Is this a case where a government has compromised a system, and the administrators are legally bound to remain quiet about it?

If so, why not compromise the system yourself, and then advertise that? Accidentally leaving your SSL private key online temporarily would do it, surely?