If what I did is a crime under US law then yes, in the US. If what I did involved accessing servers in Austrailia, from the US, then again, only if what I did is a crime under US law then yes, in the US. If I claimed in an online chat that I attempted to derive a password from a hash and failed, while I was located in Mexico then no.
The idea of a government's authority being derived from a consent to be governed was expressed very early in the US of A's declaration of independence to Britian: "That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed" and I think this is a reasonable stance.
It sounds like you don't believe in extradition at all, but there is precedence for this and most western countries are on board. It's not just the US, UK, and Australia.
And the conspiracy wasn't just cracking the password, it was explicit intent to crack it for unauthorized access to classified military intelligence.
In limited cases I support it but I believe some type of consent to be governed is required, I consider physically visiting a sovern nation as implicit concent to be governed by their laws. I'm opposed to the notion that any government be able to determine the authorization for information access and excerpt authority on foreign citizens.
And that decision is up to the country who has him in custody, which is the UK right now. They've refused extradition for hacking before in the case of Gary McKinnon [1] due to fears that he could end up in Guantanamo so we'll see, now that Guantanamo is effectively closed for entry.
The idea of a government's authority being derived from a consent to be governed was expressed very early in the US of A's declaration of independence to Britian: "That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed" and I think this is a reasonable stance.