CIA must have a bunch of embedded workers at Apple, Google, etc all adding subtle bugs that can later be used to hack the devices and services. I imagine other intelligence agencies must have them too. If they don't, then they're not doing their job.
How about every other intelligence agency in the world though? I'd be shocked if Chinese and Russian intelligence haven't infiltrated every major US tech company.
I'd be shocked if they'd all managed to embed agents in all of them. Intelligence agencies aren't all staffed only by super-competent elite agents as portrayed in films like the Bourne Identity.
Having said that, we do know for a fact that some US companies and research establishments have actually been penetrated by Chinese agents because some of them have been caught. The problem with taking advantage of such agents though is that they not only have to get a job, they also have to get access to whatever the agency is targeting. In a company like Apple with extremely tight internal security that could be pretty challenging.
During the Cold War, the KGB did much more seemingly far-fetched things to infiltrate the institutions of their adversaries. Infiltrating Western technology companies, who knowingly hire foreign nationals who are presumably loyal to their home nations, is easy pickings by comparison.
Getting agents in the ranks to do some corporate espionage is one thing, and I'm sure that's happened as well; in fact, I'm sure that there are relatively small companies who regularly do this (probably by setting up a contracting relationship; it's possible some of the company's employees are unwittingly participating in such schemes).
Getting listening devices installed/activated on every device is a whole 'nother ball park. To the extent that foreign intel services are doing this, my belief would be that it's only by infiltrating so deep that they learn the secrets of how to activate and utilize the monitoring agents installed for American intel services. That's not outside the realm of possibility, but I wouldn't call other nation-states incompetent for not yet having done so.
There is also reverse-engineering, which seems like the more plausible scenario through which foreign intel services would gain access to embedded spy hardware. They just send a device back to their labs for serious reverse-engineering and learn the secrets from that.
>Getting listening devices installed/activated on every device is a whole 'nother ball park.
It's not that hard really. Anyone who's worked on a large codebase knows how easy it would be for someone to slip in a vulnerability that looks like a simple coding mistake. There's even a contest for producing such code: http://www.underhanded-c.org/
Keep in mind that Western tech companies knowingly hire tons of foreign nations who are presumably loyal to their home nations (as is natural), and a large portion of whom have their entire families still living there too.
(Which is not to say that they shouldn't hire foreigners. There are similarly bad incentives for domestic nationals as well, who can make hundreds of thousands of dollars per exploit on the grey market. The problem is that the engineering processes and standards for software are nowhere near as robust as they need to be considering the ubiquitous access to and control of our society that technology has.)
You've said the loyal thing twice now. Being loyal to your country is not the same as being disloyal to your company; it's also quite insulting to suggest that I'd betray my employer just because I'm a foreigner.
Many, if not most, people would put their nation before their employer if said employer is primarily an asset of an adversary nation. I don't think that's wrong or insulting. It's also not meant to be accusatory. I hesitated to write because I figured someone would get their feathers ruffled, but it's just realistic. Tech companies, the software and devices they create, and the data they have, are of national security significance. We should shape our threat models as such.
I never said the CIA always conducts itself legally. My point was that "their job" is defined by the law. CIA agents infiltrating American manufacturers to break their products, even if intended for foreign customers, is illegal and thus not "their job".
> would wikileaks exist
If I understand correctly, you're saying Wikileaks' existence is proof of the CIA's impropriety? That assumes anything secret is illegal. Not true. Classified information is legal [1].
Yes. An intelligence agency can operate lawfully (and with a higher ethical standard than any other intelligence agency), and still have enemies who intend to expose secrets.
