Crack a password. Use SQL injections. Steal a credit card. Spoof someone else's MAC and IP. Steal a cookie. Something like that.

He was accused of using a guest network account on MIT, with a fake name, new MAC and IP, and throw-away email address. From there, he used a script to download lots of JSTOR documents.

This isn't the internet equivalent of "checking out too many library books". It's the internet equivalent of "checking out too many library books whilst wearing a false mustache".

So it should only be illegal if a hacker wouldn't think it's lame? Got it.

Nah. It should only be illegal if normal people can't do it. Most of what Aaron did is stuff lots of people do.

There's a difference between wearing a dummy badge that says "I am Gary Host", a badge that incorrectly says "I am Bill Gates" (as that would be some kind of identity theft) and forging a passport in "Gary Host"'s name. What aaronsw did was far closer to the first.

Now, you could argue that scripts are power tools, and using them requires a higher standard of behavior. If you are driving a plane, giving dummy credentials over the radio is a lot more serious than a kid with a toy CV radio.

Even then, the dummy credentials didn't really cause any damage. The damage was done by the script itself. Even if he used his real name, the damage would have been done.

As a hacker, I think this would solve a lot of problems in the world. ;p

I did not say that it was not unauthorized access, just that hacking (in the breaking into computer systems sense) involves actually breaking in.

Changing a MAC address (on a device that you own and control) does not constitute hacking. It is as simple as ifconfig(8) and if you have a consumer router it probably has an option in the web interface to do it.