You've got a point, but on the other hand, what if someone codes up such a "hack" and puts said URLs into some harmless looking web page, and I click on it. Am I now guilty of hacking AT&T?
I'm tempted to say that at the very least, URLs that don't involve remote code execution should at the very least be not considered hacking. If the URL calls a server which executes code in exactly the way it was designed to if you access that URL, then it shouldn't be hacking.
If the URL causes the server to execute a code of logic it wasn't designed to, and wouldn't have done without injection of code... well, maybe its hacking.
I'm not completely happy with this definition because I'm sure there is a blurry line here somewhere, but its a heck of a lot more sensible than just some attorney general arbitrarily saying some URLs are OK, and some are not.