So someone is going to access your camera, power it off, flash a custom firmware to it that they have themselves written that gives them backdoor access to the camera, somehow set it up so that it also has network access that you cannot see on your firewall or network monitoring tools? Then they login to your servers and hope that you don't have any logs enabled that automatically get sent off to a cloud server somewhere. Sounds like your friend has some three letter agency enemies.