According to the article, they performed an inventory of the network, finding ca. 6,000 machines, many of whose IPs are accessible “publicly and directly with the system’s source code” (?), as well as a large number of hidden nodes.
There’s a lack of detail, but supposedly the attack involves creating a virus (?) and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them – again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.
I’m skeptical, as the piece contains just too much “oh, and then you hack component x and compromise component y and voilà, you’re in” to necessarily be plausible. Furthermore, the ESIEA page has a large video presentation on French backwardness in “cyberwarfare” – any time a reputable institution uses such terms, it makes me wonder how much it’s angling for more funding from buzzword-prone politicians, with resulting pressure on researchers to provide supporting, news-grabbing headlines.
However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.