278
Hacker dad who faked death to avoid child support sentenced to prison
(arstechnica.com)
This is a most excellent place for technology news and articles.
I would guess the number one way he was found was internal security systems in each of the hacked systems.
Cybersecurity involves lots of automated systems that "alert" system admins when it comes to strange patterns.
Like... This user is logging in from an unrecognized IP from an unrecognized geo-location during a time the user usually would be asleep. The user in question has never logged into the system from that area or IP, nor do they do it when they're off the clock in the middle of the night. These unusual details would trigger an alert sent to a sysadmins cell phone, and from them they would begin digital forensics to try to pick up the trail of who this was.