Looks like he had some serious sysadmin / hosting / coding experience;
https://www.linkedin.com/profile/view?id=11796569
Find it hard to believe someone with this experience would make mistakes like using his own IP / daily browser to login to the SR2 admin interface, and also rent servers in his own name.
You're only as strong as your weakest link.