Bruce Schneier writing for Wired discussing the likely possibility China and Russia have the Snowden documents not because he handed the data to them, not because they hacked his computer, but possibly because they have breached the NSA?
Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.
Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.
While on the one hand it would be a major surprise if the NSA network have been penetrated by our foreign adversaries, on the other it would be a devastating blow to our national security. The NSA likely uses a number of disconnected networks, and while they are not impossible to penetrate, the level of expertise and sophistication required to extract data from those types of networks is very difficult. If true, I am very interested in learning how this was accomplished.