I agree it seems sloppy. People in that Cryptocloud thread that has been widely cited were saying they didn't think the NSA would be careless enough to hard code an IP address of one of their command and control servers. They would know obfuscation techniques. In other words, it could be some other national intelligence agency (not US based) or some other organization that wanted to frame the NSA. Then it seems like an amazing coincidence that the FBI is trying to extradite FH admin at the same time. Another interpretation is that they planned to arrest FH admin and seize his server, or they didn't know the location of his server but knew how to hack it, so a couple of days before the arrest, they injected the malicious code to see how many free IP addresses they could get of people visiting CP sites.