Obviously the university did not practice due care and due diligence in the protection of their systems. The reason, as best practices, you are supposed to put up banners and even minimal protection mechanisms is so someone can't say, “Ooops, I accidentally invaded that system.” If you can prove that someone bypassed some sort of authentication mechanism, then you can prove that they knew they were somewhere they were not supposed to be, even if you don't use any “hacking” tools.