Proxied

Somebody has just committed fraud, and the Feds have traced it to your IP address, they have issue a warrant and are getting ready to kick down your door... but you have done nothing wrong, you have been used as a proxy for an unknown attacker, but do the Feds know this? Do they even know how to check? Do they even care?

Proxies are common place now in Malware: Socks 4, Socks 5, HTTP proxies are found in rxbot to Poison Ivy. Hardware Firewalls can by bypassed via UPnP or by reverse connecting RATs/Proxies (Such as D3XT3R's Reverse VB Proxy RAT).
Its not just PCs which can be used: Routers, Switches, Firewalls, even your Website, could be turned into a Proxy for an attacker; and its not just proxies! VPNs, RDP, VNC, and other Remote Control tools can hide an attackers traces and are traded on the underground daily.Then theres Wireless! There are websites dedicated to teaching how to break into Wireless Access Points (WAP), an attacker can join the WAP and launch an attack from there. "What about there MAC address?" I hear you cry! Its very easy to change your MAC address, and can be done on ANY operating system.
The majority of the above have no logging and no way to trace the attacker, especially if its to late.

You dont even have to infect a victim to be anonymous; theres online webservices which provide anonymous browsing, VPN services which provide anonymous encrypted traffic which can anonymize all kinds of traffic. Then there the TOR network which was designed by the US military/government for its agents abroad to send data anonymously. There are also misconfigured proxies: there are lots of websites dedicated to finding and listing these proxy servers and they generally become victim of multiple attacker using them for a variety of different purposes.

So where is this all going?

Well the whole point of this is that we can no longer look at an IP address as being unique to a user. I do not know if an IP address 'as the source of attack' would stand up in court as being the critical piece of evidence to put somebody away? I dont know if the Prosecutor (Feds) or the Defendant (You) would have to proove if the IP address in mention was compromised (or NOT compromised (based on the theory of "innocent until proven guilty...")).
What happens if somebody uses your WAP HotSpot Username/Password and launches an attack? You could say that your MAC and the Attackers MAC address are not the same, but then again how cheap are USB WLAN devices these days? The Feds could say you brought one, launched the attack and discarded it, then again, you could have just changed your MAC address as above.
But would somebody be stupid enough to use there own registered Hotspot Username/Password to launch an attack? Look at Garry Mckinnon: He purchased 'Remotely Anywhere' with his real name, credit card etc, and then went and installed and register it on NASA & .mil computers using HIS real name & email address... Stupid people make the world go round...