Perhaps the lowest-bid contract company that made the site decided to use something like amazon glacier for storage of boring documents nobody will ever need. Then along comes someone that causes them all to be extracted at great cost, some middle manager receives a bill for $millions and wants to blame the kid rather than his own failings.
(added: the link to evandentremont.com elsewhere in the comments discusses how this was supposedly discovered, and other details of interest.)
that would make its own interesting information request. you probably couldn't directly ask "how'd you find him out?" at this point, but you could ask for maybe IT costs per month over the last X months broken out by organization the money was paid out to.
also possible (probable, even, in my mind) he just crawled too hard, the machine was slow, and the folks in the office working on it complained. (god only knows how much processing the service does behind the scenes when a PDF is requested. for all we know it is being reassembled from tiffs of individual pages every time.)
The truth is even sadder than you might expect (the rest of this post is a quote from this article[0]):
Conrad said the breach was detected by a provincial employee, but it was a fluke.
“The employee was involved in doing some research on the site and inadvertently made an entry to a line on the site — made a typing error and identified that they were seeing documents they should not have seen,” Conrad told a technical briefing.
There's a bit of a leap from that to knowing this dude had done the same thing? That describes the employee finding a vulnerability. It probably took some study of the logs to find "the breach". How many similar breaches by actors overseas and less-vulnerable Canadians did they ignore?
Perhaps the lowest-bid contract company that made the site decided to use something like amazon glacier for storage of boring documents nobody will ever need. Then along comes someone that causes them all to be extracted at great cost, some middle manager receives a bill for $millions and wants to blame the kid rather than his own failings.