Perhaps the IP is traced back to a coffee shop's wifi. Perhaps | Computer hardware and networking

Perhaps the IP is traced back to a coffee shop's wifi. Perhaps it is traced to another country or an anonymous proxy. Perhaps you trace it to a person and find out their system is infected with malware, allowing the attacker to use their machine for the attack without the owner's knowledge. Perhaps the attacker hired someone else to do the crime for them. These are just a few ways an attacker could make themselves difficult to trace.

On the other hand, attackers often make dumb mistakes even when they succeed in hiding their tracks well. 'Anonymous' gives a great example in another answer to this question where the attacker taunts authorities by posting a photo to Twitter, bragging about their role in an attack. Twitter attaches GPS coordinates to photo uploads by default. Many, many computer criminals have been caught because they can't resist bragging or boasting. Sometimes they're caught in very low-tech ways - bragging about it on a phone call after authorities' suspicions have resulted in a wire tap. Bragging about it at work. At a bar. On social media.

Many don't get caught though - the amount of effort that goes into investigating computer crimes is generally much larger than the effort it takes to commit them. Often, the crime just doesn't justify spending hundreds of hours trying to subpoena records from a South African ISP or trying to take down a small botnet run by the Russian mafia. Due to limited resources, often only the largest computer crimes get investigated.

Grumpy Kim, here is a start to a very detailed answer:

Hackers get caught no different than murders who get caught, they both leave forensic evidence behind. Here are some bullet points:

IP Addresses tracking back to suspect
Too much surveillance on target (many people dont hide ip address when doing surveillance)
Shitty proxy services (NSA, Warrants, Hacks)
Not using Live Boot Linux during hacks (No proof I did shit)
Witnesses (Bragging, using same alias, narcs)
Method of Operation (MO). Using certain tools in specific patterns link you to multiple other breaches. (North Korea)
Sloppy work. Your programming has references to you, your nationality, etc via typos, slang, etc. (Stuxnet)
Who you target. Target rich company in US and you will may have hell on you. Target some dumb kid while in Nigeria, no one gives a fuck.
Just plain dumb. This hacker left his metadata of his gf's gps location on her boob photo:

I'll let others add to the list... Sharing is caring
How come most hackers are never caught? Can’t service providers see where money was transferred to, in the case of bank or Paypal fraud?
How did the greatest hackers of all time (like Jonathon James and Kevin Mitnick) get caught? They managed to get into most secured networks but they failed to hide their identity. How and why?
How can I completely stay anonymous? What great hackers does to stay anonymous? I said great hacker, who have never been caught.
Great hackers not only don't get caught, they don't even get noticed. However, in the vast majority of cases, it's actually not that tricky to trace an attack, just time consuming and tedious. Here's how it works:

You find out something is compromised. Let's say it's a particular PC, though it could be an account, system, or data.
You look at all the accounts that accessed that machine. Then you look at all the machines that those accounts accessed both before and after accessing that machine. Also, you examine the machine forensically for anomalous files (unknown malware) or known malware. One way that great attackers hide is to carefully cover their tracks by altering log files and other traces of activity as they go. However there are ways to prevent this and it's difficult for the attacker to get it 100% right due to the myriad different logging and monitoring configurations in real world systems.