He got locked up, and banned from the world of computers
for the computer equivalent of flagrant trespassing...
What he did was not legal, and was invasive, but I have
never seen how he caused serious harm to the companies
he was sneaking through - enough to be punished like a
major criminal, and locked away for over five years.
People steal cars, stab each other, or embezzle millions
yet wind up with sentances not much worse than Kevin.

I think Kevin was a REALLY curious kid, who 
considered it a challenge to be nosey, and poke around
other people's computers over infiltrated networks.  
Along the way, he learned quite a bit about how to 
navigate those networks, and criss-cross between multiple
machines and subnets, hoping to keep from being identified.
(it worked for a while, but the feds ganged up on him)

From anything I've read- Kevin was probably an anoying pest,
that rambled through computers, sniffing around, uncontrolled.
He went places he shouldn't go, but was still a computer 
tresspasser.  He didn't destroy computers, or delete their
files.  He didn't change accounting data, so he could take
their money.  He did't get into corporate espianage, selling
sensitive information to the competition.  I don't think he
wound up making a financial profit, through his 'hacking'.
In some instances, he did copy files, like computer code from
Sun- which they claimed millions of dollars loss for... That
seems extreme.  If he had sold that code to another company,
or even turned it loose on the world- then Sun could claim
that their product marketability had been compromised, and 
resulted in financial losses- but I don't see that being true.

In many ways, I see Kevin's actions being similar to the kids
from Mineapolis, (here)
that sneak around Ford's tunnel system,
and grab a few poctures & stories in the process.  Yes, they
are trespassing- but I don't think they are going in there to
loot, destroy, or cause problems.  They wanted to know "can we
do it", to plan things out, get past security, and see what they
find.  In fact, if you look at their web site, they even have a
code of conduct- so they aren't causing so many problems that
they can't go back, and security is made tighter.  In some
ways, Kevin seemed to share this sort of exploration focus.

If someone can show me information to the contrary, where Kevin
was destructive, or causing direct harm to the companies, and
government agencies, or stealing money, or selling private
information, or trashing files, then I'm quite willing to look.

So-- after I've rambled on... I don't think Kevin got off easy
compared to the severity of his crime.  Granted, I would not 
want a dozen Kevins wandering around my network.  As sysadmin
and network admin, you would feel insecure, and not know what
was going to happen next.  Sooner or later, something is going
to break, or leave a mess, or a different kind of person will
exploit those same security holes to completely trash your
system...  Some degree of paranioa I can understand, but putting
Kevin in jail for years, and banning hime from his life's focus
for longer-- that's somewhat harsh.

My opinion.
Worth what you paid for it.