Good day,
What these researchers showcased (and made possible via the linked tool) is to use hash based analysis to find Hidden Service Directories responsible for a specific Hidden Service. Via this method, they can pinpoint the six directory servers responsible for a given hidden service on a specific date, which are chosen by a client trying to access said hidden service on a radom basis. Via a brute-force attack, it is possible to use this knowledge to gain the responsibilty for the directory of a hidden service you’d like to attack. This method can easily be used to deanonymize those trying to access said hidden service and it is much easier to do than more famous methods, which require control of a large chunk of the Tor network to work properly.
The researchers who found this method actually where able to take over four of the six directory servers employed by the Facebook Hidden Service on the day of their presentation via this method.
That is the reason why in certain situations, using the “normal TLS based version” of a public website via Tor is better then using the Hidden Service.
A way to prevent this would be a overhaul of the current design the Tor network employs currently discussed here: 224-rend-spec-ng - Tor design proposals Another way would perhaps be to combine TLS and Hidden Services, though getting a certificate for a Hidden Service isn’t that easy at this point in time.
The tool I linked to on Github actually is the one used for this kind of attack. More information can also be found here: Non-Hidden Hidden Services Considered Harmful: Attacks and Detection « HITBSecConf2015 – Amsterdam
Have a nice day,
Ego