyberespionage was later attributed to the Chinese government, with U.S. companies including Adobe, Symantec, Northrop Grumman, Morgan Stanley and Yahoo falling victim. U.S. government officials later said that the hackers breached a secret database with what the Washington Post called "years' worth of information about U.S. surveillance targets," specifically Chinese spies being monitored in the United States.

    Stuxnet

    Summer 2010

    Cyberwar entered a dangerous new era with Stuxnet, a computer worm said to have been created by the U.S. and Israel that attacked a uranium-enrichment plant in Iran. By compromising the industrial systems-operation software, Stuxnet was capable of spying on and controlling the computers, as well as destroying centrifuges. Stuxnet, which could be installed on infected thumb drives, spread out of control to at least five other countries, including the U.S. Defense Secretary Leon Panetta warned of a possible "cyber Pearl Harbor."

    Operation Shady RAT

    August 2011

    McAfee, the security-research firm, uncovered a massive five-year wave of hacker attacks against governments, nonprofits and corporations around the world. Called Shady RAT, for the remote-access tool used by the infiltrators, the breaches hit over 70 organizations including government agencies in the U.S., Taiwan, Canada, and India, as well as the International Olympic Committee and several defense contractors. McAfee attributed the attacks to a single state actor, though didn't name the country, which some sources believe to be China. "This is the biggest transfer of wealth in terms of intellectual property in history," a McAfee exec said at the time. "The scale at which this is occurring is really, really frightening."

    U.S. Weapons Plans Hacked

    May 2013

    In a report prepared for the Pentagon, the Defense Science Board found that hackers from China had accessed plans for more than two dozen of the U.S.'s most advance weapons systems. The targets included the Patriot missile system, Aegis ballistic-missile-defense system, Black Hawk choppers and the $1.4 trillion F-35 Joint Strike Fighter, the costliest fighter jet ever made. "When I look at the theft of intellectual property to the tune of $1 trillion," said Texas Rep. Michael McCaul, "that's a serious economic issue for the United States." A Chinese Foreign Ministry spokesman responded by saying that "China pays high attention to the cybersecurity issue and is firmly opposed to all forms of hacker attacks."

    Iran Hacks U.S. Energy Companies

    May 2013

    Hackers, with the support of the Iranian government, were exposed for targeting oil and gas companies in the U.S. "This is representative of stepped-up cyberactivity by the Iranian regime. The more they do this, the more our concerns grow," one U.S. official said. "What they have done so far has certainly been noticed, and they should be cautious."

    U.S. Goes on the Cyberoffensive

    June 2013

    An unpublished presidential directive from Obama leaked, showing that the U.S. is going on the cyber offense. "Offensive Cyber Effects Operations," the report stated, "can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging." Among other things, the report authorized cyberwar attacks when "U.S. national interests and equities" were at stake, but also left room for "anticipatory action" just in case. Adding fuel to the fire, National Security Agency leaker Edward Snowden claimed that the U.S. has already hacked thousands of targets, including computers in China.




    • I

    Cyberwar, like any war, never rests. Neither does the simulated one taking place at HackMiami, where co-founder Rod Soto, a 38-year-old computer-security specialist from the area, is running a cyberwar game. Though the consequences of their hacking are fake, the technology they're breaking is real. They actually are hacking Fedora, an operating system used by computers in China, infiltrating Zeus, a malicious "botnet" army of computers, and commandeering North Korean industrial controls for power-plant systems. It's just that everything's simulated and run on a closed network, so as not to inadvertently start World War III. The purpose of this event, besides the recruiting going on, is to teach the hackers how to find vulnerabilities in other nation's machines. "It gives you the blueprint and the knowledge if you ever want to attack them," Soto says.

    So far, the truth about the extent of the U.S.'s offensive attacks against other countries has been shadowy at best. There's Stuxnet, which has yet to be officially attributed to the U.S. (or Israel), and NSA leaker Edward Snowden's recent claim the U.S. has launched widespread cyberattacks against China. Beyond that, the closest we've come was Hillary Clinton's admission last year of a State Department attack on an Al Qaeda propaganda site in Yemen.

    Related: Julian Assange Opens Up About Wikileaks Battle, House Arrest and the Future of Journalism

    The tensions around this topic are partly because the laws governing cyberwar are still being determined. As Rear Adm. Margaret Klein, chief of staff of Cyber Command, the Ft. Meade-based defense center for U.S. military networks, put it last year, "Attorneys and scholars face a variety of complex legal issues arising around the use of this new technology." But experts are pushing for more offensive measures regardless. The Commission on the Theft of American Intellectual Property concluded that "new options need to be considered." It seems our government is already heeding the call.

    A June leak of a presidential directive from Obama, which had been issued in October, reveals that the U.S. is, at the very least, getting its cyberwarriors in line. In addition to calling for a list of international targets, the directive argued that "Offensive Cyber Effects Operations... can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging."

    But while the government remains quiet about the existence or extent of their offensive measures, hackers and contractors I spoke with are, albeit cautiously, more forthcoming. HackMiami organizers James Ball and Alex Heid, security specialists for a major financial company they prefer not to name so as not to anger their bosses, say they have based this weekend's cyberwar simulation on real-life hacks they conducted on their own of terrorist networks and organized-crime groups. Ball infiltrated an Al Qaeda forum online and posted the archives on his site, TerroristMedia.com. Heid became notorious for hacking the stealthy Zeus botnet in Russia.

    But the government hires private contractors to do such attacks on its behalf as well. The cyberwar underworld is rife with contractors who fashion themselves to be "the Blackwater of the Internet," as Heid puts it, "information mercenaries…private sector guys who are going on the offensive, but you don't hear about it." At least not usually.

    Companies like Accuvant are capable of creating custom software that can enter outside systems and gather intelligence or even shut down a server, for which they get can paid up to $1 million. For example, Humperdink says, they would be able to unleash an attack to take a country like China completely offline. "We could stop their cyberwarfare program," he says. "Five years ago, I remember the North Koreans were doing missile testing, right? If [the U.S. government] came to a company like us and said, 'Here's $15 million,' we could turn a North Korean missile into a brick. If you came to us with $20 million and said, 'We wanna disable every computer there in Iran, and they'd have to replace them' – not a problem." For added flair, each program Accuvant sells gets its own cyberpunk handle – like Purple Mantis – and is delivered on a jet-black thumb drive inside a custom case with the name laser-etched on a plaque.

    "So how many offensive plays are going on now?" I ask.

    "A lot," Bonvillain says.

    "More than people would realize?"

    "Yes," he replies.

    Then Bonvillain falls silent. He puffs his e-cigarette, considering a more diplomatic response. "The U.S. government," he says, "is great at hiding everything they do."

    To see what the front line of cyberwar really looks like, I visit the National Cybersecurity and Communications Integration Center in Arlington, Virginia, the Department of Homeland Security's mission control. It's one of our most important hubs in digital warfare, alongside the FBI and NSA. A wall of video screens show online the attacks on the IRS and NASA – both agencies were compromised by a Distributed Denial of Service Attack, a technique that floods a site with access requests, slowing or downing it completely.

    The four-year-old NCCIC – employees pronounce it "enkick" – is the country's nerve center for online threats. Twenty-four hours a day, teams drawn from a pool of 500 DHS cyberpersonnel sit at the ready in this sprawling, windowless command cave. Flickering diagrams on the front wall track the dangers in real time: traffic anomalies at federal agencies, cyberalert levels for each state's website, a map of our country's telecommunications system ("There's no cyber without fiber!" a steely engineer tells me).

    Fortunately, at the moment, the threat against the IRS and NASA proves to be relatively harmless. However, the number of cyberincidents is on the rise. Fiscal year 2012 saw 190,000; this year's number is already over 214,000.

    Overhauling the feds' image to lure young tech talent has become a major priority. In a way, it's akin to the shift in Silicon Valley – away from the business suits of IBM to the Adidas sandals of today. The National Science Foundation now offers a CyberCorps Scholarship for Service program that places winning students in government agencies. The DHS is among the sponsors of the invite-only "Cyber Camps," which hold hacking contests for prospective employees. Aside from the "sense of duty" and high-level security clearance that NCCIC director Larry Zelvin tells me lures his team away from fat paydays elsewhere, the power of being inside the government system is the greatest perk. "You just don't get that in a corporation," he says.

    Last year, the DHS assembled a cyberskills task force, which drew from hacker hubs including Facebook and DefCon, to recommend changes in their recruiting. To get the estimated 600 more hackers the DHS needs, the report concluded, the agency should "focus more attention and resources on…'branding' of cybersecurity positions," including "cool jobs."

    Napolitano says that "the money and the culture" are the chief obstacles the Department of Homeland Security runs into when recruiting hackers to join. "We don't require our folks to wear a coat and tie," she says, "and I'm not interested in the precise hours they work as much as I'm interested in getting the work done" – but she stops short of saying hackers can work from home in Teenage Mutant Ninja Turtle pajamas.

    But maybe if you're young and brilliant and looking for online action, there's something undeniable about working for the biggest, baddest government on the planet. Sitting here under the dormant red warning lights, there's a sense of being at the center of the matrix – and this is plenty tantalizing for some, including th3_e5c@p15t, winner of the cyberwar contest back at HackMiami. With his skills, he can write his own ticket, which he hopes to cash in with the feds. He says he wants to be as close to the front line as he can get: "I see it as a righteous causes 



    Elyssa D. Durant
    Policy & Research Analyst