The CIA's communications suffered a catastrophic compromise, it started in Iran.
From around 2009 to 2013, the U.S. intelligence community experienced crippling intelligence failures related to the secret internet-based communications system, a key means for remote messaging between CIA officers and their sources on the ground worldwide. The previously unreported global problem originated in Iran and spiderwebbed to other countries, and was left unrepaired — despite warnings about what was happening — until more than two dozen sources died in China in 2011 and 2012 as a result, according to 11 former intelligence and national security officials.
Dozens of people around the world were killed because of this.
The risks posed by the system appeared to have been overlooked in part because it was easy to use.
In fact, the Iranians used Google to identify the website the CIA was using to communicate with agents.
Once the Iranian double agent showed Iranian intelligence the website used to communicate with his or her CIA handlers, they began to scour the internet for websites with similar digital signifiers or components [...] From there, Iranian intelligence tracked who was visiting these sites, and from where, and began to unravel the wider CIA network.
Starting around 2013, Iranian cyber experts seemed to be tracking CIA agents outside their own borders, including in Yemen, where Iran eventually compromised the internet-based covert communications system there
In 2008 — well before the Iranians had arrested any agents — a defense contractor named John Reidy, whose job it was to identify, contact and manage human sources for the CIA in Iran, had already sounded an alarm about a “massive intelligence failure” having to do with “communications” with sources.