Nearly 20 years ago I was attacked on forums for suggesting such treats were even a possibility. What surprised me was the vehemence of the attack - that is I had a damn hide and temerity to even suggest the notion was possible.
What they didn't realize was that several years earlier that as a part of my work I'd been given the job of investigating if backdoors had been installed on certain critical hardware.
Yes, it's palpable and it's been so for a long time, unfortunately I'm not at liberty to be more specific.
Don't be fooled by the deafening silence from hardware types. Knowlwdge of existing treats and the current 'security' climate/milieu along with basic commonsense ought to suggest this problem is already with us and will be increasingly so in the near future.
Nearly 20 years ago I was attacked on forums for suggesting such treats were even a possibility.
I think you are describing cult behavior. I've seen managers do this to protect questionable deals they made with dodgy vendors.
For what it's worth, I've seen some of this in action on firewalls that shall not be named. They assumed incorrectly that we would not see the devices trying to phone home on the management cards and by home I mean a sanctioned country. This was in the hardware and not the firewall OS. I have also met a team responsible for managing the backdoor on the management boards that also shall not be named. Their backdoor was said to be for access by their support team when customers locked themselves out.
All the other backdoors I've seen were either in the OS or vendor packages. Some vendors get really nervous when their clients gain root access to their appliances and start poking around.
Normally I'd consider this conspiracy theorist stuff, but at this point it's pretty clear that it's happening, that state actors are involved, and that they're very much interested in keeping what they have and that means distracting us from the problem and dismissing that it exists.
Hardware manufacturers are partly to blame too, both for not testing their products to catch these threats, but also for the lack of transparency. I get that it'd be difficult/expensive to recall and replace a bunch of physical devices which may or may not all be backdoored, and I wouldn't be surprised if some companies were told not to by some three letter agency here in the US too, but if it comes to light that they have been knowingly selling compromised hardware they should be dragged into court and made to pay for it.
It's worrying to see multiple folks talking about how they've seen hardware exploitation yet aren't allowed to talk about it. It'd suggest insecurity is something they're not allowed to address and forced to accept, which is worse than being hacked. What makes hardware weaknesses so troubling is due to how close software lets untrusted code get to the metal, with things like jit gpus and wasm. Mix that with ad exchanges that let anyone bid to run code on your computer, and I wonder why the world hasn't imploded yet.
In the first few decades of the electronics industry, every device was provided with huge amounts of information in its datasheets and databooks.
That allowed an electronics engineer to make detailed comparisons between many alternatives before buying any samples and it also allowed the creation of many designs where the components where used for purposes that were very different from anything imagined by their vendors.
Already after 1990, but especially after 2000, the amount of technical documentation about hardware components that is available freely has dropped dramatically and now for most of the more complex hardware components it is possible to obtain enough information to make a design only after signing non-disclosure agreements.
This fashion of the NDA's has made it very difficult to create really innovative products or new competitors in an existing market.
For a company already established in a market, which only does new versions of old products, obtaining the documentation under NDA is trivial.
On the other hand, for designing an innovative product, obtaining the documentation is very hard.
One reason is that there is a vicious circle, until you have all the documentation, you cannot know which is the component that is suitable for your design, so you cannot commit to buy it, but many companies will not provide the documentation before you can convince them that you are committed to buy quantities large enough of that component.
Even the documentation obtained under NDA is usually much less complete than what could be obtained freely a few decades ago, so not only it is impossible to determine whether the component could be used for any other purpose than that specified by the vendor, but usually the documentation is not complete enough to determine with certainty that even the intended purpose can be accomplished.
Because of that, in most hardware projects a series of tests on prototype boards are absolutely necessary to fill the gaps in the technical documentation provided by the vendor.
So very frequently many designers have to duplicate the work of others in discovering workarounds for the bugs or lower performance than expected of various components, because even if they would want to share their experiences, they are prevented by the NDA's that they have signed.
Unfortunately, being not allowed to talk about various technical facts, without any good reason to forbid this, has become a pervasive policy.
wasm was always going to be a security nightmare. I can't imagine how that was seen as a good idea. At this point I don't let JS run by default at all, but most people won't bother doing that and they're just going to be screwed.
About 12 years ago I had several (big ISP) routers that were punting all ESP packets to the routing engine for forwarding, instead of the normal path of using ASIC's on the line cards. This was noticed because I had some customers with a lot of IPSEC traffic and there is very little capacity to forward packets using the CPU on the routing engine, so packets were being dropped.
When I opened a case with the hardware vendor and described the problem they immediately and tersely asked for a shipping address and how many cards I wanted to replace. They didn't even check for support contracts, which was unheard of especially for an expensive part like this.
These routers were purchased on the grey market so I always assumed there was some kind of (botched?) tampering with the hardware and the vendor was at least aware of it.
Lots of PoCs have been built over the years, but so far they've almost all been fun academic stunts, and not actually useful for real world scenarios.
We live in an unprecedented era of understanding when it comes to technologies used by criminals, law enforcement, and every major intelligence agency on the planet, and none of them use chip backdoors, because they just aren't needed. Nearly every attack scenario you can imagine is better served by exploiting existing bugs, or parts of the software supply chain. Software based attacks scale better, and are easier to deny later.
The closest we have to chip backdoors in practice is likely the hardware supply chain tampering for North Korea's missile program, which supposedly serves up the slightly off spec chips that cause their missiles to fail spectacularly every time they try and show them off. It makes no sense to have active backdoors like that in consumer electronics when there are so many more useful and easier to exploit bugs in existing devices.
...and none of them use chip backdoors, because they just aren't needed.
Despite my earlier comments, I think your point is essentially correct - at least it's so when it comes to what we normally consider as criminal behavior. However, that's not necessarily the case when it comes to manufacturers and or state actors who have the power to force manufacturers to secretly install backdoors into chips.
Take the case of Huawei and the ban certain countries have placed on telco carriers using its telecommunications equipment. I'm not privy to the reasons as to why certain governments have banned Huawei but one doesn't have to be Einstein to read between the lines in that it would be almost impossible to check every chip in imported Huawei switches (even if it were practicably feasible (which is doubtful) then any such checking would make the normally-competitive Huawei considerably more expensive for telcos to install than if they were to purchase from its competitors).
Huawei is and has been on a solid push to develop its own technologies, to quote Wiki "Meanwhile, it was reverse-engineering imported switches and investing heavily in research and development to manufacture its own technologies". With the support, authority and might of the Chinese Government it's not hard to imagine that a chip with a backdoor could be implanted in such equipment. Moreover, this may not happen immediately but rather some years later after an innocuous maintenance fix long after all the original brouhaha had died down.
A more optimistic (!) theory I have is that devices are getting software updates over the Internet from their manufacturers, and a government might try to induce a manufacturer to remotely brick or backdoor devices in a hostile country in the future, even if the devices weren't backdoored at the time they were sold. This could happen even if the manufacturer didn't even intend for it to be a possibility, once other people realized that the manufacturer was capable of going through with it.
I remember that, at the time of the Russian invasion of Ukraine, some Americans immediately got angry with Apple for not pushing software updates to disable Russians' iPhones. If people -- albeit members of the public and not actual Apple executives -- are going to strongly insist that this would be reasonable or appropriate, it's not very surprising that people in various countries would become frightened of this possibility!
(The reason this theory is "more optimistic" is just that it's conceivable in principle that vendors and customers could find ways to work together to protect against it.)
Russia is a completely different situation though - they invaded another country and are perpetrating genocide, which means that anything that hurts Russia should be a fair game. A full data leak would be even better - but sadly in this case we have Apple caring more about PR than morality.
This of course ignores the strategic needs. First, it should be a priority to get as many Russians to migrate to the West, to starve the regime of manpower. Second, losing could be Putin’s eventual aim, to make sure Russia gets cut off the outside world, to make it possible for them to shape the society however they want - and in that case preserving the means of communication is even more crucial.
The "different situation" you point out simply does not justify back doors. Having a purportedly valid use does nothing to cicumvent their undesirable nature and our need to eshew them entirely. This "difference" has no relevance over whether or not back doors should be tolerated in society because the reasons to have precisely none are so profound.
"They" invaded, you say? All the Russian iPhone users, was it? Is it true that zero Russian owners of iPhones were supportive of Ukraine and using their iPhones to organize and communicate anti-Putin protests? And Apple is the enforcer to whom the (US) public should appeal?
Yeah, that's a hard "nope".
I agree about backdoors not being acceptable, but we are talking about using legitimate software update mechanisms, not backdoors.
As for “not everyone is an active supporter” - governments exist to represent people. From this it naturally follows that the people should bear consequences of their governments’ actions. Its not the first Russian invasion, they had plenty of time to leave the country. Again - at this point, if something can destabilize Russia, then it’s a fair game from ethical point of view. It’s just lesser evil.
But then of course there’s the strategic point of view. US approaching Russia in a surprisingly merciful and humane manner, and there are reasons for this.
"...and a government might try to induce a manufacturer to remotely brick or backdoor devices in a hostile country in the future, even if the devices weren't backdoored at the time they were sold."
In my opinion any or all of these are distinct possibilities, especially so during any serious war or conflict. During war anything goes and no serious effort is ever spared (one only has to look at the enormous and successful British efforts to break Enigma during WWII to realize this).
Successful hacks to critical infrastructure such as aerospace, nuclear, medical/pharmaceutical technologies, etc. pose both great security risks and a danger to life and it's clear to me that many of the existing protections in place are either inadequate and or are haphazardly applied.
Thus, when it comes to the production of both software and hardware for critical systems we need a whole new set of industry-wide manufacturing and security protocols that a both consistent and as watertight as is possible to make them to ensure that hacks (including HW backdoors) are much, much more difficult or nigh on impossible to implement. Furthermore, these protocols would apply to every critical link in the manufacturing chain—CPUs, support chips, software routines, subsystems and a multitude of other componentry.
Implementing any new protocols along these lines in the current political and economic climate would be nigh on impossible and I wouldn't anticipate any changes of significance in the immediate future as it would require manufacturers to be much more open about the way they do business. While once that might have been possible—as adrian_b rightly points out in his post†—that's no longer the case. Can you imagine Intel open-sourcing its CPU microcode or Elon Musk providing the embedded source for his company's Tesla vehicles? Not bloody likely!
Nevertheless, I'm convinced something along these lines will eventually have to be implemented before we can reduce the breaches and threats to manageable levels. Consider physical bank robberies: they still happen but not with the frequency they one did nor on the enormous scale of present-day electronic fraud for the very reason that over the decades we've developed and evolved methods to make robbing banks a difficult and very risky business for the perpetrator. When it comes to electronic security and cyber crime, we've nothing anywhere near as effective. In effect, we've 21st Century problems and we're still applying Dark Ages solutions. Whilst I'd like to think we could find solutions comparatively soon but I'm nevertheless very doubtful—as it seems to me that nothing short of a command (war) economy (as we had in WWII) where the government mandated both standards and inter-business cooperation would solve the problems.
How important is it to harden the security of critical systems further? Clearly, it's very important to do so as the consequences could be dire if we do not. Security breaches could result in electricity grids going down; a hack on the control system of a nuclear reactor could result in another Chernobyl, similarly a hack to avionics could end in a plane crash. As I'm restricted from discussing my experience I'll use a well known albeit somewhat prosaic example to illustrate the point: that being the Volkswagen emissions scam‡. (I say it's prosaic in the sense that its immediate impact isn't as devastating as bringing down a country's electricity grid or the uncontrolled opening of a dam sluice gate that could quickly kill many thousands (that said, I'm not making light of it, what VW did was extremely serious and in my opinion it wasn't sufficiently punished for its crime).)
My point is that if universal safety and security standards/protocols that were open and understood by all had been in place during the development and manufacture of the "Clean Diesel" Volkswagen Golf then it would have been essentially impossible for VW to implement the fraud—as too many protections protocols would have been in place to allow it to happen. The point is that a company or any entity should not be able to hide behind a manufacturing process or any other activity whose product thereof has the potential to cause serious harm.
Until such time that all such potentially dangerous process can be openly inspected and carefully examined by third parties, we will continue to experience inordinately high numbers of serious security breaches.
All telecom equipment has "legal intercept" hooks to allow full monitoring by law enforcement in whatever jurisdiction the devices are sold in. You don't need special backdoor chips, the backdoors in telecom equipment are a feature, often legally mandated.
These routers are also often riddled with bugs that are well known to any well funded intelligence group. No need for special chips.
These are the bugs that intelligence agencies are paying for: https://zerodium.com/program.html With these bugs they get all the access they need.
>All telecom equipment has "legal intercept" hooks to allow full monitoring by law enforcement in whatever jurisdiction the devices are sold in. You don't need special backdoor chips
Aren't the data on chips and with telecoms pretty different? Feels like government would want to monitor what someone is doing on their computer and their communications.
What do you think telecom equipment is implemented with? Chips and firmware.If it isn't in the microcode, it's an embedded system package. You can thank CALEA.
"All telecom equipment has "legal intercept" hooks to allow full monitoring by law enforcement in whatever jurisdiction the devices are sold in."
None of that is in dispute and everyone of relevance knows it. However that's not the point I was making which is that at the highest level of intergovernmental spying things are different.
Simply, sleeper backdoors are invisible to all but the perpetrator and they act stenographically when the perpetrator has the need.
The technology may change but there's nothing new in this approach, it's centuries old and has a proven track record.
> "Nearly 20 years ago I was attacked on forums for suggesting such threats were even a possibility. What surprised me was the vehemence of the attack - that is I had a damn hide and temerity to even suggest the notion was possible."
Welcome to the club… I been ridiculed my entire life for warnings and suggestions that decades later have all played out exactly as predicted. I've long since given up on humanity. We're just another doomed species that hasn't realized it yet.
My favourite part of this is watching what RMS has to say, watching it come to pass, and, finally, watching others dismiss his newer concerns. People may not like him as a person, and that's neither here nor there. What's depressing is the continued sleepwalking (by society at large, and geeky sub-groups in particular) into a dystopian future where the OEM has all the power.
"What's depressing is the continued sleepwalking (by society at large, and geeky sub-groups in particular)..."
RMS isn't the most lovable person around but he's pretty much always been factual and on message. Why people - especially those 'in the know' - cannot separate their dislike of a person from his/her message is something that I don't quite understand.
Discarding a message on the grounds of disliking the messenger is illogical and it makes me wince whenever I see it in those who ought to know better. The truly worrying and troubling aspect of this is that I've never considered myself the most level headed or logical person in the world (the volume control on my amygdala is broken and I often can't turn its 'noise' down). So when I see techies behaving more illogically than me I have grave concerns for the world.
I experience cognitive dissonance regularly (it's difficult not to in this day and age), however I'm not only aware of the fact but also I'm continually fighting and reasoning with the conundrums it raises. Again, it's somewhat of a mystery to me why many of those who are of a technical and logical bent aren't similarly conflicted.
You're right, it's very depressing when many of the intelligentsia are asleep at the wheel and or refuse responsibly. The consequences are that it's not only the OEMs we have to worry about but also those authoritarians who'll take charge in the intelligentsia's absence.
Without ongoing logical and reasoned debate a dystopian future is almost certainly assured.
I must admit the strange and seemingly irrational behavior of many—and that includes some governments—during the COVID pandemic has radically altered my perception of humanity. My views are now much less sanguine and much more angst-ridden.
Moreover, humanity now seems more hyped and irrational than it once was. During the Cold War MAD by some 'miracle' kept the world safe, if exactly the same situation prevailed today I much doubt that it would.
And with everything demanding to be online all the time, and cellular hardware becoming cheaper, and the software side being some combination of insecure/malicious in our surveillance capitalism dystopia... it's yet another aspect of modern life that is too uncomfortable to think about, and about which it's easy to feel powerless.
Throw it on the pile with the various environmental apocalypses and global resurgence of authoritarianism.
... it's yet another aspect of modern life that is too uncomfortable to think about, and about which it's easy to feel powerless.
Very true, and I often do.
What I find so troubling is why more people don't complain more often, we need sufficient complainers to reach critical mass and so often that's not the case. Take another such matter - the unreasonableness and unfairness of current international copyright law. It is this way and will likely remain so for a long time simply—as Cory Doctorow who regularly writes on such matters says 'the whingers and complainers are far too few in number to make any difference, they're just irrelevant noise in the political debate [note: that's my phraseology of his actual quote]. The fact is the average person couldn't give a damn about copyright law.
Same goes for many other important issues, especially surveillance capitalism! Yes, here many are aware of the fact and they actually care about it but in the yin and yang battle between surveillance capitalism and users' worry that they're under surveillance and the 'good feelings' generated by Google's and Facebook's 'free' apps then every time those apps win out by miles!
Correct, these surveillance capitalism bastards use their sophisticated knowledge of human psychology to ensure that the balance is always in their favor. (Remember, this is an age-old trick, the emperor Vespasian built the Colosseum to distract the minds of Roman citizens from local troubles.)
Tragically, our governments have done precious little to correct the problem - and again much of that can be put down to the millions of dollars Big Tech spends on lobbying governments. We citizens are seemingly always on the the losing end when big money is involved.
...But as an individual you can do something about it. Your efforts may be small and they might only benefit you but they're not nought. Only yesterday in reply to the HN story Making Quieter Technology I wrote a badly-written long-winded reply† to show how one could tackle the problem of surveillance capitalism: https://news.ycombinator.com/context?id=32383493. Bad it may be but my efforts count for something more than just zero.
...the pile with the various environmental apocalypses and global resurgence of authoritarianism.
Can't agree more. For me, the resurgence of authoritarianism is the more important of the two, for without citizen autonomy we've little or no control over environmental apocalypses let alone the many other existing worldwide problems; in effect authoritarianism neuters us.
Depressing yes, but every little tweak helps (especially so if everyone's doing it).
D:< & >:(
__
† Yes, my reply was long because it included specific actions but it was not long enough to do a good job, a blog would have been a better approach. Unfortunately, as good as 'HN comments' is, it isn't an ideal place to do this.
>What they didn't realize was that several years earlier that as a part of my work I'd been given the job of investigating if backdoors had been installed on certain critical hardware.
People like that still exist. The type of people that say shit like "well if that happens we have a much bigger problem". They should never be involved in any security related discussion.
Eric Schmidt, the former Google chairman, told Reuters in a recent interview that high-end processors should have kill-switches.
“Knowing where the chips go is probably a very good thing. You could for example, on every chip put in essentially a public private key pair, which authenticates it and allows it to work”.
What he won’t tell is that this is already a reality, as I learned after having my air-gapped system and Pixel phone wiped remotely for doing academic research on wireless “silent speech interfaces”.
Anyone doing research on this area be cautious of sabotage when using US designed CPUs (AMD/INTEL/QUALCOMM/APPLE/ARM), as the microcode, SMM and firmware of your system may be manipulated to mess up your computations. Ask your own Nation to stop trusting Silicon Valley and make your own silicon supply chain and tech services.
Remotely wiping an air-gapped system and a Pixel phone are some astonishing feats. Could you tell us some more details about that, especially why you may suspect it to be caused by malicious sabotage by some state level adversary? How did you air gap your air-gapped system?
How would this be used for surveillance? You do realize that this isn't reading people's minds/internal dialog right? It requires making specific physical motions, as if you are actually speaking. If they are already talking, then why bother with this when you could use directional microphones or even acoustic phased array?
Furthermore, as someone who has worked with radar/remote imaging, it is very difficult to spy on people with a technique like this without some device right in their face, especially if the subject is moving around. And it's likely that lots of calibration and characterization are required to produce good results that will vary drastically from person to person depending on their physiology.
As to the possibility of some state "top secret" technology that can do radar imaging with range and fidelity that are miles and miles ahead of research or less-classified military technology: why would they use such amazing tech on something like this? There are also established equations that define what is physically possible. Many radar systems today are basically very close to the optimal performance given constraints of real world semiconductor materials, as in, they fly close to the Shannon channel capacity limit. It's just not possible to make magical radar devices.
Eric Schmidt: However, our report says that it's really important for us to find a way to maintain two generations of semiconductor leadership ahead of China. Now, the history here is important. In the 1980s, we created a group called SEMATECH. We had a bunch of semiconductor manufacturing in America. Eventually that all moved to East Asia, primarily Singapore, and then South Korea and now Taiwan through TSMC. The most important chips are made in Samsung and TSMC, South Korea, and Taiwan. China has had over 30 years to plan to try to catch up. It's really difficult.
Eric Schmidt: We don't want them to catch up. We want to stay ahead. We call for all sorts of techniques to try to make sure that we rebuild a domestic semiconductor and semiconductor manufacturing facility within the United States. This is important, by the way, for our commercial industry as well as for national security for obvious reasons. By the way, chips, I'm not just referring to CPU chips, there's a whole new generation, I'll give you an example, of sensor chips that sense things. It's really important that those be built in America.
Sensitive radar sensors plus machine learning may or may not be enough to extract people's inner speech - and would surely be a risk to "national security".
If someone like Schmidt is so afraid of this being available for other countries, it is safer to assume it is feasible and he knows it - given he has also been saying people will be able to clone themselves as virtual assistants that will outlive them.
Albeit, feasible or not, researching and demonstrating it is whole more difficult when a billionaire is "calling on all sorts of techniques" to assure their monopoly.
I’m imagining that every single human has a detectable thinking signature at quite the distance and then that is simulated in a virtual world with machine learning predicting every single person on earth in real time, with forward propagation of scenarios.
Where did you get this idea of a "thinking signature" from? What you're saying is just simply not possible. Assuming people are completely deterministic at the nanoscale, you cannot propagate forward even half a second without accounting for the stimulus from the entire world. You also cannot simulate people's minds without knowledge of basically what their every molecule are doing. Machine learning won't help you here very much.
EDIT: Looking at your profile after responding to another comment by you, it looks like you believe there exist some sort of vibration that seem to be different from the physics concept? What is the vibration that you understand?
No, remote mind reading is not possible. Local mind reading is also not possible, unless under very controlled conditions, it is possible to get a vague understanding as to which part of the brain is working hard, and even "predict" human decision a few seconds ahead.
Remote mind reading is also not really possible with thermodynamic and information theory laws. For example Shannon's channel capacity theorem, used extensively in telecommunication engineering, basically mean that even with the best antenna and best receiver and best coding and generally ideal conditions, it is not possible to receive significant data from a human brain in real time. The human brain just isn't designed to be an antenna, and even if it is, produces extremely faint electromagnetic radiation as a byproduct of signaling with electric potential.
There are also lots of people who do not have an "internal monologue," if that means anything. Once again in summary: no, and no.
Project Summary by Varun Chandrashekhar: "I have designed and developed a speech interfaced for the paralyzed, which they can use to communicate without speaking. This device detects speech-related electrical signals from the throat and converts them into letters or words that we recognize using machine learning models."
Couldn’t a ML model generalize the information into an ontological tree that makes sense in the general case even without internal monologue?
And aren’t you being quite dismissive and definite as an absolute non possibility vs it’s possible up to a measure limited by technology.
Given that something like neuralink works even at the level of today then you have the possibility to predict and mechanize systems based on thought patterns. It becomes a limit of measurement and at what distance. Electrodes in the brain vs whatever signal processing technology avails itself over time.
P.s The mind and cranium work great as an inverted antenna… just put your keys next to your head for 25% increased range of signal when finding your car. :p
Crackpots often either Capitalize certain words they consider Significant, or write them in ALL-CAPS; I have also seen words [Bracketed] for extra emphasis. I’ve heard it’s a sign of schizophrenia.
E-waste is greatly exacerbated by low level backdoors. Gear cannot be
repurposed if you cannot trust the hardware or embedded firmware. A
skip full of Cisco routers [1] was sitting outside an organisation
once, and I asked about their fate. "Can't you just wipe the OS and
install something open source?", I asked. "Would you trust the
hardware?" they replied.
Unbelievably Cisco are still in business and actually produce
educational cyber-security materials.
"Would you trust the hardware?" is a typical attitude towards End-Of-Life equipment that is more susceptible to failure due to age e.g. organizational IT refresh cycles.
Was there any further indication that the comment was about a backdoor-type vulnerability?
"It's not technically hard to make a device that complies with the FCC that listens to nonpublic bands but then is quietly waiting for some activation trigger to listen to other bands," said Eduardo Rojas, who leads the radio spectrum lab at Embry-Riddle Aeronautical University in Florida. "Technically, it's feasible."
To prove a device had clandestine capabilities, Rojas said, would require technical experts to strip down a device "to the semi-conductor level" and "reverse engineer the design." But, he said, it can be done.
You don't like that the government colludes with captains of industry to improve it's national security posture utilizing coercive methods and appealing to baser instincts through guarantees of quid pro quo tier mutual preservation?
Oof. Well. Alls fair and all that. That's just how the game is played. Hate the game. Not the player.
Seriously though, this type of thing has kept me up at night for years.
Reminds me of some young adult book (written by Tom Clancy IIRC) where the main informant had backdoored the generic mouse drivers and had access to most computers around the world or something. It’s been over 15? years since I read them. I don’t remember the name. Net force?
What they didn't realize was that several years earlier that as a part of my work I'd been given the job of investigating if backdoors had been installed on certain critical hardware.
Yes, it's palpable and it's been so for a long time, unfortunately I'm not at liberty to be more specific.
Don't be fooled by the deafening silence from hardware types. Knowlwdge of existing treats and the current 'security' climate/milieu along with basic commonsense ought to suggest this problem is already with us and will be increasingly so in the near future.