I have to say – this does actually sound like sense prevailing in a US extradition hearing, for once. As an aside, if they say a simple bit of malware on a student laptop is enough to compromise a university's domain and need a $5,000 cleanup, then the IT department is basically admitting criminal negligence...