This is really long but worth the read.

In 2013, hundreds of CIA officers — many working nonstop for weeks — scrambled to contain a disaster of global proportions: a compromise of the agency’s internet-based covert communications system used to interact with its informants in dark corners around the world. Teams of CIA experts worked feverishly to take down and reconfigure the websites secretly used for these communications; others managed operations to quickly spirit assets to safety and oversaw other forms of triage.

“When this was going on, it was all that mattered,” said one former intelligence community official. The situation was “catastrophic,” said another former senior intelligence official.

From around 2009 to 2013, the U.S. intelligence community experienced crippling intelligence failures related to the secret internet-based communications system, a key means for remote messaging between CIA officers and their sources on the ground worldwide. The previously unreported global problem originated in Iran and spiderwebbed to other countries, and was left unrepaired — despite warnings about what was happening — until more than two dozen sources died in China in 2011 and 2012 as a result, according to 11 former intelligence and national security officials.

The disaster ensnared every corner of the national security bureaucracy — from multiple intelligence agencies, congressional intelligence committees and independent contractors to internal government watchdogs — forcing a slow-moving, complex government machine to grapple with the deadly dangers of emerging technologies.
Note the OSINT factor here.

In fact, the Iranians used Google to identify the website the CIA was using to communicate with agents. Because Google is continuously scraping the internet for information about all the world’s websites, it can function as a tremendous investigative tool — even for counter-espionage purposes. And Google’s search functions allow users to employ advanced operators — like “AND,” “OR,” and other, much more sophisticated ones — that weed out and isolate websites and online data with extreme specificity.
tl:dr

One of the central concerns among those familiar with the scope of the breakdown is the institutions responsible for it were never held accountable. Doing a comprehensive investigation isn’t easy, “but you have an absolute obligation to do that, because if you don’t, all you’re doing is rolling the dice with future lives,” said one former senior official.

Even several years after the breach, the concern within the intelligence community is accountability.

“When we continuously allow things like this to happen, and Congress doesn’t do anything, and the institutions don’t do anything, you’re going to have worse issues,” said another former official.

“People will say, ‘I went to the inspector general and it didn’t work; I went elsewhere and it didn’t work.’ People will see it as a game. It will lead to corruption, and it will lead to espionage. When people see that the system is corrupt, it affects everything.”

In the end, said the former official, “our biggest insider threat is our own institution.”
https://www.yahoo.com/news/cias-comm...090018710.html