In one of the most devastating setbacks in modern U.S. intelligence history, the CIA lost an entire network of informants inside China between 2010 and 2012. Dozens of Chinese assets—sources providing critical intelligence from within the Chinese government and military—were arrested, imprisoned, or executed. The fallout crippled American espionage efforts in China for years and exposed a critical vulnerability in how the agency handled secure communications.
A Wave of Disappearances
The crisis began unfolding around late 2010. CIA handlers noticed their sources inside China were vanishing one by one. Chinese authorities, primarily the Ministry of State Security, rounded up individuals suspected of working with the United States. Reports described grim scenes, including one asset reportedly executed by gunshot in a government courtyard in front of his colleagues as a stark warning to others. By the time the dust settled, at least 18 to 20 confirmed sources had been lost, with later assessments suggesting the total could have reached 30 or more.
High-level reporting from deep inside Beijing dried up almost overnight. The damage was comparable in scale to the betrayals caused by infamous moles like Aldrich Ames and Robert Hanssen, though this time the breach stemmed not primarily from a single traitor but from a systemic operational failure.
The Fatal Mistake: A Flawed Covert Communications System
At the heart of the disaster was a flawed internet-based communications platform developed by the CIA for contacting and exchanging information with assets worldwide. The system—sometimes referred to internally as a form of “covcom”—had been pioneered or heavily tested in Middle East operations, particularly against Iranian targets, before being rolled out more broadly, including in China.
The core problem was that the platform was not as secure or compartmentalized as the agency believed. Sophisticated adversaries could detect patterns of use, trace logins, and link digital activity back to specific individuals. The system reportedly left identifiable digital footprints—such as distinctive code signatures or website behaviors—that Chinese intelligence could exploit to identify both the handlers and the assets.
A “two-tier” approach intended to add safety (using more secure methods for established assets and temporary channels for newer or riskier contacts) ultimately failed. Once one layer was compromised, it exposed others in a cascading effect. Internal warnings about potential weaknesses in the system were reportedly raised but not addressed with sufficient urgency.
Iranian intelligence appears to have discovered the same vulnerability slightly earlier, around 2009–2011, leading to the dismantling of CIA networks there. Tehran likely shared technical insights with Beijing, accelerating the Chinese crackdown.
Compounding Factors
While the communications breach was the primary culprit, it did not occur in isolation. A former CIA officer, Jerry Chun Shing Lee, was later arrested and convicted of spying for China. He is believed to have passed information that helped Chinese counterintelligence identify additional assets. However, investigators concluded that Lee’s betrayal alone could not account for the speed and breadth of the losses—many of which aligned directly with the timeline of the communications compromise.
China’s own aggressive counterintelligence apparatus, combining traditional human surveillance with advanced technical capabilities, proved highly effective at exploiting the opening. Some insiders also pointed to overconfidence within the CIA in its technological solutions, underestimating the capabilities of a near-peer adversary like China.
Lasting Impact and Lessons Learned
The breach affected more than just China; because the same system was used globally, it created ripples across other CIA operations. By 2013, the agency had begun containing the damage and started the slow, painstaking process of rebuilding its human intelligence capabilities in China. That recovery would take years.
The episode stands as a cautionary tale in intelligence tradecraft: even the most advanced technology can become a liability when it is deployed without rigorous, adversary-focused testing and proper compartmentalization. In an era of sophisticated state adversaries, over-reliance on any single communications method—without robust backups and constant vigilance—can prove catastrophic.
The story, first detailed in major investigations by the New York Times and other outlets, continues to be studied by intelligence professionals as a textbook example of how a single operational mistake can unravel years of painstaking work. For the families of the lost assets and for U.S. national security, it remains a painful and costly reminder of what happens when tradecraft fails.
About The Author
