This is reminiscent of the 2013 takedown of Freedom Hosting.[0,1] Exploiting a JavaScript vulnerability in Firefox, compromised sites dropped a Windows executable (“Magneto”) which phoned home (bypassing Tor) with the user's MAC address and hostname. Gareth Owen identified it as EgotisticalGiraffe,[1] which is an NSA tool.[2]
>The NIT exploit bypassed Tor by creating a direct socket connection that eschews Tor's routing—in this particular case, by using a Flash component. This functionality, the experts noted, was identical to Metasploit's decloaking code.
Anonymous used the Metasploit code in a previous attack on Freedom Hosting. Both vulnerabilities used against Freedom Hosting have long been patched. I wonder what vulnerability this takedown exploited. One of the Hacking Team ones, maybe?
Er, no, since the whole HT leak happened within the last two weeks and this operation took place mostly between 2014 and early 2015.
You give the Government wayyyy too much credit if you think it can go from leaked exploit to arrests generated from said leaked exploit within a two week period. The process, like all processes quagmired in bureaucracy, takes months.
[0] http://resources.infosecinstitute.com/fbi-tor-exploit/
[1] https://ghowen.me/fbi-tor-malware-analysis/
[2] http://www.theguardian.com/world/interactive/2013/oct/04/ego...
Edit: Rereading, I see:
>The NIT exploit bypassed Tor by creating a direct socket connection that eschews Tor's routing—in this particular case, by using a Flash component. This functionality, the experts noted, was identical to Metasploit's decloaking code.
Anonymous used the Metasploit code in a previous attack on Freedom Hosting. Both vulnerabilities used against Freedom Hosting have long been patched. I wonder what vulnerability this takedown exploited. One of the Hacking Team ones, maybe?