Sounds like a scare tactic to me.
If he did has his IP address what is he going to do with it? You leave traces of your IP all over the internet, but I thought Xbox services automatically hide your IP.
Even if by some obscure chance he could launch a DDoS attack (which I doubt)... then if your nephew is on a dynamic IP it's so easily solved.
Although that said, this would not be a standard DDoS on a [web]server sat in some data-centre with a big fat internet pipe right next door.
This is a residential broadband connection which uses shared resources and shared bandwidth. To reach the EU it will have to come through the ISP's gateway, over the backhaul, through god knows how many routers and a layer 2 switch at the exchange. If you think about it, the amount of traffic generated by
"10,000 zombie PCs" travelling down the back-haul to one particular home destination on shared bandwidth is going to attract a heck of a lot of attention elsewhere first.
No CP/SP is going to be happy about that and will likely have something in place at the gateway before it starts congesting their back-haul to a particular destination. They can't risk having a shed load of unhappy customers complaining their internet has ground to a halt too, so any wise ISP would surely have some form of ddos mitigation in place much higher up.
The house phone threat also sounds like total BS. I've never heard of being able to hack someone's landline just by phoning them up??