They didn't get him via TOR. If you start reading on page 26, it states that Jeremy hammond revealed personal info to the confidential witness (CW-1). It was this personal info he shared that was used to identify Hammond as the suspect.
It's interesting because the FBI was in a perfect position to perform the most well-known attack on Tor: a correlation / timing attack. "If your adversary can watch both ends of the connection, you lose." They could watch his end and probably knew where the chat server was located. If it was located in the US, it would have been pretty straightforward to send an agent / install a device at the data center and watch the traffic on both ends. Even if the server was in another country, it would be slightly more complicated to set up, but I'm sure local law enforcement would cooperate.
Despite all that, their "correlation attack" was distinctly low-tech. They watched the traffic leaving his residence and confirmed with a confidential informant logged into the chat server that he was online. It just shows that despite all the paranoia of the crypto-nerd crowd, even the second most sophisticated government agency in the world (perhaps after the NSA), pursuing a high value target, still can't or doesn't want to perform those kinds of attacks (maybe because they aren't reliable enough to hold up in a court of law).
And the CCC was claiming that they could fingerprint encrypted connections with 40% reliability. That's so far from being an effective real-world attack by even the most sophisticated organizations, that you'd be wasting your time ever worrying about it.
I'm not sure what's wrong with the low-tech solution. Why is a sniffer preferable to an informant? Don't go with the high-tech option just because it's high-tech.
I think Hollywood and perhaps even our own fascination with technology misleads us, blinding our eyes to what has been proven to be simple and effective time and time again.
