Hackers break into two FreeBSD Project servers using stolen SSH keysNovember 19, 2012 – 9:24 AM
Intrusions on two machines within the FreeBSD.org cluster were detected on Nov. 11, the FreeBSD security team said Saturday. “The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution,” said a message on the project’s public announcements mailing list. The two compromised servers acted as nodes for the project’s legacy third-party package-building infrastructure, the FreeBSD Project said in an advisory posted on its website. The incident only affected the collection of third-party software packages distributed by the project and not the operating system’s “base” components, such as the kernel, system libraries, compiler or core command-line tools. The FreeBSD security team believes the intruders gained access to the servers using a legitimate SSH authentication key stolen from a developer, and not by exploiting a vulnerability in the operating system.