I'd argue it's likely one of 4 answers:
1. It could be a banned botter trying to cause as much financial damage as possible, and because of this, he's not restricting his attack to just iRO.
2. The PServer theory is possible - they're afraid of lost business, as some of them actually rake in some serious cash. At that point, I think they've upgraded from leeches to lampreys, as they aren't just feeding off their host, they're killing it... but I wouldn't put it past some of them.
3. Some bored script kiddie with a botnet wanted to point it at something that would be noticed, and decided a larger game has too powerful and hardened of a network to hit, but this one would be large enough to still be noticed.
4. A disgruntled, fired employee (could be at any RO company) wants revenge. While not a common occurrence, they would most certainly not be the first company this has happened to.
Possibilities I don't think are likely are:
-DDoSing to cause account access would be pretty stupid, given that with that many accounts compromised, they're obviously going to have to do a roll back, and anyone who got anything in the brief time before everything blew up isn't going to be keeping it. It doesn't mean someone isn't dumb enough to try it anyway, but... yeah.
-Doing it to attack iRO specifically is obviously not happening, as all revo-classics are being hit.
-I doubt it's a competing game of any kind, as that goes into corporate sabotage territory, and they'd end up getting sued for a multiplier of the damage they cause.
There's a good chance we'll never know for certain. Even if they manage to catch the guy, it's probably not the sort of thing that's going to land in the news.