It is a hard job hacking into Tor, even for state sponsored parties. There’s at least one way to do it – some form of correlation attack but that is still rather unpredictable. So how would the US government pursue criminal using the anonymizer? The answer lies in malware. A document proposing greater warrant powers in this respect has been submitted to the US judicial system. As per the document, law enforcement agencies should be granted flexibility to allow hacking computer systems suspected to be used for criminal intent.
If this proposal is granted, upon obtaining a warrant, agents will launch a well co-ordinated social engineering campaign to catch suspected criminals. As noted by Techdirt, the actual intent of the proposal is well hidden deep in the document (on page 201):
In the normal course of operation, websites send content to visitors. A user’s computer downloads that content and uses it to display web pages on the user’s computer. Under the NIT authorized by this warrant, the website would augment that content with some additional computer instructions. When a computer successfully downloads those instructions from Website A, the instructions are designed to cause the “activating” computer to deliver certain information to a computer controlled by or known to the government. That information is described with particularity on the warrant (in Attachment B of this affidavit), and the warrant authorizes obtaining no other information. The NIT will not deny the user of the “activating” computer access to any data or functionality of that computer.