One thing the leaks have reveal is that the NSA invested significant effort in compromising/backdooring hardware. Now if I were intent on compromising hardware to increase my reach, my prime targets are going to be the makers of routing & switching hardware. Someone like Cisco perhaps.
Do you have any idea how many such hardware blackboxes lie between any two locations on the net? All that would be needed is a single vulnerable/backdoored one in that path, configure it to DNAT & SNAT through your MITM host ..
I highly doubt there're very many places out of that reach. Especially not smaller providers.
When you start going down that line of reasoning, virtually every chip in every computer in the world "could" be backdoored. Again, the costs and technical challenges of doing this wholesale across a long line of products across many hardware vendors is practically impossible. I'd be more worried using Huawei gear, anyway.
At this point I might just feel more secure running Huawei gear (as I type this at home on a Lenovo Thinkpad connected to an Aerohive access point plugged into a Cisco ASA firewall).
Do you have any idea how many such hardware blackboxes lie between any two locations on the net? All that would be needed is a single vulnerable/backdoored one in that path, configure it to DNAT & SNAT through your MITM host ..
I highly doubt there're very many places out of that reach. Especially not smaller providers.
edit: s/setups/providers/g