The problem with this event is communications of higher than FOUO is transmitted on SIPRnet. This is a closed system with no connection possible to the outside internet. The bridges between even .MIL and the rest of the internet are brutally tight.
The only means of transferring secret or above data from SIPRnet to any common internet is via air gap. That means willful human interaction to copy from SIPRnet on to a medium and paste it into the unsecure device.
My problem comes in that the instant you insert a removable medium into any .MIL or above machine, admin is instantly flagged and lock-downs automatically engage. Many someone(s) in the IT are in on the criminal activity for this to have been successfully transacted.
A tremendous amount of criminal effort by a lot of trusted people is required for a successful breech on this or any level. I do mean on both ends, sender and recipient organizations.
What about gubmint workers in the field? Do they have to go to a SCIF to see SIPRnet stuff, or do some of them have remote devices that allow access?
If the latter, what’s to stop them from taking pictures of the screens of their remote devices?