Hackers and spammers are criminals, and they are very unlikely to use valid information to get a dialup account anyway.
Just grab one of the 2 million AOL CDs which arrive in your mailbox each week, and sign up using a stolen credit card. By the time your free month is up and AOL realise the card is stolen, the criminal has switched to another dialup account. This isn't even going into the details of anonymous proxies, zombie networks and the like.
If you're in the US, unless you can prove that more than $5000 damage has been done, it isn't even a crime - and the FBI aren't interested unless the damage exceeds several hundred thousand dollars. Same goes for most other juridictions, too.
Well it is most likely that the police will not do anything. They did dial in from somewhere. Unless along with there aol cd stollen credit card with address and name to match, stollen username and password, not to mention the anonymous proxies and other such things they are using, they also started breaking into houses to use others phone lines...
the information to find out who it is is most likely there, just might not be worth the time to get it when it would not be easy to charge them with anything...
I don't believe that the people doing things like this take that much care in hiding there identity because with the laws and what law inforcement is willing to do for someone sending email isn't all that much.
I have just received an abuse warning from my host! I believe the security holes are now closed but it is very frustrating that my business could effectively be suspended due to the abuse of a third party!
The ISP will only ever reveal their client to the authorities who make a request with an appropriate warrant. They will never disclose more than that to you as it would put them in the position of them breaking the law for letting out confidential information. However, if you know the ISP, file an abuse report and they can take action to shut down the dialup account at least.
Shady - send a full report and explanation of what happened to your host - but if it is as you say that your client was careless with his password, then your client must take some of the responsibility.