What is the provenance of this file? How did Applebaum et al. get their hands on it?
It seems that this is a result of examining the documents released by The Guardian/Snowden and doing actual digital and cryptographic investigation.In 2013, the British newspaper The Guardian revealed that by 2008 more than 150 internet surveillance facilities around the world were running the XKeyscore Deep Packet Inspection software.
I not sure this comes from Snowden documents actually. Cory Doctorow, writing for BoingBoing here stated: Bruce Schneier agreed with Doctorow's assessment in this article. On the other hand, this email in the TOR dev mailing list correlates info in the rules file to known changes in tor infrastructure and suggests that the rules file would have been up to date when Snowden was contacting Greenwald. In any case the provenance of this file isn't established and I didn't see anything in the article that confirmed its authenticity.Another expert said that s/he believed that this leak may come from a second source, not Edward Snowden, as s/he had not seen this in the original Snowden docs; and had seen other revelations that also appeared independent of the Snowden materials.