What secrets did a Russian national employed by the Secret Service in the US embassy in Moscow pass along to her FSB handlers? According to a report late yesterday in the Guardian, we may never know. The Secret Service not only missed the fact that their employee was having regular meetings with Russian intelligence during her decade inside the embassy, they also botched the follow-up investigation.

The possibilities look almost endless, however:

The Russian national had been hired by the US Secret Service and is understood to have had access to the agency’s intranet and email systems, which gave her a potential window into highly confidential material including the schedules of the president and vice-president.

The woman had been working for the Secret Service for years before she came under suspicion in 2016 during a routine security sweep conducted by two investigators from the US Department of State’s Regional Security Office (RSO).

They established she was having regular and unauthorised meetings with members of the FSB, Russia’s principal security agency.

The Guardian has been told the RSO sounded the alarm in January 2017, but the Secret Service did not launch a full-scale inquiry of its own. Instead it decided to let her go quietly months later, possibly to contain any potential embarrassment.

Hmmmm. Why would they have kept her on even after her connection to the FSB (the successor agency to the KGB) had been discovered? One technique involved in intel work is to identify potential moles and feed them bad information. That allows security to test whether that specific information gets back to hostile intel services (and therefore confirm their status as moles), to confuse the enemy, and to keep their opponents from replacing an asset with some new and unknown source. That doesn’t make sense in this situation, however, given that their mole collected her intelligence directly from the computer systems.

Instead, the Secret Service allowed her to hang around long enough to get fired in the tit-for-tat diplomatic expulsions over Russian interference in the 2016 election. To this day, the damage is still largely unknown, as the Secret Service didn’t do a proper investigation, according to the Guardian’s source. They didn’t even investigate whether any other moles were operating within their embassy organization:

“The Secret Service is trying to hide the breach by firing [her],” the source said. “The damage was already done but the senior management of the Secret Service did not conduct any internal investigation to assess the damage and to see if [she] recruited any other employees to provide her with more information. Only an intense investigation by an outside source can determine the damage she has done.”

Did anyone else investigate? The Guardian reports that both the CIA and FBI looked into the matter but expected the Secret Service to take the lead on the investigation. That apparently went nowhere, perhaps in part to keep from getting embarrassed by the penetration. As a result, no one’s clear on just what the mole managed to turn over to Russian intelligence during the time she worked in the embassy — a period which stretches from the last two years of the George W. Bush administration to the very end of the Barack Obama administration.

That period is, perhaps coincidentally or perhaps not, the same period in which Vladimir Putin became much more aggressive on the world stage. By 2008 Putin would march on Georgia, a conflict that’s back in the news today thanks to more Russian aggression on the border. In 2014, Putin would seize Crimea and then infiltrate and later invade eastern Ukraine. Did Putin have ears and eyes on what the US was prepared to do, and what it wasn’t prepared to do, prior to his aggressions? We may never really know, although the Secret Service claims that the mole only had limited access to higher-classification data.

Needless to say, this kind of spycraft is significantly more serious than the Maria Butinas and Facebook trollery which has captured so much attention and hyperbole. The professional agencies involved in embassy security have to do a better job than this, especially after the fact. Without knowing precisely what got exposed, we have no way of taking effective countermeasures in response to it. That leaves us in the dark, with an opponent using night-vision goggles.