It sounds like they installed it on a virtual machine and it acted like a remote access tool, like you would expect it to. The only thing they claim makes it a hacker tool is the fact that it doesn't ask for consent when it's being used, although it was installed on the machine by an administrator which could be considered consent. The real problem appears to be a complaint that a malicious email installed it on someones computer and it was used for malicious purposes. Just because something can be used for illegal purposes doesn't mean that's it's intended use. To me it seems like arresting a Ford executive if someone uses their cars to intentionally run someone over.