Could mobile phones become a source of such attacks ?
Depends both on the phone and on the network. But since Dyn-style attacks don't use IP spoofing, it doesn't really matter.
J-F's question was not about ip spoofing, but rather the infected devices being behind nats. in the states, much broadband is not behind a cgn, but is behind home nats. more mobile is behind cgn [0]. cgns mean fewer visible attacking source addresses. it would be interesting to see the home-soho vs cgn distribution of attacks such as krebs and dyn.
If the number of infected devices in eastern USA is insufficient to have caused that DDoS, can one infer that the attack used an actual IP address instead of the anycast one in order to target the the eastern USA hosts irrespective of the location of the infected device?
No. Anycast addresses are real IP addresses.
true.
There isn't a "real" address to attack.
usually false. dns clusters have management interfaces. i suspect the congestion pattern attacking them would be different than that of attack on the anycast; but that is conjecture. randy -- 0 - to get an idea of the vast scale of cgn deployment see philipp's preso of our imc paper from ripe 75