Source locations of events are sensitive contextual information that needs to be protected in sensor networks. Previous work focuses on either an active local attacker that traces back to a real source in a hop-by-hop fashion, or a passive global attacker that eavesdrops/analyzes all network traffic to discover real sources. An active global attack model, which is more realistic and powerful than current ones, has not been studied yet. In this paper, we not only formalize this strong attack model, but also propose countermeasures against it. As case studies, we first apply such an attack model to two previous schemes, with results indicating that even these theoretically sound constructions are vulnerable. We then propose a lightweight dynamic source anonymity scheme that seamlessly switches from a statistically strong source anonymity scheme to a k-anonymity scheme on demand. Moreover, we enhance the traditional k-anonymity scheme with a spatial l-diversity capability by cautiously placing fake sources, to thwart attacker's on-site examinations. Simulation results demonstrate that the attacker's gain in our scheme is greatly reduced when compared to the k-anonymity scheme.