Hier der interessanteste Ausschnitt aus dem Statement des GNU Projektes:

Summary

   * gnuftp, the FTP server for the GNU project was root compromised.  A
     replacement machine was rolled out in its place on the morning
     (Eastern time) of 2003-08-02.

   * After substantial investigation, we don't believe that any GNU
     source has been compromised.

   * To be extra-careful, we are verifying known, trusted secure
     checksums of all files before putting them back on the FTP site.
     That process began on 2003-08-02 and is ongoing.


                 Events Concerning Cracking of Gnuftp

A root compromise and a Trojan horse were discovered on gnuftp.gnu.org,
the FTP server of the GNU project.  The machine appears to have been
cracked in March 2003, but we only discovered the crack in the last week
of July 2003.  The modus operandi of the cracker shows that (s)he was
interested primarily in using gnuftp to collect passwords and as a
launching point to attack other machines.  It appears that the machine was
cracked using a ptrace exploit by a local user immediately after the
exploit was posted.

(For the ptrace bug, a root-shell exploit was available on 17 March 2003,
 and a working fix was not available on linux-kernel until the following
 week.  Evidence found on the machine indicates that gnuftp was cracked
 during that week.)


Given the nature of the compromise and the length of time the machine was
compromised, we have spent the last few weeks verifying the integrity of
the GNU source code stored on gnuftp.  Most of this work is done, and the
remaining work is primarily for files that were uploaded since early 2003,
as our backups from that period could also theoretically be compromised.