I've long thought that NSA and CIA would be buyers of access to botnets with backdoor access to people's machines in the US and abroad. You can buy surreptitious installs of your own malware from other malware providers very cheaply - usually under $1. $300 million and you have the whole US covered. It wouldn't surprise me a bit if there is a budget for this, with agents actively interacting on forums, buying (and supporting) certain areas of the cybercrime economy.
Or you know, he's referring to actually physically bugging the machine with a hardware keylogger. Which, for someone you're interested in, is way more reliable then simply hoping they're still using unpatched Windows.
That seems like a lot of work and far more targeted than would be consistent with their recently revealed MO (although I am certain they do this in limited instances where "necessary"). These programs seem to have a primary aim of maximum efficiency and mass surveillance. Deploying hardware doesn't seem to fit that description.
I think he's referring to how the CIA was able to get the Stuxnet/Flame worm to disrupt the Iran nuclear centrifuges.[1] If the CIA or NSA want to put a virus on your machine, they can. Easily.
They can literally plant a worm or virus anywhere they want, because humans make mistakes. Heck, imagine they have hacked into the Windows auto-updater somehow and your own computer downloads and installs software on the first Tuesday every month without you even doing anything.
I've long thought that NSA and CIA would be buyers of access to botnets with backdoor access to people's machines in the US and abroad. You can buy surreptitious installs of your own malware from other malware providers very cheaply - usually under $1. $300 million and you have the whole US covered. It wouldn't surprise me a bit if there is a budget for this, with agents actively interacting on forums, buying (and supporting) certain areas of the cybercrime economy.