As a PyPI package maintainer, you've been tasked with ensuring the security of Python packages on the index. But you've noticed a suspicious user attempting to publish packages without proper credentials. Can you use your cybersecurity skills to investigate and stop the hacker before they compromise the security of PyPI?