Yes, but there are a few details that ars is not mentioning. They didnt just "access" the website. The website needed registration. These people had registered accounts. They did not stumble upon it by accident. Then the malware was limited to those accessing the "hardcore" section. Those accessing only legally grey-area material (ie nude but no sex acts, or images where age was questionable) were not caught up. Deliberately trying to access material you know is illegal, then actually doing so, is a crime.

There were no doubt other steps taken to limit the field of people to charge. Shared computers and shared IP addresses (vpns, school networks etc) seem to have been deselected. The man living on his own, with his name attached to a non-proxied internet connection, makes for an easy prosecution. They must have a far longer list of suspects ... who may now be on some sort of watch list. I suggest they think twice about boarding an international flight with a laptop. Expect to be randomly searched.

In many countries, even trying to access child pornography (even without necessarily having success in doing so), is a crime. I'd assume the US to be the same.