Tor users have been advised to upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha, following a security breach that left two of the seven directory authorities compromised (moria1 and gabelmoo).
According to Roger Dingledine, Tor’s original developer and current Director, another new server has been breached along the previously mentioned two, but it contained only metrics data and graphs.
In a message on the Tor mailing list, he says that all the compromised servers have been reinstalled, and that the reason behind the advice to upgrade is that they made fresh identity keys for the two directory authorities.
“Moria also hosted our git repository and svn repository. We took the services offline as soon as we learned of the breach. It appears the attackers didn’t realize what they broke into — just that they had found some servers with lots of bandwidth. The attackers set up some ssh keys and proceeded to use the three servers for launching other attacks. We’ve done some preliminary comparisons, and it looks like git and svn were not touched in any way,” wrote Dingledine.
He goes on to reassure users that users couldn’t have been matched with destinations since directory authorities don’t know enough to match a userand traffic or destination. He also says that they checked Tor’s source code for any changes, but found none.
“To be clear, it doesn’t seem that anyone specifically attacked our servers to get at Tor. It seems we were attacked for the cpu capacity and bandwidth of the servers, and the servers just happened to also carry out functions for Tor.”