I also just confirmed that I have an old-as-hell unencrypted backup on dropbox, though it may still contain the necessary addresses to be responsible for that transaction (I'll have to verify).
My money is on this or malware.
Bitcoin has such low public awareness that the chance of your network admin being aware of bitcoin and dishonest enough to steal your wallet seem pretty low.
However, there must be hundreds of dropbox admins, and it would surely be pretty easy for them to do a scan of their storage for any bitcoin wallet, then take a copy. All it takes then is one dodgy dropbox employee. That seems more likely than it being your particular network admin.
Old unencrypted wallets can easily contain addresses that are current thanks to bitcoin's address pre-generation system.
Similarly, one bitcoin-aware malware author can easily add a "copy wallet.dat" to their code and get large scale theft.