um, have you seen Zero Days?
http://www.thedailybeast.com/articl...rt-proof-russia-behind-dnc-podesta-hacks.html
The issue has come to the fore in the 2016 U.S. presidential election. The Department of Homeland Security and the Office of the Director of National Intelligence—a combined 17 intelligence agencies—issued a statement saying Russia was behind the election hacking.
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are
definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
There are more way to trace a origin of a cyber attack than just straight following the IPs. The infrastructure and hardware used can be traced as well historical data from previous attacks can be used to deduce a pattern.
Tor is not full proof. It has been compromised in the past.
https://en.wikipedia.org/wiki/Operation_Onymous