But they aren't illegal, contract law is a civil matter. So far what you're doing could be "illegal", i.e. a threat.
Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system.
Could care less about ToS. It's a load of crap and won't hold in court.
You need to prove two things at the same time, that the website was hacked AND it was used for a dishonest intent. The ball lies in your court,
Here is a definition of dishonesty: http://en.wikipedia.org/wiki/Dishonesty