I'm not saying the machines attacking you aren't violating the law. I'm saying that publishing an IP address of someone's router, along with step by step directions of how to log into it, along with screenshots of you logging into it, is a violation of the computer fraud and abuse act. The law doesn't care where you got the address. And the reality is that that router's owner probably has no idea they are part of a botnet attacking other machines. I suggest you go back to university and take a few computer ethics courses before you wind up with a criminal record from your next project.