Not completely sure. I’d speculate authorities could just work backwards through the webhost to shut down services if he did not comply. Maybe all they needed was ip addresses or numeric identifiers from the vendor account. Maybe real name wasn’t needed to shut all his stuff down.