That is pretty funny because decades ago we used to remotely compromise university HP 9000 systems, create new privileged accounts, and apply the latest patch sets to the system to close up any security issues. I would assume that is a pretty common practice, you don't want someone else messing with your system. I would bet the investigation didn't go far enough.