An attacker with this many nodes could do substantial damage to Tor. They could quickly trace hidden service to its entry guards (especially since they could add several relays without being detected, and they don't need entry flag to detect entry guards), the biggest bottleneck would be the number of relays they have on the network as well as how many circuit requests the hidden service can manage before it locks up or the Tor infrastructure it uses locks up. After tracing to the entry guards, the attacker could DDoS them easily with this many nodes (this attacker could easily DDoS the entire Tor network several times over). This forces the hidden service to pick new entry nodes (unless strict entry guards are set in torrc, in which case it will just be unreachable). The attacker can then trace to the new entry guards and once again DDoS them. They can continue to do this until the hidden service selects one of their entry guards, at which point they have deanonymized it. The attacker could also make a large number of the botnet nodes relays, although none of them would immediately get the entry flag, and if the attacker added too many at once they would all be black listed. Not sure how closely the Tor devs are monitoring the directory authority servers but my guess is they are hesitant to let new nodes be added right now. So it is possible this attacker could become the overwhelming majority of Tor middle and exit nodes, but they wouldn't become the majority of entry nodes, all the nodes they add would be banned almost immediately, and there are probably automatic systems in place to prevent them from actually adding many nodes at all, all at once anyway. The attacker could also carry out congestion attacks, how effective this would be would depend on how many entry guards they own. But this attacker could easily make it so that it is much more probable that their entry guard or exit node is selected by a user of Tor, simply by overloading some percentage of the nodes that they do not own. So this attacker is what would be considered pretty strong. If they wanted to they could DDoS the entire Tor network indefinitely. They could also try to brute force their way to hidden services and they could probably deanonymize most of the ones that don't have strict entry guards set, although how much of the Tor network they would need to bring down first would vary, they wouldn't have any trouble bringing it all down if they needed to though. This attacker could also trivially censor any hidden service simply by brute force and becoming every HSDIR node. They could also carry out the inverse trawling for hidden service attack after doing this, but again this would require them to actually get some of their botnet nodes on the network as Tor relays and particularly entry guards. They could also flash flood middle and exit nodes, but would be detected doing so and prevented from it, either automatically after triggering some limit at the directory authority servers or shortly after doing so by the owners of the DA servers. They could slowly add nodes and get a large number of entry guards over time, but it would be a pretty slow process for them to do so without getting all of them blacklisted. On the other hand they could also prevent new people from adding nodes by flash flooding 1k or so nodes per day, which would result in all being blacklisted in addition to any legitimate new nodes added. They could flood 1k new nodes per day for over eight years with a botnet this size, which would effectively make it so that either Tor cannot let arbitrary volunteers add nodes anymore or they need to let the owner of this Botnet gain a massive internal presence in the network. Also they could increase the probability that clients use any entry guards or exit nodes that they do own, by congesting the ones they don't own. So yeah pretty powerful attacker who could at best take Tor completely down or make it much harder for the network to grow (probably requiring node operators to be individually authenticated as real people in the future), and at worst could trace hidden services (probably now), eventually own enough of the network to carry out large scale deanonymizing attacks (probably not yet but over time is possible), and use congestion attacks to make it so they actually need to own fewer routing nodes to deanonymize people (they can use their non-relay Botnet nodes to increase the probability that their malicious Tor relays are used by targets). I cannot really say this attacker is internal since we don't know how many if any relay nodes they operate, but they definitely have a big enough Botnet that they could potentially be (in that they have the potential to be) one of the most powerful internal attackers in the world. Of course a powerful external attacker could be even more dangerous though.