Here's how it could have worked. User logs into Playpen onion site, which the FBI is running (and still serving child porn, I note). Then malware gets downloaded. Maybe it was a classic dropper, or maybe part of an image file or whatever. OK, so Tor browser doesn't affect Internet connectivity for other apps. So the FBI malware just phones home, pwning the user.
