Wired reports that the FBI used a bunch of cobbled together, freely available exploits to help expose users hidden behind Tor servers back in 2012. According to the report, the FBI relied on Metasploit to first deanonymise users operating Dark Net child porn sites during a sting called Operation Tornado.

Metasploit is an open-source package that makes many of the the latest known exploits readily available to hackers. It seems the FBI relied upon an abandoned project of Metaploit called the “Decloaking Engine” to unmask users in the 2012 busts.

As its name implies, Decloaking Engine is a tool devised by Metaploit creator HD Moore to break through anonymising systems like Tor:

In 2006, Moore launched the “Metasploit Decloaking Engine,” a proof-of-concept that compiled five tricks for breaking through anonymization systems. If your Tor install was buttoned down, the site would fail to identify you. But if you’d made a mistake, your IP would appear on the screen, proving you weren’t as anonymous as you thought. “That was the whole point of Decloak,” says Moore, who is chief research officer at Austin-based Rapid7. “I had been aware of these techniques for years, but they weren’t widely known to others.”
The code for the Decloaking Engine is open, and the FBI used it as the basis for attacks that led to busts. At issue now is whether information obtained using this tool passes muster as scientific evidence according to the Supreme Court. There’s reportedly a hearing on the matter on February 23rd.

Although this early operation against anonymous users relied upon open source code, there’s evidence that the FBI’s capabilities have rapidly evolved. Although it’s not known exactly how last month’s Operation Onymous busts were accomplished, it’s pretty clear that they were more sophisticated than simply revealing somebody who didn’t properly mask their IP address