Many many CIA agents sent into China have disappeared. If an agency with the greatest set of resources on earth are getting busted regularly what hope does the average Joe software engineer have.
CIA Agents and CIA Assets are 2 completely different thing. A CIA Agent (or spy) goes into a region and recruits Assets. Assets are just normal people with no extra training, but happen to be in a position that informs them on things the CIA (or any spy agency) wants to know. An Asset could literally be the Janitor at some place that has some happenings that the CIA wants to know more about, such as a Research Lab or a local Newspaper.
Assets have no special training and routinely put their lives on the line anywhere in the world they live and are recruited.
Yup. Agents usually have diplomatic cover. Unless they commit an egregious crime, they’re usually just kicked out of the country.
That’s not to say their identity is always kept secret, however. They are often discovered and only expelled at a later date when a message needs to be sent.
Proper air gap maintained religiously should be able to solve a lot of problems in cyber crime. After all, we still interface with computers through meat and bones.
Yes, it's just the maintaining it religiously part that's surprisngly hard.
Like, things and emergencies come up just like they do in a normal business but you have to go all the way back into secure mode to address them.
That process takes time and effort. Cleaning runs to location where you connect, switching hardware, activating all the vpn chains or tor connection, etc etc. Coordinating occasional OTP key exchanges, time/location randomization, etc. ...you didn't slip up and get lazy with the entropy generating your "secure" encryption key did you? You have to find drop shipping locations and those expire or go wrong.
Or there was a car at location X which is a choke point that is technically on your list of triggers for counter surveillance but it's 7PM on a Friday and that cute girl you're supposed to meet is waiting. Do you assume the worst and burn everything, re-do your secure connection point or just ignore it and go through your usual process since 99/100 it's likely to be a false alarm? Or hey, the delivery guy was a day late on the 1-day shipping you used to limit the time frame the agencies could use to get a warrant, and now it's outside your predetermined acceptable window. Do you have the discipline to take the loss and refuse the package?
You get the idea. It's exhausting and people make one stupid mistake and get called out on the internet for being a moron.
Source? This doesn't sound like the sort of thing with reliable public statistics?