#3 isn't the intel community protecting Apple, it would be protecting themselves, which is a lot more plausible. They don't want detailed information about the techniques coming out. Odds are good that the Bloomberg story is still incomplete in some critical way, and decent that even if the story as a whole is broadly-speaking "true" there's still an outright lie contained in it. My guess would be the way in which it was discovered.
I work for a company that sells network appliances, and I've been questioned by customers as to why I'm doing an SRV DNS lookup instead of a standard A DNS record lookup in some software I wrote, and had every detail of how I use TLS picked over by some customers. (More power to them. Not a complaint.) Some people run really tight networks. I wouldn't be surprised the real discovery mechanism was someone noticing the packets heading out that had implausible source-dest pairs ("why is my internal network that barely knows the internet exists trying to send packets to $RANDOM_LOCATION?"). If the people discovering this were actually the intel agencies themselves, for instance, they'd find another story to tell rather than reveal that. I am absolutely, positively not claiming this is true; I have no more evidence of it than anyone else. I'm just giving an example of the sort of thing I mean. It's also possible the intel agencies slipped a hint to someone about what to look for; again, I have no info to that effect, just an example of why they might not want something to go to court.
I work for a company that sells network appliances, and I've been questioned by customers as to why I'm doing an SRV DNS lookup instead of a standard A DNS record lookup in some software I wrote, and had every detail of how I use TLS picked over by some customers. (More power to them. Not a complaint.) Some people run really tight networks. I wouldn't be surprised the real discovery mechanism was someone noticing the packets heading out that had implausible source-dest pairs ("why is my internal network that barely knows the internet exists trying to send packets to $RANDOM_LOCATION?"). If the people discovering this were actually the intel agencies themselves, for instance, they'd find another story to tell rather than reveal that. I am absolutely, positively not claiming this is true; I have no more evidence of it than anyone else. I'm just giving an example of the sort of thing I mean. It's also possible the intel agencies slipped a hint to someone about what to look for; again, I have no info to that effect, just an example of why they might not want something to go to court.