I remember in high school poking around a network drive until I found an executable with the name "SEND" in the name. I had a sense that it would send some kind of message somewhere, but I honestly didn't know where or to how many people. I was quite surprised when all the screens in our computer lab froze and, five seconds later, my message appeared on all of them. (I later learned that my message appeared on every desktop screen in the school!)
I'm not sure exactly how they found me out, but I was called into the IT admin's office a couple of days later. She was furious with me. I told her the truth. I didn't know what exactly would happen when I ran that command, but she didn't buy it. Fortunately, nothing ended up happening after that.
I've wondered to this day what exactly they could have done to me if they decided to press whatever legal authority they might have had to its fullest extent. I was never told "don't go to Z:\" or "don't run any program other than those on this list." Even after I was found out, I wasn't ever explicitly told that my actions constituted unauthorized access.
It was a different, perhaps more innocent (or ignorant) time back then. How much have things changed now?
I didn't think much of it, but some other students caught wind. Before I knew it, the superintendent threatened to have the police involved and press legal action for "hacking confidential student data."
It's CYA all the way, usually at the expense of the person in the chain least equipped to cover their ass (the student).