I'm curious to get an opinion on following:
If someone decides to exploit some sort of vulnerability in a web application of mine or performs something of malicious intent, would this individual be able to stay anonymous by adapting following procedure?
- attacker finds a crowded public space with Wi-Fi
- attacker brought a Tor Raspberry Pi which he connects to the public Wi-Fi
- attacker connects attacking device and proxy through the Tor Raspberry Pi
- attacker steals information and trashes the Tor Raspberry Pi
Would it be possible to identify the attacker in any way post exploitation?