[imglorp]

The article said something about messing with traces on the circuit board to hide a component.

I think it would be far more likely to start with a well known component like a network or bus drive and produce a modified chip with identical packaging and markings. Only one person in the board vendor's supply chain needs to swap spools of tampered chips into the manufacturing stream.

It could sit dormant in most situations unless it saw, say, Pentagon LAN traffic. This means the EBay case is covered; the machine would be normal for everyone else, including the board vendor's QA.

You'd have to simulate the target's traffic to see the board doing something wrong. Or decap the chip and read it out.