The fact that a malware attack on several Tor websites coincided with the arrest of a man believed to be hosting illegal services on the Tor Network has led many to believe that the US government might be involved.

A few days ago, security experts from Cryptocloud and Baneki Privacy Labs analyzed some IP addresses from the attack and determined that the malware might be the property of the United States National Security Agency (NSA).

As soon as the results of their research were published, many experts contested the accuracy of their analysis. Now, Cryptocloud and Baneki Privacy Labs admit that they were, at least partly, wrong.

They’ve agreed that the DomainTools results were inaccurate when they attributed the IP address to SAIC, a US defense contractor. Furthermore, the Robtex results which showed that the IP block used by the malware was attributed to the NSA were also erroneous.

Cryptocloud and Baneki Privacy Labs were certain that the Robtex results they analyzed on Monday morning pointed to the NSA. However, now, the results are different, and the block of IPs covering 65.192.0.0/11 to 65.222.202.53 doesn’t have any connection to the NSA.

While they admit that they’re not specialized in working with Robtex, the security experts are still not 100% convinced that the NSA doesn’t have anything to do with the TOR attack.

“We know the NSA tracks Tor - no secret there - and we know domestic U.S. LEOs have a collective stiffie over the idea of hitting Tor hard, and also tossing heavy FUD on it so people use it less... and thus run plaintext more, and are easier to surveil as a direct result. Would they bring in the big guns of the NSA, to run this show?” the researchers wrote in a lengthy post.