They have been practicing for years on a large scale. It has become something they have worked on for a long time.
I know the guy that has the most successful security software company for mainframe computers. IBM tried to buy his, ended up acquiring the 2nd best from holland.
This guy wrote the UN policy for mainframe computer security.
China approached him and wanted to have him put a company in China, only two requirements, hire Chinese and source code must be in the country.
he knew how dangerous it would be to put source code in their hands for security and declined. IBM however did put an office in China and you have to ask if they put their source code for security there. Can you imagine the danger posied if they had access to source code.
I believe it.