I love the indignation that accompanies these revelations, when a lot of thr responsibility is is down to poor security practices and training in addition to the fact that most governments are doing or at least are trying todo the same thing.
When successful, hacking other countries must be the best value for money intelligence gathering there is
"when a lot of thr responsibility is is down to poor security practices"
They security practices may not have necessarily been poor - when you're against a determined and experienced foe, even best practices may not be enough. And there's always the human factor...
Creating an NSA (or any TLA) proof workplace / network would be pretty difficult to guarantee. Should I aim for TEMPEST Level A standards? Are seismographs too paranoid solution detect tunneling in? X-Ray everyone and everything going in/out the building? Board up all windows?