Maybe Peter Todd is the one that hacked into Gavin's blog. They've had an ongoing public disagreement for some time and Peter could benefit from making Gavin look bad.
It's too late to edit this comment but new information leads to yet another alternative explanation: Gavin (and others) actually did witness Craig sign a message with one of Satoshi's private keys, and "verify" it on a computer controlled by Craig. Shenanigans were involved that made the phony signature appear to verify. Gavin (and others) were deceived.
Maybe Peter Todd is the one that hacked into Gavin's blog. They've had an ongoing public disagreement for some time and Peter could benefit from making Gavin look bad.