> Several FBI field offices were involved in the hunt, and the FBI made a first attempt to hack and deanonymize him, but failed, as the hacking tool they used was not tailored for Tails. Hernandez noticed the attempted hack and taunted the FBI about it, according to the two former employees.
No evidence that it was a TOR exploit, but I interpreted it that way because they FBI and Facebook would most certainly have known he was using TOR from his exit IP rotating frequently and FB explicitly supports a TOR server hostname.
I think it's more likely that they used something targeting the browsers, maybe with 0-days maybe not.
But it doesn't seem to me that the FBI put much effort into this whole thing, maybe it was more a concern for Facebook than for them.
As I understand it knowing that someone is using Tor is usually trivial, the exit nodes normally set a reverse DNS record that signals it and there are exit nodes blacklists
> As I understand it knowing that someone is using Tor is usually trivial
Yeah, Facebook almost certainly receives a lot of attempted traffic from those relatively few TOR exit node IPs, so I'm sure part of their system is aware that they are effectively proxy IPs.
> Several FBI field offices were involved in the hunt, and the FBI made a first attempt to hack and deanonymize him, but failed, as the hacking tool they used was not tailored for Tails. Hernandez noticed the attempted hack and taunted the FBI about it, according to the two former employees.
No evidence that it was a TOR exploit, but I interpreted it that way because they FBI and Facebook would most certainly have known he was using TOR from his exit IP rotating frequently and FB explicitly supports a TOR server hostname.