There was a big cyber attack on anonymous online network Tor over the weekend that led to the bust of an alleged child pornography "facilitator" by the FBI.

While many assumed that the attack came from the FBI, some hackers have found evidence that leads straight back to the National Security Agency — opening up all kinds of interesting questions.

Here's what the hackers found:

Everyone's been assuming it's the FBI ... It's worth noting that nobody has taken public credit for this #torsploit malware yet, so attributing it to the FBI is a leap of assumptive logic.

via CryptoCloud



That IP address is part of IP space directly allocated to the NSA's Autonomous Systems (AS). It's not FBI; it's NSA.

Although this isn't proof that the NSA was involved in the hack, it certainly suggests that they were.

Of course, the reality could be even more complicated. One of the commenters, Pattern_Juggled — in a comment aptly titled "PsyOps" — pointed out that leaving evidence of an IP address inside a hack was "sub-amateur."

From the comment:

There's whole forms of artistry that have evolved around obfuscation of [Command and Control] infrastructures, cat-and-mouse games with malware researchers that have extended years, decades.



The issue of "attack attribution" is a big one when the big boys talk about nation-level cyber conflict. Tracking back who did what, uncovering false flags, and false-flagged false flags... these guys know that game very, very well. They've forgotten more than us mere mortals are likely to learn in a lifetime.

Basically, Pattern_Juggled is saying that attribution in the professional league of hackers is always a big game, and that someone — possibly the FBI — planted the IP address in the hack to make it look like it was the NSA.

Though, in Pattern_Juggled's analysis, the NSA probably did it on purpose to send a message to the encrypted world of communications:

It's psyops - a fear campaign. FUD [fear, uncertainty, doubt] on meth. They want to scare folks off Tor, scare folks off all privacy services. They want people to feel vulnerable, insecure, uncertain... they want them to doubt everything they think they know about online security. And sticking the three letters - NSA - on the whole thing does a great job at that, doesn't it?