it's easy to track down an attacker if they do not spoof their IP, at least to track it to the network it came from. Its something the victim can do.
tracking down the network a spoofed packet came from can be quite a bit more difficult; If you have access to all your routers, you can track it to the peer or upstream the traffic is coming from, but it might be a peer of a peer of a peer (or a customer of a customer of an upstream of an upstream) requiring quite a lot of cooperation to track down.
Don't forget the first "D" in "DDoS." The Storm botnet, at its peak, had estimates between 1 and 10 million computers. Many, many more botnets have between 100,000 and 1,000,000. It would be far easier to get ISPs to cooperate with a backscatter trace on one or a few computers spoofing random IPs than to track and shut down hundreds of thousands of computers.
tracking down the network a spoofed packet came from can be quite a bit more difficult; If you have access to all your routers, you can track it to the peer or upstream the traffic is coming from, but it might be a peer of a peer of a peer (or a customer of a customer of an upstream of an upstream) requiring quite a lot of cooperation to track down.