It's also possible that those pieces of evidence were discovered _after_ some other, illegal methods were used.
Except that, in this case it wouldn't have required any *illegal* method (1) (2).
It would have required method which go against anything that is currently known in cryptography.
The cryptographic methods which form the basis of Tor are sound and unbroken as of yet.
Tor is sufficiently well designed to avoid bugs and exploits that might lead to leaks (Side-channels, etc.)
To actual crack Tor open, you need to beat modern cryptography.
And the NSA doesn't have a monopoly on brains, and modern research is (as always) standing on the shoulder of giant.
Public academic research has brains involved, and has access to previous research, just like the NSA.
Chance are, if researcher at the NSA find a way to break open modern cryptography, research in universities will end up discovering the same findings on their own too. If nobody in the academic field is suspecting any danger on modern cryptography, chance are that the NSA can't find way around it neither.
(That's why the Snowden revelations, although suprising for the general population, wheren't that much a surprise for the specialist in that fields: it's merely a confirmation for methods which were suspected for a while).
Traffic analysis can't help you to beat Tor, simply due to the latency of the network and the wide usage:
So okay, you want to monitor entry and exit nodes to match them. You got a positive hit on an exit node connecting to a known "enemy location" (an anti-government website), what next? Well, any of the entry node (not only those you're watching, but the other too) could have initiated the request, and that request hasn't been issued right now, but somewhen in the past, over a period corresponding of the typical latencies you see on Tor network.
So you need to be lucky that the entry node was one you're watching.
And you have to correlate your hit with *ALL THE TRAFFIC* from *ALL THE NODES YOU'RE WATCHING* over a *LONG DELAY IN THE PAST* (instead of exactly the same time). That's a metric fuck ton of data. Your important match is lost in a sea of noise. The 1 single contact to a subversive site is just lost under a sea of avarage users surfing porn and simply using Tor for the added anonymity and to circumvent restrictions.
You can't make a correlation, because there are simply too many orders of magnitude difference between the signal and all the noise to be able to make any significant and relevant statistics. Traffic Analysis can't help you get Tor down.
Until now, all attacks against Tor haven't been against its cryptographic basis, nor have been against its complex network. The attacks have been against stupid mistakes and blunders, like vulnerabilities inside the browser used to surf on tor (for exemple, an older unpatched firefox was used by some)
So intelligence services are able sometime to get some info out. But this isn't because of Tor itself (Tor didn't bring down Silk Road). It isn't because of Traffic Analysis either. It's because some users used an unpatched browser and got hacked, just like any other common driver-by attack.
Tor network can be trusted to keep secrets. Buggy software can't.
----
(1): Well except under weird legislation, where DCMA do apply and where breaking any form of encryption is illegal. So in the case of Silk Raod and USA, such methods might indeed have been illegal.
(2): "Illegal". Well mostly because you want to keep the first lead *secret* (either because it's illegal, or because it's a state secret). You know X is guilty, but you can't build a case because the method is illegal. So you keep watching the known guilty X, until he does other mistakes that reveal him and use these to build the legal case.