>Once you push parts into the supply chain you can’t really tell where they will end up.
That's why I wonder if it wouldn't be a good, "broad spectrum" attack. I imagine aides to key Senators, Congressmen, White House staffers, C-suite people at defense contractors etc. buy all sorts of devices off Amazon, which they plug in without a second thought like the vast majority of us do. Obviously, 98% of the people plugging in the devices aren't valuable from a military/intelligence perspective, but even if only 1 in 10,000 targets was worthwhile, I imagine there would be a few that were goldmines of information.
On the other hand, I imagine if it was that sophisticated of an attack, the more devices you have randomly "in the wild" increases the chances it is discovered potentially, which could then nuke your whole operation. I remember in the Snowden docs, the NSA's TAO was sometimes intercepting orders for laptops etc people placed online, carefully placing backdoors in it, then sealing it all perfectly back up and putting it back on track for delivery. It arrives and you think it's safe since it's factory sealed and you got it brand new from a reputable retailer. That's a more targeted example of the same concept
That's why I wonder if it wouldn't be a good, "broad spectrum" attack. I imagine aides to key Senators, Congressmen, White House staffers, C-suite people at defense contractors etc. buy all sorts of devices off Amazon, which they plug in without a second thought like the vast majority of us do. Obviously, 98% of the people plugging in the devices aren't valuable from a military/intelligence perspective, but even if only 1 in 10,000 targets was worthwhile, I imagine there would be a few that were goldmines of information.
On the other hand, I imagine if it was that sophisticated of an attack, the more devices you have randomly "in the wild" increases the chances it is discovered potentially, which could then nuke your whole operation. I remember in the Snowden docs, the NSA's TAO was sometimes intercepting orders for laptops etc people placed online, carefully placing backdoors in it, then sealing it all perfectly back up and putting it back on track for delivery. It arrives and you think it's safe since it's factory sealed and you got it brand new from a reputable retailer. That's a more targeted example of the same concept