His name is on NSA slides, right? He's either working for them or they have his private key. Really how difficult would it be for the NSA to get that if they wanted it?
Like some others here, I wondered if "task" could mean to recruit.
I basically agree NSA could pwn anybody they want, but there are probably other considerations such as how obvious they want to be, whether the target is valuable enough to reveal zero-days nobody else has seen yet, etc. Maybe it's wishful thinking, but I'd like to believe if you don't do things like open unsolicited email attachments, you're still pretty safe.
But, perhaps as the lead engineer of an ISP "interesting" people use, nothing is off the table and he has been pwned repeatedly.
I remember reading about one method where they served up their own versions of Facebook when requested from a target from compromised hosts that are near that target as a way to collect credentials.
I forget the name of that method, but according to the documents it was used to target sysadmins. Though if you use a password manage with unique passwords for every service that should help protect you.
I have no idea but I'm able to believe easily.