Tor Project suffers hack attack

Summary:Hackers broke into two of Tor Project servers and used the CPU and bandwidth to launch additional attacks.

The Tor Project, a service that provides privacy and anonymity to Web users, said hackers broke into two of its servers and used the CPU and bandwidth to launch additional attacks.

Tor project lead Roger Dingledine confirmed the hack in an e-mail that urged users to immediately upgrade to get fresh identity keys for the two compromised directory authorities.

Dingledine writes:

We took the services offline as soon as we learned of the breach. It appears the attackers didn't realize what they broke into -- just that they had found some servers with lots of bandwidth. The attackers set up some ssh keys and proceeded to use the three servers for launching other attacks. We've done some preliminary comparisons, and it looks like git and svn were not touched in any way.

We've been very lucky the past few years regarding security. It still seems this breach is unrelated to Tor itself. To be clear, it doesn't seem that anyone specifically attacked our servers to get at Tor. It seems we were attacked for the CPU capacity and bandwidth of the servers, and the servers just happened to also carry out functions for Tor.

The attackers did not meddle with the Tor source code, he said.  "We made fresh identity keys for the two directory authorities, which is why you need to upgrade," Dingledine added.

Users are strongly encouraged to upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha.

ALSO SEE:

    Topics: Security, Hardware, Servers

    About

    Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

    zdnet_core.socialButton.googleLabel Contact Disclosure

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Related Stories

    The best of ZDNet, delivered

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.