Daily Archives: July 28, 2021

Samsung Bricking Original SmartThings Hubs

Posted on by

Samsung is causing much angst among its SmartThings customers by shutting down support for its original SmartThings home automation hub as of the end of June. These are network-connected home automation routers providing Zigbee and Z-Wave connectivity to your sensors and actuators. It’s not entirely unreasonable for manufacturers to replace aging hardware with new models. But in this case the original hubs, otherwise fully functional and up to the task, have intentionally been bricked.

Users were offered a chance to upgrade to a newer version of the hub at a discount. But the hardware isn’t being made by Samsung anymore, after they redirected their SmartThings group to focus entirely on software. With this new dedication to software, you’d be forgiven for thinking the team implemented a seamless transition plan for its loyal user base — customers who supported and built up a thriving community since the young Colorado-based SmartThings company bootstrapped itself by a successful Kickstarter campaign in 2012. Instead, Samsung seems to leave many of those users in the lurch.

There is no upgrade path for switching to a new hub, meaning that the user has to manually reconnect each sensor in the house which often involves a cryptic sequence of button presses and flashing lights (the modern equivalent of setting the time on your VCR). Soon after you re-pair all your devices, you will discover that the level of software customization and tools that you’ve relied upon for home automation has, or is about to, disappear. They’ve replaced the original SmartThings app with a new in-house app, which by all accounts significantly dumbs down the features and isn’t being well-received by the community. Another very popular tool called Groovy IDE, which allowed users to add support for third-party devices and complex automation tasks, is about to be discontinued, as well.

 

Samsung’s announcement from last year laid out the goals of the transition divided into three phases. After the dust settles, it may well be that new tools will be rolled out which restore the functionality and convenience of the discontinued apps. But it seems that their priority at the moment is to focus on “casual” home automation users, those which just a handful of devices. The “power” users, with dozens and dozens of devices, are left wondering whether they’ve been abandoned. A casual scan through various online forums suggests that many of these loyal users are not waiting to be abandoned. Instead, they are abandoning SmartThings and switching to self-hosted solutions such as Home Assistant.

If this story sounds familiar, it is. We’ve covered several similar of IoT service closures in recent years, including:

Considering the typical home is a decades-long investment, we’d hope that the industry will eventually focus on longer-term approaches to home automation. For example, interoperability of devices using existing or new standards might be a good starting point. If you are using an automation system in your home, do you use a bundled solution like SmartThings, or have you gone the self-hosting route?

Source: Samsung Shuttering Original SmartThings Hubs | Hackaday

Bricking is pretty damn harsh and incredibly wasteful. Also, you bought the hardware, it’s yours!

US FTC Weighs in On Right To Repair

Posted on by

A few days ago, the US Federal Trade Commission (FTC) came out with a 5-0 unanimous vote on its position on right to repair. (PDF) It’s great news, in that they basically agree with us all:

Restricting consumers and businesses from choosing how they repair products can substantially increase the total cost of repairs, generate harmful electronic waste, and unnecessarily increase wait times for repairs. In contrast, providing more choice in repairs can lead to lower costs, reduce e-waste by extending the useful lifespan of products, enable more timely repairs, and provide economic opportunities for entrepreneurs and local businesses.

The long version of the “Nixing the Fix” report goes on to list ways that the FTC found firms were impeding repair: ranging from poor initial design, through restrictive firmware and digital rights management (DRM), all the way down to “disparagement of non-OEM parts and independent repair services”.

While the FTC isn’t making any new laws here, they’re conveying a willingness to use the consumer-protection laws that are already on the books: the Magnuson-Moss Warranty Act and Section 5 of the FTC Act, which prohibits unfair competitive practices.

Only time will tell if this dog really has teeth, but it’s a good sign that it’s barking. And given that the European Union is heading in a similar direction, we’d be betting that repairability increases in the future.

Source: FTC Rules On Right To Repair | Hackaday

Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI

Posted on by

On May 31 last year, 25-year-old Safarain Herring was shot in the head and dropped off at St. Bernard Hospital in Chicago by a man named Michael Williams. He died two days later.

Chicago police eventually arrested the 64-year-old Williams and charged him with murder (Williams maintains that Herring was hit in a drive-by shooting). A key piece of evidence in the case is video surveillance footage showing Williams’ car stopped on the 6300 block of South Stony Island Avenue at 11:46 p.m.—the time and location where police say they know Herring was shot.

How did they know that’s where the shooting happened? Police said ShotSpotter, a surveillance system that uses hidden microphone sensors to detect the sound and location of gunshots, generated an alert for that time and place.

Except that’s not entirely true, according to recent court filings.

That night, 19 ShotSpotter sensors detected a percussive sound at 11:46 p.m. and determined the location to be 5700 South Lake Shore Drive—a mile away from the site where prosecutors say Williams committed the murder, according to a motion filed by Williams’ public defender. The company’s algorithms initially classified the sound as a firework. That weekend had seen widespread protests in Chicago in response to George Floyd’s murder, and some of those protesting lit fireworks.

But after the 11:46 p.m. alert came in, a ShotSpotter analyst manually overrode the algorithms and “reclassified” the sound as a gunshot. Then, months later and after “post-processing,” another ShotSpotter analyst changed the alert’s coordinates to a location on South Stony Island Drive near where Williams’ car was seen on camera.

Williams reclassified photo

A screenshot of the ShotSpotter alert from 11:46 PM, May 31, 2020 showing that the sound was manually reclassified from a firecracker to a gunshot.

“Through this human-involved method, the ShotSpotter output in this case was dramatically transformed from data that did not support criminal charges of any kind to data that now forms the centerpiece of the prosecution’s murder case against Mr. Williams,” the public defender wrote in the motion.

[…]

The case isn’t an anomaly, and the pattern it represents could have huge ramifications for ShotSpotter in Chicago, where the technology generates an average of 21,000 alerts each year. The technology is also currently in use in more than 100 cities.

Motherboard’s review of court documents from the Williams case and other trials in Chicago and New York State, including testimony from ShotSpotter’s favored expert witness, suggests that the company’s analysts frequently modify alerts at the request of police departments—some of which appear to be grasping for evidence that supports their narrative of events.

[…]

Untested evidence

Had the Cook County State’s Attorney’s office not withdrawn the evidence in the Williams case, it would likely have become the first time an Illinois court formally examined the science and source code behind ShotSpotter, Jonathan Manes, an attorney at the MacArthur Justice Center, told Motherboard.

“Rather than defend the evidence, [prosecutors] just ran away from it,” he said. “Right now, nobody outside of ShotSpotter has ever been able to look under the hood and audit this technology. We wouldn’t let forensic crime labs use a DNA test that hadn’t been vetted and audited.”

[…]

A pattern of alterations

In 2016, Rochester, New York, police looking for a suspicious vehicle stopped the wrong car and shot the passenger, Silvon Simmons, in the back three times. They charged him with firing first at officers.

The only evidence against Simmons came from ShotSpotter. Initially, the company’s sensors didn’t detect any gunshots, and the algorithms ruled that the sounds came from helicopter rotors. After Rochester police contacted ShotSpotter, an analyst ruled that there had been four gunshots—the number of times police fired at Simmons, missing once.

Paul Greene, ShotSpotter’s expert witness and an employee of the company, testified at Simmons’ trial that “subsequently he was asked by the Rochester Police Department to essentially search and see if there were more shots fired than ShotSpotter picked up,” according to a civil lawsuit Simmons has filed against the city and the company. Greene found a fifth shot, despite there being no physical evidence at the scene that Simmons had fired. Rochester police had also refused his multiple requests for them to test his hands and clothing for gunshot residue.

Curiously, the ShotSpotter audio files that were the only evidence of the phantom fifth shot have disappeared.

Both the company and the Rochester Police Department “lost, deleted and/or destroyed the spool and/or other information containing sounds pertaining to the officer-involved shooting,”

[…]

Greene—who has testified as a government witness in dozens of criminal trials—was involved in another altered report in Chicago, in 2018, when Ernesto Godinez, then 27, was charged with shooting a federal agent in the city.

The evidence against him included a report from ShotSpotter stating that seven shots had been fired at the scene, including five from the vicinity of a doorway where video surveillance showed Godinez to be standing and near where shell casings were later found. The video surveillance did not show any muzzle flashes from the doorway, and the shell casings could not be matched to the bullets that hit the agent, according to court records.

During the trial, Greene testified under cross-examination that the initial ShotSpotter alert only indicated two gunshots (those fired by an officer in response to the original shooting). But after Chicago police contacted ShotSpotter, Greene re-analyzed the audio files.

[…]

Prior to the trial, the judge ruled that Godinez could not contest ShotSpotter’s accuracy or Greene’s qualifications as an expert witness. Godinez has appealed the conviction, in large part due to that ruling.

“The reliability of their technology has never been challenged in court and nobody is doing anything about it,” Gal Pissetzky, Godinez’s attorney, told Motherboard. “Chicago is paying millions of dollars for their technology and then, in a way, preventing anybody from challenging it.”

The evidence

At the core of the opposition to ShotSpotter is the lack of empirical evidence that it works—in terms of both its sensor accuracy and the system’s overall effect on gun crime.

The company has not allowed any independent testing of its algorithms, and there’s evidence that the claims it makes in marketing materials about accuracy may not be entirely scientific.

Over the years, ShotSpotter’s claims about its accuracy have increased, from 80 percent accurate to 90 percent accurate to 97 percent accurate. According to Greene, those numbers aren’t actually calculated by engineers, though.

“Our guarantee was put together by our sales and marketing department, not our engineers,” Greene told a San Francisco court in 2017. “We need to give them [customers] a number … We have to tell them something. … It’s not perfect. The dot on the map is simply a starting point.”

In May, the MacArthur Justice Center analyzed ShotSpotter data and found that over a 21-month period 89 percent of the alerts the technology generated in Chicago led to no evidence of a gun crime and 86 percent of the alerts led to no evidence a crime had been committed at all.

[..]

Meanwhile, a growing body of research suggests that ShotSpotter has not led to any decrease in gun crime in cities where it’s deployed, and several customers have dropped the company, citing too many false alarms and the lack of return on investment.

[…]

a 2021 study by New York University School of Law’s Policing Project that determined that assaults (which include some gun crime) decreased by 30 percent in some districts in St. Louis County after ShotSpotter was installed. The study authors disclosed that ShotSpotter has been providing the Policing Project unrestricted funding since 2018, that ShotSpotter’s CEO sits on the Policing Project’s advisory board, and that ShotSpotter has previously compensated Policing Project researchers.

[…]

Motherboard recently obtained data demonstrating the stark racial disparity in how Chicago has deployed ShotSpotter. The sensors have been placed almost exclusively in predominantly Black and brown communities, while the white enclaves in the north and northwest of the city have no sensors at all, despite Chicago police data that shows gun crime is spread throughout the city.

Community members say they’ve seen little benefit from the technology in the form of less gun violence—the number of shootings in 2021 is on pace to be the highest in four years—or better interactions with police officers.

[…]

Source: Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI

QR Menu Codes Are Tracking You More Than You Think

Posted on by

If you’ve returned to the restaurants and bars that have reopened in your neighborhood lately, you might have noticed a new addition to the post-quarantine decor: QR codes. Everywhere. And as they’ve become more ubiquitous on the dining scene, so has the quiet tracking and targeting that they do.

That’s according to a new analysis by the New York Times, that found these QR codes have the ability to collect customer data—enough to create what Jay Stanley, a senior policy analyst at the American Civil Liberties Union, called an “entire apparatus of online tracking,” that remembers who you are every time you sit down for a meal. While the data itself contains pretty uninteresting information, like your order history or contact information, it turns out there’s nothing stopping that data from being passed to whomever the establishment wants.

[…]

But as the Times piece points out, these little pieces of tech aren’t as innocuous as they might initially seem. Aside from storing data like menus or drink options, QR codes are often designed to transmit certain data about the person who scanned them in the first place—like their phone number or email address, along with how often the user might be scanning the code in question. This data collection comes with a few perks for the restaurants that use the codes (they know who their repeat customers are and what they might order). The only problem is that we actually don’t know where that data actually goes.

Source: QR Menu Codes Are Tracking You More Than You Think

Note for ant fuckers: the QR code does not in fact “transmit” anything – a server behind it detects that you have visited it (if you follow a URL in the code) and then collects data based on what you do on the server, but also on the initial connection (eg location through IP address, URL parameters which can include location information, OS, browser type, etc etc etc)

Shield TV Owners Are Pissed About the Banner Ads in Android TV – wtf are manufacturers doing advertising on products you actually own?

Posted on by

Nvidia’s Shield TVs are some of the best streaming video boxes on the market, but following a recent update to Android TV, Shield TV users are starting to see ads on their home screen and they aren’t happy about it.

The latest update to Android TV on Shield TV devices began rolling out earlier this month and featured a small UI redesign that added large banner images to Android TV’s home screen, similar to what you get when using Google TV devices like the Chromecast with Google TV.

Now technically, Google calls these banner images “recommendations,” as they are regularly updated and rotated to help users find new streaming content Google thinks they might enjoy. However, a number of Shield TV users consider these images to be advertisements (especially when they recommend shows on services users aren’t even subscribed to), and as such, have taken to showing their displeasure with the recent update by review bombing the listing for the Android TV Home app, which now has a one-star rating across more than 800 reviews.

[…]

As seen in a number of reviews and complaints on Reddit, many Shield TV users are unhappy about the way Google has killed off Android TV’s previously minimalist design by implementing intrusive banner ads that take up significantly more space, particularly on what is supposed to be a premium streaming device that goes for $150 or $200 depending on the model.

[…]

But more importantly, the addition of new banner images in Android TV is merely just one example of a growing trend in which major OS makers have begun inserting ads in a number of devices from smartphones to smart TVs. Sometimes these ads are presented as tools to help users find new content, while in other situations (like on Samsung phones), ads can appear as unwanted notifications alerting users about a newly announced Samsung device or service.

[…]

Unfortunately, oftentimes there’s no easy way to get rid of the ads, which causes user dissatisfaction or may even eventually drive users away from their current devices or platforms. But the real sad part is that until users make enough noise or cause a company’s sales to drop, it’s hard to say when this trend of seeing more and more ads in modern gadgets will stop.

Source: Shield TV Owners Are Pissed About the Banner Ads in Android TV

The argument for ads everywhere was that as you were accessing a free service, it had to be paid for by advertising. These products have all been paid for though and as such belong to you. The manufacturer has no business being on these products trying to monetise something you own even further.

iFixit CEO names and shames tech giants for right to repair obstruction – not sustainable at all

Posted on by

iFixit co-founder and CEO Kyle Wiens has exposed how companies including Apple, Samsung, and Microsoft manipulate the design of their products and the supply chain to prevent consumers and third-party repairers from accessing necessary tools and parts to repair products such as smartphones and laptops.

ZDNet Recommends

The best old phones to buy

The best old phones to buy

Why last year’s and older models make great deals.

Read More

Speaking during the Productivity Commission’s virtual right to repair public hearing on Monday, Weins took the opportunity to draw on specific examples of how some of the largest tech companies are obstructing consumers from a right to repair.

“We’ve seen manufacturers restrict our ability to buy parts. There’s a German battery manufacturer named Varta that sells batteries to a wide variety of companies. Samsung happens to use these batteries in their Galaxy earbuds … but when we go to Varta and say can we buy that part as a repair part, they’ll say ‘No, our contract with Samsung will not allow us to sell that’. We’re seeing that increasingly,” he said.

“Apple is notorious for doing this with the chips in their computers. There’s a particular charging chip on the MacBook Pro … there is a standard version of the part and then there’s the Apple version of the part that sits very slightly tweaked, but it’s tweaked enough that it’s only required to work in this computer, and that company again is under contractual requirement with Apple.”

He continued, highlighting that a California-based recycler was contracted by Apple to recycle spare parts that were still in new condition.

“California Apple stops providing service after seven years, so this was at seven years and Apple have warehouses full of spare parts, and rather than selling that out in the marketplace — so someone like me who eagerly would’ve bought them — they were paying the recycler to destroy them,” Wiens said.

Weins also pointed to an example involving a Microsoft Surface laptop.

“[iFixit] rated it on our repairability score, we normally rate products from one to 10; the Surface laptop got a zero. It had a glued-in battery … we had to actually cut our way into the product and destroyed it in the process of trying to get inside,” he said.

[…]

The other major point that was covered during the Productivity Commission’s public hearing was whether there is plausibility to introduce a labelling scheme, much like one that exists in France, in Australia.

[…]

Based on his observation, Weins said the adoption of the French index has been “pretty universal” across all five categories. He also pointed out that a recent Samsung survey showed 86% of French citizens say that the index impacts their purchasing behaviour while 80% said they would give up their favourite brand for a more repairable product.

“This is really substantially driving consumer behaviour,” he said.

For consumer group Choice, the possibility of introducing a labelling scheme to improve right to repair in Australia could work.

“We know from experience, particularly with the water and energy labelling scheme, that if you want manufacturers to improve the quality of products, start by rating and ranking them,” Choice campaign and communications director Erin Turner said during the hearing.

[…]

Source: iFixit CEO names and shames tech giants for right to repair obstruction | ZDNet

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach, will only offer support if social security number was in data

Posted on by

Law firm Campbell Conroy & O’Neil has warned of a breach from late February which may have exposed data from the company’s lengthy client list of big-name corporations including Apple and IBM.

The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company’s internal systems, has been blamed on an unnamed “unauthorised actor.”

[…]

While it’s not yet known precisely what data was accessed during the breach, the system affected held a treasure trove including “certain individuals’ names, dates of birth, driver’s license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords),” the company confirmed in a statement regarding the attack.

[…]

The company has also offered those affected a 24-month subscription to credit monitoring, fraud consultation, and identity theft restoration services – but only if they had their Social Security numbers held on the system. For those whose data did not include Social Security numbers, they get nothing bar the company’s apologies.

Source: US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach • The Register

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

Posted on by

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.

If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.

According to researchers, the vulnerability exists in a function inside the driver that accepts data sent from User Mode via Input/Output Control (IOCTL); it does so without validating the size parameter. As the name suggests, IOCTL is a system call for device-specific input/output operations.

“This function copies a string from the user input using ‘strncpy’ with a size parameter that is controlled by the user,” according to SentinelOne’s analysis, released on Tuesday. “Essentially, this allows attackers to overrun the buffer used by the driver.”

Thus, unprivileged users can elevate themselves into a SYSTEM account, allowing them to run code in kernel mode, since the vulnerable driver is locally available to anyone, according to the firm.

The printer-based attack vector is perfect for cybercriminals, according to SentinelOne, since printer drivers are essentially ubiquitous on Windows machines and are automatically loaded on every startup.

“Thus, in effect, this driver gets installed and loaded without even asking or notifying the user,” explained the researchers. “Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected.”

[…]

 

Source: 16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines | Threatpost

Cloud seeding in UAE: Artificial rain with drones, electricity

Posted on by

the UAE is now testing a new method that has drones fly into clouds to give them an electric shock to trigger rain production, the BBC and CNN have previously reported.

The project is getting renewed interest after the UAE’s National Center of Meteorology recently published a series of videos on Instagram of heavy rain in parts of the country. Water gushed past trees, and cars drove on rain-soaked roads. The videos were accompanied by radar images of clouds tagged “#cloudseeding.”

The Independent reports recent rain is part of the drone cloud seeding project.

[…]

The UAE oversaw more than 200 cloud seeding operations in the first half of 2020, successfully creating excess rainfall, the National News reported.

There have been successes in the U.S., as well as China, India, and Thailand. Long-term cloud seeding in the mountains of Nevada have increased snowpack by 10% or more each year, according to research published by the American Meteorological Society. A 10-year cloud seeding experiment in Wyoming resulted in 5-10% increases in snowpack, according to the State of Wyoming.

[…]

Source: Cloud seeding in UAE: Artificial rain with drones, electricity

How TikTok serves you content you love – simple, actually

Posted on by

A new video investigation by the Wall Street Journal finds the key to TikTok’s success in how the short-video sharing app monitors viewing times.

Why it matters: TikTok is known for the fiendishly effective way that it selects streams of videos tailored to each user’s taste. The algorithm behind this personalization is the company’s prize asset — and, like those that power Google and Facebook, it’s a secret.

How they did it: WSJ created a batch of individualized dummy accounts to throw at TikTok and test how it homed in on each fake persona’s traits.

What they found: TikTok responds most sensitively to a single signal — how long a user lingers over a video. It starts by showing new users very popular items, and sees which catch their eyes.

  • The TikTok algorithm works so well that some people think it’s reading their minds.

Yes, but: The investigation also found that TikTok — like YouTube — can lure users deep into rabbit holes of increasingly extreme content.

Source: How TikTok sees inside your brain – Axios

Google is starting to tell you how it found Search results

Posted on by

Alphabet’s (GOOGL.O) Google will now show its search engine users more information about why it found the results they are shown, the company said on Thursday.

It said people googling queries will now be able to click into details such as how their result matched certain search terms, in order to better decide if the information is relevant.

Google has been making changes to give users more context about the results its search engine provides. Earlier this year it introduced panels to tell users about the sources of the information they are seeing. It has also started warning users when a topic is rapidly evolving and search results might not be reliable.

Source: Google is starting to tell you how it found Search results | Reuters

Normal Touchscreens Can Also Detect Contaminated Water

Posted on by

We take for granted that the water coming out of the kitchen faucet is safe to drink, but that’s not always the case in other parts of the world. So researchers at the University of Cambridge are developing a new approach to testing for contaminants using a device that billions of people already use every day.

Modern capacitive touchscreens (the kind that can easily detect the subtlest finger taps instead of requiring users to press hard on the screen) feature an invisible grid of electrodes that carry a very small electrical charge. When your conductive finger touches the screen it changes the charge level at a specific location that the smartphone can detect based on grid coordinates. That’s a grossly simplified crash course on how the technology powering modern touchscreens work, but what’s important is their use of a changing electrical charge.

In a recently published paper, the University of Cambridge researchers explain how a stripped-down touchscreen—the same hardware used in smartphones and tablets—was found to be able to detect the electrically charged ions in an electrolyte. Different liquids were piped onto the surface of the touchscreen and using the standard software that’s used to test these screens, the researchers were able to differentiate the samples based on how “the fluids all interact with the screen’s electric fields differently depending on the concentration of ions and their charge.”

The touchscreens used in mobile devices are tuned and calibrated to best respond to interactions with fingers, but the researchers believe that by altering the design of the electrodes, even in just a small area of the screen (a custom app could indicate exactly where a sample needs to be placed) the sensitivity could be optimized for detecting contaminants in samples like soil and water.

[…]

Source: Normal Touchscreens Can Also Detect Contaminated Water

Saudi Aramco data breach sees 1 TB stolen data for sale

Posted on by

[…]

The threat actors are offering Saudi Aramco’s data starting at a negotiable price of $5 million.

Saudi Aramco has pinned this data incident on third-party contractors and tells BleepingComputer that the incident had no impact on Aramco’s operations.

“Zero-day exploitation” used to breach network

This month, a threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale.

ZeroX claims the data was stolen by hacking Aramco’s “network and its servers,” sometime in 2020.

As such, the files in the dump are as recent as 2020, with some dating back to 1993, according to the group.

When asked by BleepingComputer as to what method was used to gain access to the systems, the group did not explicitly spell out the vulnerability but instead called it “zero-day exploitation.”

To create traction among prospective buyers, a small sample set of Aramco’s blueprints and proprietary documents with redacted PII were first posted on a data breach marketplace forum in June this year:

forum post saudi aramco
Forum post with a link to the dark web leak site (BleepingComputer)

However, at the time of initial posting, the .onion leak site had a countdown timer set to 662 hours, or about 28 days, after which the sale and negotiations would begin.

ZeroX told BleepingComputer that the choice of “662 hours,” was intentional and a “puzzle” for Saudi Aramco to solve, but the exact reason behind the choice remains unclear:

ticking timer saudi aramco
Threat actors announced data would be up for sale after 662 hours (BleepingComputer)

The group says that the 1 TB dump includes documents pertaining to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.

And, that some of this data includes:

  1. Full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
  2. Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels, telecom, etc.
  3. Internal analysis reports, agreements, letters, pricing sheets, etc.
  4. Network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
  5. Location map and precise coordinates.
  6. List of Aramco’s clients, along with invoices and contracts.

[…]

Source: Saudi Aramco data breach sees 1 TB stolen data for sale