Because of how starlink works, they have to aim satellites specifically at areas for data to flow. They have the ability to turn regions on and off (ie, satellites over China).
They know exactly where the transceivers are and based on movement patterns, probably which side they are on.
Unless he is feeding that position data to the Ukrainian military, he knows exactly who is using them and letting it happen. He didnt sell them the dishes, but he lets them be used.
Are you saying there is no authentication whatsoever to use it and anyone with the receiver in Ukraine can just use it?
I don’t have starlink nor used it, but if it’s anything like other commercial sat internet providers, you register your modem’s MAC address or other identifier with the satellite operator and that basically enables you for transmission. It could be that these modems were already authorized for transmission before resale to Russia. You can buy starlink modems in big box stores now so I’m sure the transmission process is automated as well.
That is what’s happening.
SpaceX knows which satellites were sold to the Ukrainian government though and could apply additional filtering. That’s the easiest first step.
To prevent Ukrainian dishes from falling into Russian hands you’d also need some sort of rolling authentication code so the dish becomes inoperable after a period of time.
Simply being in Russian territory doesn’t guarantee a Russian is using it as it could be Ukrainian special forces deep in enemy territory.