Given the leaks we've seen from Snowden, perhaps these situations aren't tinfoil hat territory anymore. I don't know of any instances of such things, but it probably should be discussed a bit.<p>For all sorts of objectives, government spy agencies have made a science of repeatedly putting spies, moles, and compromised individuals into places of power within other major governments (and even other spy agencies). Why wouldn't the same tactics be used in much easier circumstances like placing (or 'compromising') agents who are engineers, administrators, recruiters, or contractors at important tech companies?<p>Hiring: Do any of you know of major tech/infrastructure companies that consider such things while recruiting/contracting?<p>Threat modeling: Is anyone here including such possibilities in their security threat models for workflows, networks, and software? Rogue employees seeking personal gain (and sometimes corporate espionage) has come up in threat models we've done for years, but we never really considered imaginary infiltrators from one's own government, nor more complicated scenarios (such as an entire contracting company being a front for a 3 letter agency). The typical NDAs, contracts, and legal defenses clearly don't offer much in the way of protection/demotivation for those cases.<p>This might be too paranoid of a topic, but I'm genuinely curious if people are seeing signs that tech companies are mulling over such possibilities now (especially given how much heat companies are taking for government involvement).