Are you saying that the two sessions were NEVER active at the same time and one of the sessions was always done via terminal server? The other concern is "inside intel from other people" which I find impossible to believe. If he were actually doing this, why on earth would he inform someone else and risk exposure? I find the "other people" somewhat suspect. What does monitoring (watching) another member's posts have to do with it? Members monitor other members all the time I'm guessing for whatever reason. I guess what is missing for me is compelling evidence so far.

One more important question: did you run the same algorithm against all members?

>>I'd like to ask you if you PM'd the person you suspected of this, prior to merging the accounts. I don't mean a PM to Grover ... that wouldn't accomplish much.
>
>No, based on the level of trouble the member is causing, we may or not proceed to immediate lifetime banning procedure to simply sending an email to the member and exchange. So, there are all kinds of variations.
>
>>I see that you've merged the accounts this evening and it appears that you believe it is Kevin. He told me a few minutes ago that he didn't do it and that he never received a PM from you to "cease and desist". He's a little pi$$ed off about it right now. He said he'd email you.
>
>Yes, I have been receiving quite a few emails from him, from an additional point of origin, and I had to block that one as well at the firewall level as I was starting to feel it as harrasment.
>
>>Here's another question: is there any way that people can spoof IPs? I assume that's your main proof to determine who's accessing both accounts.
>
>Yes, professional hackers can do a lot of things. In my POV, a professional hacker, and I would say there are about at least a thousand on the planet that can break anywhere such as banks, etc., can do IP spoofing. So, yes, there are a lot of bad people out there.
>
>No, the IP information was not used in this case to identify the member. The 15 pages evidences from the analysis (I mentioned 12 earlier but I made a mistake) was from the use of an algorythm, which involves the comparism between the usage of both accounts at the same time from two points of origin, one local and one from Terminal Server, combined with corelation data, analysis of content, inside intel from other people and more. Just as an example, the exact pattern of the first algorythm was used four times in one single day where when one usage of the account, once stopped, was corresponding a few seconds later to the start usage of the other account, then, exactly when the other account was stopped hitting the site, the other account was back in. This was like that for a few days, and we are talking about seconds of difference between both usages. It took me a while to implement that analysis on that specific algorythm, but once I got it rolling, it was a perfect match. The repetition was exact at a precise time. I couldn't have been more precised if I would have done it myself. The reply to himself was also another spoofing that I saw before from another member here. That did not led me away. This is a little trick I have seen a few times. Just go back to 2001 and do a search for someone not using the site since years, not under his name for sure since then however, but in that circumstances, the member was, if I recall correctly, professional enough to confirm that he did it and we merged the data after.
>
>Now, assuming someone else would have been involved, where the efforts would have been coordinated between the two parties, the owner of the main account would have still be responsible for the situation.
>
>Assuming someone else would have been invovled, where the owner of the main account would not have been involved, it would then have meant that a hacker would have been in total control of his PC and watched exactly his hits on the site and once stopped, would have triggered other hits from the fake account. But, then, there wouldn't have been any way for a hacker to determine if the main account holder would have been done in his session. So, this had been eliminated from the equation right at first.