Of all the attacks a nation state could do, surely finding a few talented people to get PhDs in the appropriate fields and go to work at Intel and collect a paycheck along with a nice stipend from the nation state is likely among the easiest.
Why bother with employees - just go give money to intel to do this. Intel as a system is designed to produce chips that work a certain way, and my understanding is that said system is rather good at what it does, dedicating the time and energy of many rather smart people to making sure things work the way they're supposed to. Why risk throwing a monkey wrench into such a system when you can just point it in a different direction?
AT&T and Verizon don't have 'plant' employees. Much simpler - and legally, safer - to just give the bag of money straight to the corporation.
There's more than one country interested in pulling off these attacks. The US can say, "Do us this favor and we won't look too hard at your tax avoidance schemes," but China or Russia might have an easier time planting a few employees.
When you have the kind of money and influence that the NSA and CIA have, you probably do both.
As for other friendly and less-friendly nations, I'd be very surprised to learn that there weren't any other nations represented in the ranks of Intel engineers.
I'm not sure it's all that easy, since a) you can't know exactly how good someone is going to turn out to be (you can probably get close through), and b) you can't tell what Intel will be hiring for later, and c) to increase your odds you probably want more than a few people in this program to achieve at least a few people being hired in positions that are useful.
That said, the main hurdles seem to be managing people and funds, which government agencies seem pretty good at figuring out. So maybe not all that easy, but maybe not particularly hard either. The biggest problem might be keeping it secret, given the number of people that might need to be involved that are clandestinely working for a TLA but not as their main job and not steeped in the culture of secrecy.
Isn't it unlikely that an individual engineer (or even a handful) could effect a design level compromise on such a massive project as building a processor? Not only because of the managerial oversight they'd have to circumvent, but because of the overall system complexity. As sibs have pointed it, it would seem much more practical to just compromise Intel at a corporate/managerial level.
> Isn't it unlikely that an individual engineer (or even a handful) could effect a design level compromise on such a massive project as building a processor?
Yes, very unlikely. Something like the Intel Management Engine would be a much easier target.
You can reverse engineer the EFI modules, build a whitelist based on known safe code, and then detect subversion at Intel, so this is not a good strategy for serious adversaries.
In theory, sure.
Is it sufficiently simple that people will do it in practice? (I don't know, I expect you would know)
Wouldn't the malicious alterations introduced in a scenario like that most likely be exploitable defects that could be explained away as mistakes? If they accumulate too much around certain people that's suspicious of course, but it seems like it would often be difficult to downright prove that someone intentionally broke the security of a rather complex system.
The point is that it doesn't matter what the typical person will do. All that matters is that somebody, somewhere reverse engineers the EFI binaries, and that it's easy enough for normal people to run a program to check their current EFI against a whitelist of known good EFI binaries.
This is a banal point, except: if the threat is that Intel (or some other huge vendor) backdoors their EFI binaries, it will get out that they did so. It's not "the perfect crime"; it's practically the opposite of that: one guaranteed to be detected, and that will exact maximal damage on the perpetrators when it gets out.
