"For over an hour, from the computer sitting at his desk at CIA, Schulte was in that system secretly restoring his super access, giving himself back all the control he had before it was taken away. Restoring his access to the backups that stored copies of the entire system. [...] After stealing the backup, Schulte tried to cover his tracks. During that hour on April 20, when he took the system back in time, Schulte started carefully deleting every log file that kept track of what he had done while he was in the system. After destroying that evidence, he unwound the reversion. Schulte restored the system to how it had been just before he hacked in, [...]"
So that's gaining access through an undetected backdoor, running a system restore, accessing and copying the material, deleting or editing all relevant log files and finally run a second system restore? All that in little over an hour? That seems a bit tight, time-wise.
Also, if he restored the system to the original state, surely that'd reintroduce whatever backdoor he'd used to gain access so that it could be found?