It's my understanding that members of HNMLSs were targeted. Either the hacker went to the LS websites and looked at the rosters, or just kept a list of people that were in behemoth's dominion, dragon's aery, or valley of sorrows near king windows.
When they went to send the mass-tells they probably just had a 3rd-party program that entered the appropriate text into the FFXI client. Or they simply used cut & paste via a windower.
It would be really hard to goto the police for something like this for a couple of reasons. First, you didn't actually have anything stolen since the account is actually owned by SE. Second, whomever did the hacking probably lives outside of the local police's jurasdiction.
With regaurd to banning IP-addresses or blocks of IP-addresses:
This is both impractical b/c large ISPs and universities have blocks of IP addresses which are assigned randomly and b/c it's relatively easy to go through a proxy to get around such a ban.
A more effective way for SE to combat repeat offenders (which would also hit some legit players with less than great credit) would be to stop accepting prepaid gaming cards which are anonymous. If they ONLY accepted credit cards for payment (and account activation), they'ld be able to do a relatively simple check to see if a new account (or an account who's payment information changes) is really a previously banned player.