So if I understand correctly this can be used to install a persistent hardware rootkit on the chipset that listens for a "secret" knock procedure with TCP (because it has access to the NIC) and then in response to the secret signal modify the host OS kernel through DMA-access to disable for example all access checks [1].
Imagine infecting a machine with this either before delivery (requires physical access, but should be doable for FBI/NSA/foreign-counterpart) or in a "rent a server" situation. Most providers will allow you to rent a full server with root-access for a month and then cancel the contract. I'm assuming those servers get re-used if they're not too old.
Imagine infecting a machine with this either before delivery (requires physical access, but should be doable for FBI/NSA/foreign-counterpart) or in a "rent a server" situation. Most providers will allow you to rent a full server with root-access for a month and then cancel the contract. I'm assuming those servers get re-used if they're not too old.
[1] Code to disable access checks through DMA has been around for a long time: http://www.breaknenter.org/projects/inception/