If you knew anything about the way the internet is structured, monitored and operated; you'd know this sort of attack isn't entirely untraceable, it's just difficult to find the perpetrator unless you happen to be actively monitoring them.
When Russian hackers shut down Estonia's internet capability, many of the computers sending the spoofed packets were found and cut off from the internet. It's expensive and mostly useless to mount a trace against computers sending spoofed packets, but sometimes it's more expensive not to trace. Keep in mind that log retention in places like Europe will enable tracing spoofed packets long after they're sent.
The botnet game has advanced. Simple IRC botnets that worked well in the year 2002 are a liability these days. Read up about the folks caught operating botnets and you'll find they're all running relatively primitive operations. There are P2P botnets that utilize encryption to avoid detection and countermeasures. These botnets are fully capable of performing spoofing attacks like those described in your article. I'd speculate that these botnets are mostly used for things other than DDoS attacks, but when they are used for DDoS the owner is paid accordingly.
I have trouble believing that there aren't many people who are both knowledgeable in TCP/IP and good at writing C code. Both of those are essentially basic knowledge in their fields. It's possible that not every programmer fully understands TCP/IP, but it's unlikely that most network savvy folks don't know C. I think it has more to do with the fact that the folks with the required knowledge understand that DDoS attacks are brute tools which harm more people than just the intended victim(s).