Tor Project servers hacked

The Tor project developers have advised users to update their Tor anonymity software to version 0.2.1.22 or 0.2.2.7-alpha as soon as possible. The Tor project developers have advised users to update their Tor anonymity software to version 0.2.1.22 or 0.2.2.7-alpha as soon as possible. This is because, in early January, two of the project's seven directory authorities (moria1 and gabelmoo) as well as the metrics.torproject.org statistics server were found to have been hacked. Moria also contains the developers' Git and sub-version repositories.

The developers say they took the servers off line shortly after the intrusion was discovered. The project maintainers say the vulnerability responsible has now been fixed and the servers have been reinstalled with new keys for signing the Tor server lists the directory authorities provide – which is why Tor clients now also require updating.

So far, no repository manipulation has reportedly been discovered. It appears that the unknown intruders didn't realise exactly what they had broken in to and simply used the servers for bandwidth. According to the project maintainers, the attackers set up some SSH keys and used the servers to launch other attacks.

Source:

http://www.h-online.com