There are examples of course about warning about planted explosives etc (The IRA did this all the time), but these never include an invitation to apprehend the actual culprit - but rather as terror tactics in their own right.
And once they've reacted it's very hard to admit they are wrong or ever let go (as in they are unwilling to accept PR/blame). Just to avoid the .001% chance of headline "FBI had perpetrator in custody but let him go!"
Sadly, the public is a ignorant, fickle, short-sided, lynch mob. Public facing organizations are(have to be) driven by risk mitigation rather than being effective.
Examples: https://en.wikipedia.org/wiki/Real_Irish_Republican_Army and https://en.wikipedia.org/wiki/Chronology_of_Provisional_Iris...
My hometown is mentioned, there was a successful bombing; so when a secondary school student made a bomb threat from a public telephone it was taken seriously. I was only 10 years old at the time, so beyond the evacuation of the school and surrounding buildings I don't recall any more details.
Does anyone offer services in this area and how much would it cost him?
If I were him I would sell them and buy new ones.
He would not sell these devices. He would be someone who feeds false information into them to screw with people that are on the other end, and laugh manically while doing so.
In all honesty, I think a security researcher would be more curious figuring out what they did.
But another thought that crosses my mind is that future disclosures and research may give him new insight to inspect the equipment and try to understand the extent of potential compromise. I would replace it but then hold onto it forever. Twenty years from now, the parts could be a goldmine for documenting what will surely be a historically significant time in the world of surveillance and privacy.
a LOT MORE
The allied forces did this during the second world war. They could not admit that German encryption had been cracked, so if their only source of knowledge about an event was through breaking of encryption, they would not act on it - even if by doing so, large numbers of civilians would die, because in the long run - far more would be saved by bringing the war to a quicker end.
So is this evidence that he didn't actually do that, or just that the FBI was unable to decrypt or otherwise get anything useful from his devices?
Part 2) I don't know
 http://www.slideshare.net/EC-Council/a-funny-thing-happened-... (slide 10; apropos nothing, this was a very boring and actually mildly annoying talk)
There's no telling who's done what to it or what kind of nasties are now in the firmware.
Sure, the equipment might not be trustworthy in a secure environment, but I highly doubt that anyone would really be interested in a high schooler doing his/her CS homework on it.
at the same time I wonder if crazy US agencies wouldnt call for treason charges after Kaspersky discovery of an implant, or even before, or even claiming his equipment is federal property now like in the case of GPS trackers.
I'm going to say "yes", since it seems that simple accusations of treason are enough to declare, say, a whistle-blower to be a traitor.
In the end, you're effectively a traitor when someone with sufficient power says you are.
He will probably be happy to receive this gear back to begin messing with people potentially on the other end. I wish I could find the video, it was a recorded talk.
The devices absolutely cannot be trusted.
Whether a person cares about trusting the FBI or not (or thinks they're happy with just flashing the firmware and replacing the harddrives) is another thing.
E.g. I would trash the computer bacause you really can not be sure what was done to it.
But, in this case. I seriously doubt this guy is worth trouble... Unless government knows more about him than we do (e.g. he sells stolen intel to highest bidder).
Then the FBI will be knocking down someone else's door.
The amount of engineering the Feds would have to do to ensure a hack evades those two safeguards is prohibitive.
For all we know, this kind of thing is nearly COTS in the FBI/NSA/CIA/TLA world. The question becomes: do they let one of their toys fall directly in to the hands of a security researcher?
They would be stupid to do that. On the other hand, some agencies better than others . . .
If you're insinuating they do this already, then don't you think that would have been the very first bomb dropped by Snowden? Snowden had access to everything. You don't spin up a department like that overnight, it takes years before the department will work well enough to rely on in different situations.
Also, just because they have people that can compromise individual devices in the context of a field operation doesn't mean those people are available for regular law enforcement ops, any more than you could get an NFL coach to head up your son's kiddie league team. The scale of engineering is totally different.
Documents have shown the NSA takes active interest in privacy and security advocacy groups, the EFF sounds right in their ballpark.
Massive-scale, actually: full-spectrum.
There are no aspects of modern technology infrastructure that are off the table in these realms: all systems are targets. Planet-wide.
So, its not just that the NSA will be reprogramming firmware or putting key sniffers in your macbook or writing 0-day exploits. Its that they'll listen to everything, anywhere along the wire, as they see fit.
Now, assuredly there's people out there that support field operations that could study the individual device and then exploit it given X number of days. To go from there to assume that USG can undetectably compromise most, or even a large enough subset of devices, is paranoid. The scale of that problem is much larger.
USG focuses on backdooring crypto for this reason. Much easier to compromise a few algorithms than it is to backdoor every device.
Fact: NSA/et al. have a complete catalog of devices they can easily implant in any consumer/corporate/civil/military computing device. There is a veritable market within these spook agencies, as customers of each other, such that reaching for a phone-book sized volume of catalogs is where the implant selection process starts ..
There is also much evidence that our CPU's are designed for intrusion in the first place. This is the scarier scenario: it doesn't matter how secret you think you are, if you didn't make your own CPU, there's a back door.
Why would a serious person, especially a security researcher, write a tweet except to manipulate the press or law enforcement?
How about a little white-hat opsec and infosec?