https://lists.torproject.org/pipermail/tor-talk/2014-December/036067.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dear all,
Many of you by now are probably aware than I run a large exit node cluster for the Tor network and run a collection of mirrors (also ones available over hidden services).
Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.
Until I have had the time and information available to review the situation, I am strongly recommending my mirrors are not used under any circumstances. If they come back online without a PGP signed message from myself to further explain the situation, exercise extreme caution and treat even any items delivered over TLS to be potentially hostile.
Add this to your torrc file to ensure you don't use these relays as part of your circuits:
ExcludeNodes 77.95.229.0/24, 89.207.128.241, 5.104.224.15, 128.204.207.215
StrictNodes 1
Hm... concerning, but I'm not sure it applies to us exactly. Visiting a hidden service doesn't traverse an exit node but it sucks that somebody is attacking tor.