This is the first documented case that I am aware of where the subject of an investigation was tipped off because they saw a news organization's IP in their web server logs.
"... the Environmental Technology Company had said that The New York Times had been on [the
Company’s] Web site like 12 times that day -- or that week. He thought -- and maybe because
of, you know, them wanting to do a story about water purification, I just have a feeling it might
be this reporter snooping around, trying to build a story.”
We always knew this was a theoretical risk, but it's useful to see the threat actualize. This suggests to me that VPN (or Tor) should be standard during investigations, especially if you're going to go to a site repeatedly.
h/t Runa Sandvik for bringing this to my attention