How the criminals known as "the NSA" can subvert you
A Subverted Organization, Role-by-Role, Attack-by-Attack
1. The person handling the supply chain can buy compromised parts from NSA.
2. The systems architect can weaken total system security with a bad design choice or with an obscure interaction between components.
3. The software engineer coding a security feature can sabotage it.
4. The auditors/testers looking for problems can ignore specific vulnerabilities.
5. The service reps that help the customer choose the product that provides the necessary level of protection can mislead them into buying a weaker product.
6. The project managers can declare certain hard to exploit vulnerabilities as "theoretical" or "not cost effective to fix," then tell the NSA about them. One could argue that this is exactly what all NSA assessments with source code do. ;)
7. The people that write policies on detecting problems or compliance issues can leave out something.
8. System administrators can use logical or physical access to pull details on systems or backdoor them.
9. Maintenance personnel can do any of the above if they have access to the computers or customer data.
10. The company's head lawyer can create fake NSL's sent to his or her department to request information or force backdoor implementation.
11. A member of IT staff might accidentally give a partner organization with intranet access too much privilege. And they do the attack.
12. People maintaining the firewall or access controls might slip up.
The common denominator: all of these involve insiders and each was "probably an accident.... well that's all that's provable." That's the dark beauty of well-executed subversion. ;)