In this case, I think the charge fits the crime. This is a pretty bog-standard MITM attack with a clear-cut motive and intent to cause harm. It wasn't simply that they were mirroring a connection to others, but that they had compromised it with the purpose of tricking the users.

None of this is to say that overkill doesn't exist in the intelligence/policing communities. But this guy was running a Kali Linux social engineering party trick from 2013; it's about as clear-cut of a computing crime as you can get.