Bill Franz: look at the IBM research report "Thirty years later: lesons from the multics security evaulation" paper by Karger & Schell. They describe successfully inserting backdoors into an OS. The back doors were distributed (incl. to P-gon) and only discovered a year later.
Cheers
