Wow....have you ever worked in IT?File access isn't, but ip traffic is. Unless their IT person was an asshat, there was a flow collector and (external) ip addresses would be logged.
Having NAS on a hub is a red herring - an external connection can't get to it without traversing the switch.
Then they would still have to get it across the switch, unless of course, they were sitting in front of the office PC.
And, of course, that all assumes they didn't have a (hardware) Firewall - which would make it even easier to see the external connections and what protocols they were using.
An NAS device could be accessed without going through the switch or VPN if the local hacked PC is also on a hub. While the IP traffic can be seen...how in hell would you know it was a .ZIP file being moved? On your hypothetical switch log...can you tell the type of file being copied out of the network? No. If you know the name of a file you may be able to find access through something like Event Log Analyzer...If you know what account they used, you may be able to find a spike in traffic...but the fact is that searching a few weeks or months of data would be daunting.
So you started off claiming the NSA would have captured data in and out of the DNC network. That was false. You then quoted and article saying the NSA had the capacity to capture 75% of domestic traffic and interpreted that as a claim that they actually were capturing 75% of all traffic. That was false.
Now you argue that logs would have identified a .ZIP file being exfiltrated from all other data traffic....but then when actually thinking about how many devices are on the DNC network and the probability that there would be many spikes in traffic...you'd have to agree that you don't know shit about the network configuration. You don't know how comprehensive their log configuration is.
What was found was the significant presence of software used by the Russians in other hacks...including those on election systems around the country.