[bvinc]

There was a posts week or two ago from a person running a legit Tor service that was analyzing all of the attacks he received.

He said something seemed to be dos'ing the guard nodes, causing his service to automatically choose a new guard, in an attempt to get his service to connect to a guard node controlled by the adversary. He said in one case, they found his server's actual IP address and dos'd it.

Could that be what happened?

[ohmygodel]

I assume you refer to [0]. He says "If [the adversary] can knock me off enough guards, my tor daemon will eventually choose one of his guards. Then he can identify my actual network address and directly attack my server. (This happened to me once.)" I question how the author is sure this is what happened to him. But he may be right, and moreover that attack may have been performed against the "dark web tycoon" that is the subject of this post. However, it does seem to be somewhat challenging to perform, as Tor keeps trying to use all recent guards ever contacted, and so you'd have to simultaneously make all chosen guards unresponsive until a malicious guard is selected.

[0] http://www.hackerfactor.com/blog/index.php?/archives/868-Dea...