Among other things, the CIA found a segment of job-seekers whose backgrounds indicated "significant terrorist and/or hostile intelligence connections," the document, provided to The Washington Post by former National Security Agency contractor Edward Snowden, indicated.
Concern was high enough last year that the NSA planned to launch at least 4,000 investigations into potentially suspicious or abnormal staff activity after examining employee keystrokes at work, the Post said. Behavior that could spark suspicion included employees downloading documents or accessing classified databases they don't typically use in their job, two people familiar with the employee activity monitoring software told the Post.
The multimillion-dollar search for insider threats suffered from delays in recent years and uneven implementation across agencies, budget records indicated. Also, the detection systems never picked up that Snowden copied highly classified documents from different parts of the NSA's networks.
Snowden fled to Hong Kong and then Moscow, where he remains after being granted temporary asylum.
An NSA spokeswoman told the Post that contract workers such as Snowden, weren't included in the plans to re-investigate 4,000 security clearances.
CIA officials said the number of applicants ultimately tied to terrorist networks or hostile foreign governments was "small" but didn't provide an exact number or why the larger group of applicants raised alarms.
"Over the last several years, a small subset of CIA's total job applicants were flagged due to various problems or issues," one official told the Post. "During this period, one in five of that small subset were found to have significant connections to hostile intelligence services and or terrorist groups."