In addition to spoofing MAC addresses, the ad-hoc network was a mistake, because it established a connection between those two addresses. If they had both joined the same public hotspot and then hid their messages in the noise that most personal computers spray all over their local networks (often to broadcast address - no traceable recipient there) they could have at least obscured the two parties.
And if they didn't show up like it was a meeting - if they just both happened to frequent two nearby establishments, and occasionally they were both there at the same time, then surveillance of one party wouldn't lead directly to the other party.
As for wifi, it's pretty well made for untraceable communications, since it's everywhere, it's generally broadcasting frames even when it isn't connected to anything, works through at least a couple walls, etc. Go to coffee shop / book store, turn on laptop, don't connect to wifi, spout off a few probe requests a second, turn off the caps-lock light to indicate that someone else out there is spewing beacons back at you, then wait for your transfer to complete, all while reading through some really really interesting PDFs you downloaded from somewhere beforehand. Wifi beacons and probes leave pretty much no record anywhere, except Kismet, where they're often ignored because they're so filled with garbage. And you can spoof different MAC addresses on each frame, so you can make it look like they're coming from a handful of different machines.
Of course all that would take a bit of coding and planning... So some combination of VPN and TOR, and just swap encrypted files around on a secure server in a safe place, just make sure it doesn't make you look like a kiddie porn ring instead of a spy ring.