My understanding is that a sufficiently motivated state can find any computer criminal. It's just a matter of following them long enough until they slip and make an opsec mistake.
Usually the mistake is talking too much. Jeremy Hammond (Stratfor hack) had really good technical opsec but made the mistake of talking about his IRL exploits to Sabu which led the FBI to connect his online identity to his IRL political activism. Had he kept his mouth shut he probably would have never been caught.