Crack a password. Use SQL injections. Steal a credit card. Spoof someone else's MAC and IP. Steal a cookie. Something like that.
He was accused of using a guest network account on MIT, with a fake name, new MAC and IP, and throw-away email address. From there, he used a script to download lots of JSTOR documents.
This isn't the internet equivalent of "checking out too many library books". It's the internet equivalent of "checking out too many library books whilst wearing a false mustache".
Nah. It should only be illegal if normal people can't do it. Most of what Aaron did is stuff lots of people do.
There's a difference between wearing a dummy badge that says "I am Gary Host", a badge that incorrectly says "I am Bill Gates" (as that would be some kind of identity theft) and forging a passport in "Gary Host"'s name. What aaronsw did was far closer to the first.
Now, you could argue that scripts are power tools, and using them requires a higher standard of behavior. If you are driving a plane, giving dummy credentials over the radio is a lot more serious than a kid with a toy CV radio.
Even then, the dummy credentials didn't really cause any damage. The damage was done by the script itself. Even if he used his real name, the damage would have been done.
He was accused of using a guest network account on MIT, with a fake name, new MAC and IP, and throw-away email address. From there, he used a script to download lots of JSTOR documents.
This isn't the internet equivalent of "checking out too many library books". It's the internet equivalent of "checking out too many library books whilst wearing a false mustache".