It's quite trivial to track them down. Many people have the skills and tools to do it. I believe they've already been ID'd.
I'm always reminded of the Dan Pearl kidnappers sending emails to U.S. news organizations using a Hotmail account. Hotmail embeds the source IP of the sender in every email. IIRC several of the perps were nabbed less than a week after Pearl's disappearance.
It was never reported, but I'm almost certain those emails pointed right back to the Internet cafe in Karachi, which was put under surveillance, the owners questioned, browser caches examined, and then they waited for them them to return. Busted.
BTW, I don't think their PGP emails are immune to being cracked by a serious entity with serious compute cycles. They make think so, but this is the caliber of jihadi we're dealing with.