This was a misguided attempt at pen testing by a person unfamiliar with security protocol. It was foolish, but there was no profit motive, no information leak, no damage or deletion to systems or data. Furthermore, he contacted his target and told them exactly what he did.<p>The perp should certainly receive some sort of penalty, but it doesn't deserve steep fines or imprisonment.