You could totally put computer virus malware in a mouse!<p>A USB connected device could not only be a mouse, but running, say, an Arduino or similar, record sound, broadcast data wirelessly (even over cellular networks), and respond to an external remote control.<p>It could enter keystrokes into the computer. It could open a shell, pipe arbitrary data into a file, execute the file as an application and communicate over USB serial with the application on the computer.<p>Another example: <a href="http://hackaday.com/2013/01/26/extracting-data-with-usb-hid/" rel="nofollow">http://hackaday.com/2013/01/26/extracting-data-with-usb-hid/</a>
The official report in PDF form is at <a href="http://www.oig.doc.gov/OIGPublications/OIG-13-027-A.pdf" rel="nofollow">http://www.oig.doc.gov/OIGPublications/OIG-13-027-A.pdf</a><p>Worrisome is that they got so far before someone put a stop to it. I wonder how widespread such thinking, or lack thereof, is?
The solution here (if you want to solve this) is go work there!<p>Apply for jobs at clueless government agencies and solve the problem from the inside. Not just this agency, FBI, NSA, CIA - all the agencies you love to criticize.<p>Regulatory capture also works in a different way: The people who are most interested in something are the ones who will work on it. So environmental boards (for example) get "captured" by environmental extremists since they are the ones most motivated to run. Then you get stupid laws like banning plastic bags in favor of environmentally worse paper.<p>This is probably not the best option for a young "hotshot", but if you are a bit older and want more stability in your life go apply at exactly the place you most criticize.
Devil's advocate here (I happen to agree that the agency is clueless): what if they were concerned about cracked devices ... perhaps keyloggers, that sort of thing?<p>They claim to have been concerned about espionage, perhaps hardware destruction is a reasonable response.