out of time, barest gist til next year: back when doing wifi security research and other interests [trunc.] received an FBI black bag job; presumably physical focus due to non standard OSes and FDE. IBM keyboard internal chip replaced with identical logging variant; note that this is not as sophisticated as the more recent TAO toys with covert RF channels and active, on-demand capabilities... the keyboard tampering: https://peertech.org/dist/baghw04.jpg https://peertech.org/dist/baghw05.jpg https://peertech.org/dist/baghw06.jpg which is for all intents and purposes otherwise visually undetectable using this trojan chip technique, tailored for every common manufacturer. while that was not bad, aside from leaking tamper event, the FDE was so sad/funny. a screw amuck, replacement drive significantly different (when compared to identical lot mate purchased with original that got yanked for offline attack) https://peertech.org/dist/baghw01.jpg https://peertech.org/dist/baghw02.jpg https://peertech.org/dist/baghw03.jpg --- in a round about manner this was all instigated in part by wifi research done at the time which put various powerful entities into a tiff. here's what the pacNW sample looked like back in early 2003: https://peertech.org/archives/wifi-scan/ "Cleartext Nodes: 8755 (62.59%) , WEP Nodes: 5232 (37.40%)" ... ah, memories :) --- one last fun learning by example: consider that you thwart direct physical access black bag type attempts, and are not running a vulnerable router/CPE, and present a sufficiently compelling target, you may encounter a clever "just outside the property line" isolation and active attack on DOCSIS uplink. (a broadcast medium is hard to mess with in a covert manner, unless you're able to isolate target from the local broadcast loop itself.) https://peertech.org/dist/docsis-mitm.jpg (circa 2007 - make note of image comments and also single "Comcast tech" shielding self behind door...)