From that article:
A large botnet of infected computers or other Internet-connected devices is the most plausible explanation for such an attack. That would explain how the attack occurred, but it doesn't shed any light on why it was carried out. It has also renewed calls for networks to implement BCP 38, an Internet Engineering Task Force standard for defeating IP address spoofing. Many networks enforce it, but some still don't, and they're the ones making such attacks possible.
From that article's comments:
For anybody who was wondering, BCP 38 is a 15 year old proposal, and it's pretty straightforward to implement - in most cases it'd be a single firewall rule on an ISP's customer-facing router(s).There's no justification for not implementing it basically everywhere.
Where are the root servers and who controls them?
People have legitimate, non-malicious reasons for wanting to spoof an IP address.