1)The Carpathia Hosting company execs who e-mailed with two of those indicted, who received megabucks, and whose names are given as initials, DS and JK. (Added: My assumption the intials belong to Carpathia execs as opposed to execs of another hosting company may be incorrect, see comments below.)

(2) a few employees who are referred to as "non-indicted co-conspirators", which is a pretty good indicator they assisted the investigation to get out being charged themselves or for lesser charges; and

(3) the criminal search warrant that was issued in June, 2010, in the Eastern District of Virginia, a copy of which was provided to both Carpathia and Megaupload.

While the the Indictment doesn't say what the warrant was for, it's seems to me it was for the Carpathia servers in Virginia that hosted Megaupload.

ttt. On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were believed to be present on their leased servers at Carpathia Hosting in Ashburn, Virginia.

On or about June 29, 2010, after receiving a copy of the criminal search warrant, ORTMANN sent an e-mail entitled “Re: Search Warrant – Urgent” to DOTCOM and three representatives of Carpathia Hosting in the Eastern District of Virginia. In the e-mail, ORTMANN stated, “The user/payment credentials supplied in the warrant identify seven Mega user accounts”, and further that “The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2000 different users so far[.]” The Mega Conspiracy has continued to store copies of at least thirty-six of the thirty-nine motion pictures on its servers after the Mega Conspiracy was informed of the infringing content.

According to the Indictment, the examination of material stored on the servers extended to November, 2011. The Indictment was returned January 5.

... As of November 18, 2011, more than a year later, thirty-six of the thirty-nine infringing motion pictures were still being stored on the servers controlled by the Mega Conspiracy.

This part of the investigation -- on the servers -- was likely complete by November 18 or so. They probably spent the time between November 18 and Jan. 5 doing the paperwork to get approval from the Organized Crime and Racketeering Section to indict on the RICO Counts and taking the case to the grand jury.

During all the months it was examining the servers and e-mails, pursuant to the search warrant(s), it left the servers in care of Carpathia. The indictment says "Carpathia Hosting continues to provide the Mega Conspiracy with leased computers, Internet hosting, and support services as of the date of this Indictment."

I think a fair reading of the e-mails between Kim DotCom and the Carpathian hosting company execs is that they all knew other versions of infringing material remained on the servers after they complied with take-down requests.

aaaa. On or about January 13, 2011, DOTCOM sent a proposed Megaupload.com public statement regarding piracy allegations against the website to hosting company executives DS and JK. On or about January 13, 2011, DS replied to DOTCOM: “It looks accurate to me. good luck.” The same day, JK replied, “Using the words, ‘….vast majority is legitimate.’ Opens you up. It’s an admission that there are ‘bad’ things on your site. I would get rid of that so it simply reads that it is legitimate.

Then there's the money:

The Chief financial officer of Carpathia is referred to as WR. WR also appears to still be the CFO of Carpathia. Yet, while the indictment seeks all criminal proceeds, and lists the payments to Cardathia, and bank accounts have been seized, it's not clear that it's going after Carpathia for the money:

It was further part of the Conspiracy that multiple transfers, which involved proceeds of criminal copyright infringement in the Eastern District of Virginia and elsewhere, from a DBS (Hong Kong) Limited bank account for the Conspiracy were made in and affecting interstate and foreign commerce by a member of the Conspiracy, and the transfers were directed to a PNC Bank NA account for Carpathia Hosting in Richmond, VA, including the following:

a. On or about December 20, 2010, a transfer of approximately $720,000;
b. On or about March 31, 2011, a transfer of approximately $1,060,274;
c. On or about May 5, 2011, a transfer of approximately $950,000;
d. On or about June 2, 2011, a transfer of approximately $950,000; and
e. On or about July 5, 2011, a transfer of approximately $950,000.

It was further part of the Conspiracy that multiple transfers, which involved proceeds of criminal copyright infringement in the Eastern District of Virginia and elsewhere, from the PayPal account for the Conspiracy in Hong Kong were made in and affecting interstate and foreign commerce by a member of the Conspiracy to the benefit of Carpathia in Ashburn, including the following:

a. On or about October 7, 2008, transfers totaling approximately $90,000 to WR, the Chief Financial Officer of Carpathia Hosting;
b. On or about May 30, 2010, transfers totaling approximately $688,852 to WR, the Chief Financial Officer of Carpathia Hosting; and
c. On or about July 2, 2010, transfers totaling approximately $688,852 to WR, the Chief Financial Officer of Carpathia Hosting.

...From on or about March 1, 2007, through July 3, 2010, payments totaling approximately $13 million were transferred in and affecting interstate and foreign commerce through PayPal by a member of the Mega Conspiracy to WR, the Chief Financial Officer of Carpathia Hosting.

Isn't it a little curious that Carpathia Hosting isn't mentioned as being a co-conspirator? Is it because they have no liability, or because they cooperated?

Carpathia does have clauses in their contracts and terms of use referring to the obligations of their clients not to post infringing content on their servers. Is that enough to shield them?

In 2007, when Megaupload signed with Carpathia, Carpathia issued a press release. They surely knew how huge Megaupload was and how much bandwidth it used:

March 1, 2007 — (WEB HOST INDUSTRY REVIEW) — Web hosting provider Carpathia Hosting (carpathiahost.com) announced on Thursday that it will provide hosting services for online storage and file downloading services provider Megaupload (megaupload.com).

According to Alexa.com, Megaupload is ranked as the 12th most popular site on the Web, attracting over 1,500,000 unique visitors per day. Carpathia will provide the online storage provider with fully managed dedicated servers with redundant 20GB switching and routing infrastructure.

“To win the business, we bench tested every component from the edge routers to the servers to eliminate possible bottlenecks,” says Rick Smith, CEO of Carpathia Hosting. “What we found was that even the most premium of equipment required augmentation to allow the 12TB servers to push the large amounts of bandwidth needed to support Mega.”

Since none of the major execs at Carpathia seem to have left the company recently, I'm guessing they aren't in any trouble. But that still leaves the question, why not?

As to the e-mails in which possible employees are referenced by initials as undindicted coconspirator's, there are these:

qqq. On or about February 1, 2010, BATATO sent an e-mail to an unindicted co-conspirator with the subject “[tradeit] – Campaign stats” stating “We can’t deliver [Hong Kong] traffic because the company is based in [Hong Kong] and we don’t want to experience any trouble with license holders etc. Remember, I told you about that topic ;-)”.

bbbb. On or about January 27, 2011, ECHTERNACH received an e-mail from an unindicted co-conspirator stating that “video resource sites such as youtube which is our source for videos which we upload to megavideo.”

Why aren't they charged? It sounds like these two unindicted co-conspirators are company employees who cooperated in exchange for not being charged or getting reduced charges later.

One last thing, on a semi-related topic. There's an interesting reference in the Indictment to Kim Dot Com being displeased with some competitors. So what does he do? He rats them out to Paypal, trying to get their accounts canceled.

On or about October 14, 2011, DOTCOM sent an e-mail to a PayPal, Inc. representative indicating: Our legal team in the US is currently preparing to sue some of our competitors and expose their criminal activity. We like to give you a heads up and advice you not to work with sites that are known to pay uploaders for pirated content. They are damaging the image and the existence of the file hosting industry (see whats happening with the Protect IP act). Look at Fileserve.com, Videobb.com, Filesonic.com, Wupload.com. Uploadstation.com. These sites pay everyone (no matter if the files are pirated or not) and have NO repeat infringer policy. And they are using PAYPAL to pay infringers.

I'm out of time, but I intend to come back to these topics and bring in the other mega-company involved with MegaUpload to see where it fits in: Cogent Communicaitons, which according to the Indictment, owns and operates 43 data centers around the world:

Megaupload leases approximately thirty-six computer servers in Washington, D.C. and France from Cogent Communications that are used for the Mega Sites.

The Government didn't sever that relationship either:

Cogent Communications continues to provide the Mega Conspiracy with leased computers, Internet bandwidth, hosting, and support services as of the date of this Indictment

There's also Adbrite, the ad agency in SF that according to the Indictment, paid Megaupload $840,000 in ad money. And one more loose end: whoever Megaupload paid $185,000 to for this:

87. It was further part of the Conspiracy that on or about November 10, 2011, a member of the Conspiracy made transfers of $185,000, for the purpose of promoting criminal copyright infringement, associated with an advertising campaign for Megaupload.com.

It sounds like that money went to produce the MegaUpload song that all the music stars appeared in. There's no mention in the Indictment of who actually received that money: The music stars, or someone else, or whether the recipient of the funds is facing criminal or civil forfeiture exposure for accepting tainted funds.

The Government has a master plan here, from the use of RICO (rare in a criminal copyright infringement case), to the carefully made plans to coordinate with New Zealand to do the takedown, and with Hong Kong to do bank seizures. The feds were out to make this the biggest test case ever. And yet, it's primarily built on servers, emails and dollars. Megaupload may have done all that's required in responding to the violation notices. That's one area that does need litigation and a decision.

And given that the investigation began around March, 2010, and continued to November, 2011, it's unlikely the charges or arrests had anything to do with SOPA or the protests. The arrest date was clearly picked because the others were flying in for Kim Dot Com's birthday party and they had the opportunity to arrest them all at one place.

Most of the case is pretty straight forward: they sent subpoenas to Paypal; they got search warrants for the servers with the e-mails, possibly hosted at Carpathia; search warrants for the other servers at Carpathia (and maybe at Cogent); and seizure warrants for the funds in the banks. Using RICO, they likely also got restraining orders. They have a lot of documentation. What they need now is for the law to be on their side. That seems to still be up in the air.

I hope DotCom and the other 3 get bail. They seem to be inclined at this juncture to fight, and this is a battle that could take years. Defending a lawsuit while incarcerated is always tougher and wears clients down. It restricts preparation and time with counsel. It's like fighting with one hand behind your back. At least on bond, they can help their attorneys prepare the case. To be continued.