[inchcombec]

You're assuming that the local IT staff regularly monitor network traffic and are generally competent. Sadly, that isn't always the case. The attacker may also only need a few hours to get the data he is after, a fairly small window. As well, they'd have to be monitoring internal traffic, not just outgoing, as with one of these plugged in an attacker would be on the internal network. Most likely this type of attack would have to be detected by noticing that someone was accessing files, or trying to anyway, they had no business accessing rather than network traffic per se.

I like the idea of a signal booster. That is actually a great idea for disguising these things. I've seen these things before and figured it would be best to just run the Ethernet behind a printer or something and hope that people don't notice it was still continuing on past the device, but your idea is even better. Everyone complains on some level about their Internet, just install the 'signal booster' to give them a stronger connection. ;-)