[Enginerrrd]

It's human. Mistakes can sometimes be really subtle and require only a moment's inattention but sound REALLY dumb when you look at it in fundamental terms.

Christ, trained CIA field agents with funding and support staff have made some really stupid mistakes en par. Things like being tracked by metadata from not turning off their cell phone because they thought a chip bag was a good enough faraday cage. Ostensibly it sounds dumb, but that might have only been one time for 20 minutes or something that allowed the Italian investigators to connect the dots.

Perfect security for a short time period with one incident is actually still really hard. When you make it a lifestyle going on for months/years, it's nearly impossible.

[shiftpgdn]

Many many CIA agents sent into China have disappeared. If an agency with the greatest set of resources on earth are getting busted regularly what hope does the average Joe software engineer have.

[croissants]

> Many many CIA agents sent into China have disappeared.

Source? This doesn't sound like the sort of thing with reliable public statistics?

[ruggeri]

These aren’t agents sent into China, but assets in China who were arrested/killed. 18 to 20 between 2010-2012

https://www.nytimes.com/2017/05/20/world/asia/china-cia-spie...

[jonwachob91]

CIA Agents and CIA Assets are 2 completely different thing. A CIA Agent (or spy) goes into a region and recruits Assets. Assets are just normal people with no extra training, but happen to be in a position that informs them on things the CIA (or any spy agency) wants to know. An Asset could literally be the Janitor at some place that has some happenings that the CIA wants to know more about, such as a Research Lab or a local Newspaper.

Assets have no special training and routinely put their lives on the line anywhere in the world they live and are recruited.

[ChrisKnott]

Confusingly the word "agent" is used for both the recruiter and recruitee.

In USA it tends to be Agent/Asset whereas the rest of the Anglosphere tends to use Officer/Agent.

[RandomBacon]

Within the CIA, they call themselves "Officers". It's everyone else in the US that calls them "agents".

[ahmedalsudani]

Yup. Agents usually have diplomatic cover. Unless they commit an egregious crime, they’re usually just kicked out of the country.

That’s not to say their identity is always kept secret, however. They are often discovered and only expelled at a later date when a message needs to be sent.

[mrtksn]

On the other hand, many get away with it.

Proper air gap maintained religiously should be able to solve a lot of problems in cyber crime. After all, we still interface with computers through meat and bones.

[Enginerrrd]

Yes, it's just the maintaining it religiously part that's surprisngly hard.

Like, things and emergencies come up just like they do in a normal business but you have to go all the way back into secure mode to address them.

That process takes time and effort. Cleaning runs to location where you connect, switching hardware, activating all the vpn chains or tor connection, etc etc. Coordinating occasional OTP key exchanges, time/location randomization, etc. ...you didn't slip up and get lazy with the entropy generating your "secure" encryption key did you? You have to find drop shipping locations and those expire or go wrong.

Or there was a car at location X which is a choke point that is technically on your list of triggers for counter surveillance but it's 7PM on a Friday and that cute girl you're supposed to meet is waiting. Do you assume the worst and burn everything, re-do your secure connection point or just ignore it and go through your usual process since 99/100 it's likely to be a false alarm? Or hey, the delivery guy was a day late on the 1-day shipping you used to limit the time frame the agencies could use to get a warrant, and now it's outside your predetermined acceptable window. Do you have the discipline to take the loss and refuse the package?

You get the idea. It's exhausting and people make one stupid mistake and get called out on the internet for being a moron.

[alcover]

I was holding my breath reading that. If you wrote a whole story in this style, I would gladly read it !

[dredmorbius]

The difference between impunity and immunity.

State actors (officials) even acting internationally (outside jurisdiction), tend to have a high level of immunity from legal sanction. Independent and non-state actors less so.

The CIA agent might blow cover or case but usually gets out alive and remains free. The DarkNet criminal, not so much.