Here's my story and I'm sticking to it.
I operate several web sites. I was checking my personal website on the server side last night and noticed several new directories that I am positive I didn't create. I wouldn't create a directory called
www.paypal.com 2008.bak.
So upon further investigation, it turns out that someone hacked my site from a London IP, dropped their paypal hacking stuff in there and proceeded to do their thing. But this isn't the issue.
The issue is, I contacted the web host I use and haven't heard back. so I called the local FBI office since I figgured it was international crime. No, contact the florida department of law enforcement.
OK
Called FDLE, no, you need to contact the local sherriffs office.
ok
Called Seminole county SO. No, you need to call the FBI.
So, here I sit with a paypal spoof site on my server, 50,000 illegally obtained email addresses with MD5s, and a chat log of 2 guys doing a transaction to sell/buy those 50k email addresses.
Before you say anything, I have already reset all account names and passwords to the site.
So who do I report this to?