Passive or active really has nothing to do with it, it is the percentage of the network that the attacker has the ability to monitor that does. If I watch your internet traffic by eavesdropping on the packets your wireless card sends to your router I am a passive attacker, but that does not mean I can deanonymize a hidden service. The quickest way to deanonymize a hidden service is actually a mixture of active and passive attack. The active attack involves forcing the hidden service to quickly open circuit after circuit, which is currently allowed by the design of Tor. Since you can make it open as many circuits as you want, you can greatly reduce the amount of time it takes for it to create a circuit that you own one of the nodes on. Eventually the node you own will either be one of the hidden services entry guards or a middle node that is directly connected to an entry guard. Once you own the middle node and can identify the entry guard then the easiest way to deanonymize the hidden service would be to passively monitor the entry guard and send the hidden service some data until it goes through the entry guard and you can then identify the hidden service with a timing attack. It really shouldn't be very difficult for the feds to pull this off, but it is not because they are a passive attacker that they can do it....I mean like I said originally I am a passive attacker just by monitoring the packets leaving your wireless network card but that doesn't help me trace a hidden service at all.