You do realize that the transaction you are using to find the OP's alts was broadcast just today and was likely signed from the OP's hacker, if he actually exists. This means that other people's hacked wallets/private keys could have been part of this transaction.
Are you meaning the hacker had Alaki's private key and imported it into their wallet with the other keys? Possible I guess, far fetched, but possible...
It is possible that the hacker collected various private keys via the hacking of multiple computers and then spent the BTC all at the same time. This would be the expected behavior if the hacker does not have a script to automatically spend/sweep the btc contained in the private keys stolen.
if however the addresses can be linked together from previous transactions then it would be more clear that these accounts are in facts alts of the OP.