Spammers noticed that their own sites got nuked from the results when they used an automated tool (XRumer) to point thousands of low-quality links to these sites.
So with a paid product that was now useless (or less useful) for linkspam, they now turn it around and use it for blackmail: Pay us or we point all these links to your site.
There used to be a time when the majority of these links were simply ignored by Google. They were worthless for both linkbuilding and negative SEO. This may or may not have changed with more recent updates.
In all of this spammers are largely sailing blindly and most of their analytic "insights" are circumstantial. Pointing a large amount of XRumer links to a site may only be a single signal to start a deeper investigation: if that turns up nothing spammy, chalk it up to ineffective negative SEO, and investigate deeper.
Google used to ignore the spammy SEO links, but you can work around that by just spamming even more of them and hoping that the 1% that slip by will have a positive effect. As a result of that, Google changed their ranking system so that the spam links that do get caught have a negative effect on your rank. Which sounds like a good solution, but they have no way of confirming whether the site owner made the links or not. So now we have blackmail like this.
I assume Google is aware of this issue and has a system in place to try and prevent it, but good luck getting support if it screws up and your site falls through the cracks.
Google's official position is that even though they're penalizing sites for incoming links, negative SEO is impossible. So yeah - good luck getting any help from them.
