You make me wonder if there is yet another way of compromising TOR, to ask each intelligence service to contribute a small fraction of their capacity to TOR so that the vast majority of the nodes is owned by some agency, who then exchange data through some back channel. Harder to detect and with far more resources than any single agency could provide.
Or is the NSA so large that it dwarfs the resources the rest of the world could contribute?
I don't think its out the realms of possibility for any intelligence agency to set up a LOT of servers at different ISPs with different credit cards and account owners.
The problem with that approach is that it need to be done very quietly, slowly, and secretly, while being large scale.
If a few hundred thousands nodes or a few massive large nodes suddenly popped up, then the admins of the tor directory servers (or some security research) would start asking question. It wasn't that long time ago that a rather large cluster came into discussion because it looked suspicious, and the situation got resolved a few days later.
Then it need to say quiet since nodes require up-time in order to be weighted favorable compare to other nodes. During this time they will generate traffic, noise and like a few abuse letters. That mean the ISP will be in communication with the intelligence agency, which in turn either require lies which could fail or agreements which can leak.
Simply put, it is likely easier, more cost effective and less fragile tap the back bone ISP network and sort out tor chains when needed.
Or is the NSA so large that it dwarfs the resources the rest of the world could contribute?