4 comments

[ 2.9 ms ] story [ 34.0 ms ] thread
No word on how they got in. Weak password perhaps?
Key point: this was not an attack on, or a vulnerability in, Tor proper. Someone cracked one of the servers that happened to be a Tor infrastructure box.

The system got shut down when the developers discovered it, the identity keys were changed, and damage should be minimal or non-existent.

How troubling is it that Tor Project hasn't revealed an attack vector yet (maybe they don't know)?

The source message indicates that they don't think the hackers knew that they had compromised Tor servers. How likely is that?