The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.According to this post in the (Simple End-User Linux) SEUL.org discussion list, three of Tor's severs were compromised earlier this month, two were part of the network's directory structure:
In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.
The breach appears to have been for CPU capacity, according to the post. And the infiltrators were using the server to launch other attacks.
The post also made it clear that the breach wouldn't make it possible for Tor users' traffic to be monitored, for the source code to have been changed, or to learn anything sensitive about the Tor service. The group says it closed the security gap, among other security measures:
We've taken steps to fix the weaknesses identified and to harden our systems further. Tor has a track record of openness and transparency, with its source code and specifications and also with its operations. Moreover, we're disclosing breaches such as this so you can monitor our status. You shouldn't assume those who don't disclose security breaches never have any!
Earlier this fall, the Great Firewall of China blocked about 80% of the publicly known Tor relays, so users in that country have to rely on private bridges to gain access to outside news and information.