The server connection logs with tens of thousands of failed attempts to access the private server have been provided to the authorities. Attempting to access and obtain information from a computer/server is a federal crime under the Computer Fraud and Abuse Act (CFAA), as well as the Stored Communications Act (SCA). Not only is this a crime in the US, but internationally as well. The Council of Europe's law is known as The Convention on Cybercrime (ratified by 47 countries) and is enforced by Interpol.
The connection logs have each and every failed login attempt timestamped with the source IP. Hiding behind a VPN will not help or absolve any perpetrator against prosecution. ISPs and other telecommunications entities will cooperate with authorities.