Valid point. I guess what I meant by legitimate target was "do something they want to specifically know about enough to relatively targeted attack" (ie: analyst wants to know something) as opposed to everyone else who they just want to scoop us as much data about but is currently of less interest.
I would say after watching this almost everybody could be a target of state interest from VCs to a janitor with a cellphone who works at a network they want into http://youtu.be/3jQoAYRKqhg (FosDem2014 presention) and especially if you have any kind of trust in an open source community and your patches are accepted blindly.
Personally if I were an evil intel agency I'd be going after GPU developers and manufacturers at all costs to get at their firmware sources or even possibly find ways to sabotage it at the source. It's the final frontier of awesome evilware potential.
- the execution of GPU code, and transfer of data between device and host do not require admin privs so it will always run regardless of what the host system privilege settings are.
- Malware w/Nvidia GPUs can be statically linked with the CUDA library in a standalone hidden file that never touches the operating system.
- GPU memory is not shared with the CPU so encrypted malware can reside there undetected.
- Run-time polymorphism: malware GPU code can be re-encrypted with a new random key thus mutate in completely random ways that would be difficult to detect even if you dumped the GPU memory on a regular basis.
- GPU NSA code can easily access the screen framebuffer, and broadcast a live link of whatever somebody is doing.
- GPU NSA code present the user with a nothing is wrong desktop pretending the virus scanner is still running, hiding daemons, presenting false browser screens hiding the fact SSL certs have been rejected, all sorts of evil.
