Actually, I think they're mostly just trying to be pests. They only get a few tries before it goes CAPTCHA on any given handle. So it's not like they can be very effect with brute force attempts with a large password dictionary driving the attempts. That is, the likelihood of successfully logging in is extremely low and only a nearly sheer dumb luck hit on a handle with a trivial password is even likely at all.
The spammers try to register and login themselves. We get them. We've always gotten them. The defense we have up now has been the best so far; it really, really cut down the number of nightly new registrations we used to get. The people that get through today, do so in pretty small numbers, and they're generally very obvious. And it's very easy to clean them up and delete everything they did. It's probably more of a pain for them to register than it is for us to clean them up. With that said, a few get a little further than most now and then.