I wasn't referring to corrupting the backup directly -- but corrupting the data as it is written to the backup server. This can be done by compromising the backup client, through a rootkit, etc. If this is undetected for a year before the attacker pulls the final trigger, you have a year's worth of bad backups.