The CIA can’t secure their web servers as well as Nintendo can.
“Web sites are the low-hanging fruit,” said Richard Stiennon, a cyber expert and author of “Surviving Cyberwar.” “But the Web sites are running on a server. Once you completely own the server that the Web site is on, you can watch the insiders log in and record their activity, and that can be a front door into the organization.”
Web sites are not the low hanging fruit. In 1995 they were low hanging fruit. Today, entire companies are running enterprise systems with users using browser applications, mobile applications, web service APIs to bank, communicate and research via the web. The Question is: Would the CIA know who hacked them if the attack wasn’t claimed?