Or maybe they hacked our Internets and burned down our firewall? Seriously, IP spoofing is not as useful as the movies make it out to be.
Spoofing IPs is easy, but it's only effective in a few situations, such as when you're sending a message with no expectation of a reply (e.g. spam e-mail, DDoS attack, etc.). If you're trying to break into someone's system, you need to be able to get a response back, and that means providing an IP address you can be reached at to your target. Now, you may try to anonymize your IP address somehow, such as through the use of proxies, VPNs, and other such technologies that can allow you to hide behind or within someone else's system, or you may spoof an IP address of a zombie computer you control and can use to route return packets to you, but at some point, an IP address you control needs to be provided to someone else, otherwise you have no way of getting back a response, and that address can be traced.
I think the point still stands that it's possible for an attack to appear to originate from a location different from where it actually did. What is to stop someone from using a hijacked wifi access point to attack servers in, let's say France, and then use those French servers to launch attacks on Australian businesses?
I have personally witnessed an attack where computers owned by an American company were infected with a persistent agent designed to infect computers in a specific business in China (during a visit of the American execs to the Chinese location), for the purpose of then using the hijacked Chinese computers to conduct industrial espionage against another American company which also conducted business with that Chinese company. The actual attackers were neither American nor Chinese.