"At the time of writing the site uses 21 virtual machines (VMs) hosted at different providers. [...] All virtual machines are hosted with commercial cloud hosting providers, who have no clue that The Pirate Bay is among their customers."
They may "have no clue" but it seems like that's only because they don't care and haven't looked. I don't see anything in the article that would prevent the providers from figuring this out unless I'm missing something.
Apart from the external-facing proxy (which is the most exposed link in this setup), these VMs don't need any sort of public presence. Unless the provider inspects processes running on all their customers machines, all they can see is a VM with opaque VPN connections to a few external ips.
I think only the load balancer would be vulnerable to discovery. Everything behind the load balancer could be a secure connection to a completely different datacenter if needed.
"If someone is paying the bill, do they really care?"
So you could cross reference names of the people raided with payment information of the VPS providers (usual suspects or top "n" providers let's say). Of course that could be hidden as well.
Other issue is how does anyone know this isn't misinformation anyway and that the VPS providers don't play a role or not as much of a role as is indicated. Just because someone is writing this or because they said it?
What advantage does it have for anyone (like this) to reveal anything about how they are situated security wise if not to lead people off the beaten track even given some possible marketing advantage?
It's not about the money, it's about not being able to care and survive as a business.
Because then they would also have to care about the thousands of other VM's that may run all kinds of stuff that is illegal somewhere, questionable, politically, socially, culturally or commercially sensitive etcetera.
No ISP can afford to be proactive about this. They cannot afford to care. Or even know.
