Instead of targeted monitoring monitor everyone who has certain level of access regardless of origin? It's not like it's not scalable, obviously they are capable of widescale automation.
It's really not that easy to monitor for every possible violation/exfiltration, especially at that scale. Of course those need to be monitored for, but they're never perfect. NSA obviously had mechanisms to detect this, but it didn't work for Snowden.
They likely have already had such monitoring in place for years, and are probably augmenting it now. It just didn't work.
They likely have already had such monitoring in place for years, and are probably augmenting it now. It just didn't work.