Yes, though it's worth noting that what finally got Vaughn was a mistake in OPSEC - an area where he was generally quite careful. He used one of his hacker identities for an online gaming site, and tied it to a mobile phone number; and then later that site was itself hacked and user records were released, which eventually led to Vaughn's identity being compromised.
It's quite interesting, really. Krebs's blog post on the subject (linked in the article) is worth reading.
Biting the hand that feeds IT
