[worstspotgain]

How convoluted, insidious, and camouflaged can a hidden backdoor or exploitable intentional defect be?

If hacking or subversion is possible, it has been tried and will be again. If anyone is going to try it, chances are Putin's people will.

It's by far the sneakiest, most advanced cheating and infiltration apparatus humanity has ever known. It inherited a large "meddling war chest" from the Soviet Union, then invested heavily into it for 25 years. The Internet increased its opportunities a million-fold. Its semitransparent tentacles are now embedded into nearly every consequential organization on the planet.

Consider the xz episode as a baseline. It was fairly sneaky, but it was introduced by a newcomer to the project and affected mostly existing code. A more elaborate exploit might be submitted with a new feature by an established maintainer.