A coordinated investigation by the Associated Press and Frontline has uncovered how American technology firms and their infrastructure have become the backbone of an increasingly industrialised and globalised scam economy. The findings illuminate a troubling gap between the technical capability of major technology companies to prevent fraud and their actual willingness to do so, raising urgent questions about corporate responsibility and regulatory oversight in an industry that the Federal Trade Commission estimates cost Americans nearly US$200 billion in 2024 alone.
The investigation's most striking discovery concerns the upstream nature of the problem. While public attention has focused on social media platforms as the visible tools through which victims are targeted, the actual machinery enabling scams operates far deeper within the digital infrastructure. Satellite internet providers, artificial intelligence companies, and the backbone providers that connect the internet globally have become essential facilitators of fraud. Security experts acknowledge that these companies possess the technical capacity to significantly disrupt scamming operations, yet they face neither the legal obligations nor the business incentives to mount serious defences against abuse of their services.
Among the most revealing findings is the prominent role of American artificial intelligence tools in powering industrial-scale scam operations. Researchers identified two distinct software suites operating from compounds throughout Southeast Asia that relied heavily on OpenAI's ChatGPT and Google's Gemini, integrated with other AI models in systems that appeared purpose-built for fraud. These tools enable scammers to operate across dozens of languages simultaneously, generate convincing automated responses, develop believable personas, and track the performance of individual operators within their criminal organisations. Blockchain analysis conducted by TRM Labs revealed that individuals purchasing access to these systems generated tens of millions of dollars in fraudulent proceeds.
When confronted with this evidence, both OpenAI and Google responded by emphasising their existing anti-abuse programmes. OpenAI indicated that upon reviewing the information provided by investigators, it identified and banned three accounts that had been utilising its models to facilitate online scams. Both companies stated they maintain robust systems designed to proactively identify and disrupt fraudulent use of their platforms. Yet the investigation's discoveries suggest these measures may be insufficient to address the scale and sophistication of industrial scamming operations that have emerged.
The international dimension of the infrastructure problem proved particularly significant. An analysis of more than 200,000 device connections from four scam compounds linked to sanctioned entities in Myanmar revealed that one in five signals originated through US-registered companies. This represented a striking concentration of American infrastructure supporting Myanmar-based scamming operations. Companies including Cogent Communications, Oracle, AT&T, and DigitalOcean all hosted traffic from these locations, with international firms like Finland's UpCloud and Canada's GlobalTeleHost also maintaining US-based servers that carried high-risk connections from scam centres. The companies involved offered similar explanations for this situation, claiming they cannot observe the content travelling across their networks due to privacy-protecting design and that they respond to abuse reports when they receive them.
Perhaps most significantly, the investigation documented how Elon Musk's Starlink satellite internet service remains the dominant internet provider in Myanmar, including to scam operations, despite public commitments to crackdown efforts. In late 2025, Starlink publicly announced it had severed connections to approximately 2,500 satellite kits located near scam compounds. However, investigators found substantial evidence that scammers have continued accessing Starlink connectivity. Satellite imagery and device data provided by the International Justice Mission, an anti-trafficking organisation, documented at least 25 new scam compound sites constructed within Myanmar since the announced crackdown, with at least 13 of those facilities demonstrating Starlink usage. This data represents only a sample of total activity and likely understates the full scope of continuing Starlink connectivity to scamming operations.
The underlying economics of the situation illuminate why this problem persists despite solutions being technically feasible. Academic experts point out that technology companies possess extensive data troves that could substantially reduce illicit activity if applied deliberately. However, deploying such defences requires significant investment in monitoring, analysis, and enforcement infrastructure. Sascha Meinrath, the Palmer chair in telecommunications at Penn State University, articulated the fundamental dilemma: absent financial penalties or reputational consequences, companies lack rational incentives to spend resources combating scamming when they can continue facilitating it at zero cost. This structural problem explains why companies have been slow to voluntarily implement comprehensive anti-scam measures despite possessing the technical expertise to do so.
The situation differs markedly between the United States and other developed democracies. The United Kingdom, European Union, Australia, and Singapore have all implemented regulatory frameworks that require technology companies to take affirmative steps to prevent scams or face substantial financial penalties. These jurisdictions have recognised that markets alone will not produce adequate protective measures and have established explicit legal obligations backed by enforcement mechanisms. In contrast, American policymakers have relied on voluntary cooperation, with lawmakers and government officials requesting that technology companies collaborate in cutting off scammers from US infrastructure while declining to mandate such action through regulation.
The Trump administration's Department of Justice has taken some steps to coordinate industry response through the newly established Scam Center Strike Force, and government officials have begun explicitly framing the problem as one of American infrastructure being weaponised against American citizens. US Attorney Jeanine Pirro, who leads the Scam Center Strike Force, emphasised at a recent conference that when fraud is detected, industry must be equipped and prepared to prevent it. Yet this emphasis remains focused on industry cooperation rather than legal requirement, leaving open the question of whether voluntary measures will prove sufficient to address an international criminal industry that has become increasingly sophisticated and profitable.
For Malaysian readers and policymakers across Southeast Asia, the investigation holds particular relevance given the region's prominence in scamming operations and its exposure to both the criminal activity and the regulatory responses that may follow. The concentration of scam compounds in Myanmar and the use of US infrastructure to support regional fraud suggests that international regulatory approaches may soon reshape how technology companies operate globally. Malaysia and other regional economies increasingly targeted by scammers should monitor whether additional nations adopt regulatory frameworks similar to those in Europe and Australia, as such measures may eventually become prerequisites for technology companies operating internationally.
