My guess is that someone created a new address and found 5.9 BTC. He transferred that to his other address. When this worked, he looked for more and created new addresses, maybe also new accounts. He was still online when the 99.989 BTC arrived and got a notification. 17 seconds should be enough to open the send tab, enter 99 BTC, fill in the address (it was probably in his autofill history), and click send. It was a lot of luck, though.
Your guess that it was not a bot is probably right, but you are forgetting that in order for the thief to generate the same private keys means he is also Blockchain.info user and they know who he is. Nobody who was not using their wallet had no chance of hitting those keys accidentally. The coins still sit there unspent:
https://blockchain.info/tx/68e250811c2ae572e79811960909b5b9f418d2c977f6ac50226748e3cb808a2aand the thief will have to return them to rightful owners in order to avoid being prosecuted, if he can avoid it at all since his actions are quite fishy.
The thief used Blockchain.info to transfer the money to 1M77f... The transactions have weak signatures.
I guess the address 1M77f is some address he had with a different wallet. The transactions sending the money further were not relayed by Blockchain.info.
Maybe he used TOR to access Blockchain.info, or maybe they already have his IP address, but prosecution would take some time, especially if he is from a different country.
I think my explanation fits Occam's Razor best. If someone uses the buggy version of Blockchain.info wallet and creates a new address, the chance is 40 % that he hits an address that was already used, so this part is not unlikely. The only thing that seems strange is the large amount. But unless you want to accuse the original owner of the 99.9 BTC that he had staged this to trick Blockchain.info into reimbursing him, you have to assume that this was chance. I don't think it was staged.