ars technica

Malware planted on the servers of Freedom Hosting—the "hidden service" hosting provider on the Tor anonymized network brought down late last week—may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency (NSA).

http://arstechnica.com/tech-policy/2013/08/researchers-say-tor-targeted-malware-phoned-home-to-nsa/

From the article:
The use of a hard-coded IP address traceable back to the NSA is either a strange and epic screw-up on the part of someone associated with the agency (possibly a contractor at SAIC) or an intentional calling card as some analyzing the attack have suggested. One poster on Cryptocloud’s discussion board wrote, "It’s psyops—a fear campaign… They want to scare folks off Tor, scare folks off all privacy services."
That comment at the bottom seems the closest to the truth to me: make privacy services seem even more dangerous than just leaving all your stuff openly available. More dangerous in the sense that it will call increased scrutiny and attention to your activities.