US Tech Powers Scams: AP Investigation Findings

An extensive investigation by the Associated Press and PBS Frontline has uncovered a troubling reality: American technology companies and their infrastructure have become central enablers of a globalised fraud industry, with consequences rippling across Southeast Asia and beyond. Rather than focusing on visible platforms where victims encounter scams, the investigation traced the underlying technical scaffolding that fraudsters rely upon to operate at industrial scale. The findings paint a picture of a regulatory and accountability vacuum in which companies possess the technical means to restrict scammer access but face insufficient pressure—legal, financial, or otherwise—to do so.

The scope of the problem is staggering. The US Federal Trade Commission estimates that fraud cost Americans nearly US$200 billion (RM815.34 billion) in 2024 alone, yet much of the public and policy debate has centred on social media platforms rather than the foundational infrastructure that makes these schemes possible. Watchdogs and cybersecurity experts point out that satellite internet providers, artificial intelligence companies, and internet backbone operators all possess considerable technical capacity to disrupt these activities but lack meaningful incentives to invest in enforcement. As one analyst framed it, without tangible costs attached to facilitating scams, technology companies have little reason to spend money preventing them.

The investigation identified two custom software suites actively deployed at scam compounds across Southeast Asia. OpenAI's ChatGPT featured prominently in these tools alongside Google's Gemini and other AI models, enabling fraudsters to operate across multiple languages simultaneously, generate convincing automated responses, craft believable personas, and monitor staff productivity with machine-like efficiency. Analysis by security nonprofit C4ADS, commissioned for this investigation, revealed that scammers purchasing access to these platforms generated tens of millions of dollars in illicit proceeds, according to blockchain analysis by TRM Labs. Both OpenAI and Google responded to the findings by asserting they maintain robust programmes to combat scammer abuse, with OpenAI specifically stating that it had banned three accounts based on information shared by AP.

One of the most striking revelations concerns the role of US-registered internet infrastructure companies. According to AP's analysis of over 200,000 device connections originating from four scam compounds linked to sanctioned Myanmar entities—data provided by International Justice Mission, an anti-trafficking organisation—one in five signals originated through US-registered companies. Cogent Communications, Oracle, AT&T, and DigitalOcean featured prominently among American providers, while foreign companies including Finland-based UpCloud and Canada-based GlobalTeleHost also routed significant high-risk traffic through US-registered servers. These companies argue that privacy-by-design principles prevent them from monitoring content on their networks, a technical constraint that companies acknowledge limits their ability to identify and block fraudulent activity. All have stated they respond to legitimate abuse complaints and cooperate with law enforcement when approached.

Elon Musk's Starlink satellite internet service represents another critical node in this infrastructure. Despite Congressional attention and a widely publicised 2025 crackdown in which the company announced it had disconnected 2,500 kits near known scam compounds, Starlink remains Myanmar's dominant internet service provider for fraud operations. Satellite imagery and device data compiled by International Justice Mission reveal that scammers have continued operating through Starlink, including from at least 25 newly constructed sites that have emerged within Myanmar since the publicised disconnection campaign. Device data shows that at least 13 of these new locations have accessed Starlink services, though the sample analysed may not represent the full extent of Starlink usage at such sites. Starlink declined to engage with detailed questions but has previously stated its commitment to remaining a force for good and its willingness to cooperate with law enforcement, including participation in May operations with the Department of Justice's Scam Center Strike Force.

The regulatory landscape differs markedly between the United States and other developed economies. The United Kingdom, European Union, Australia, and Singapore have all enacted regulations requiring technology companies to implement stronger safeguards against fraud or face significant financial penalties. These jurisdictions have essentially created financial disincentives for companies that fail to invest in protective measures. In contrast, the American approach has relied predominantly on voluntary cooperation, with lawmakers and government officials requesting that technology companies restrict scammer access to US infrastructure without accompanying regulatory mandates or penalties. US Attorney Jeanine Pirro, who leads a newly established Scam Center Strike Force focused on building industry partnerships, has emphasised that when fraud is detected, industry must be prepared to respond swiftly—yet the mechanisms to compel such response remain largely absent.

Sascha Meinrath, the Palmer chair in telecommunications at Penn State University, articulated the fundamental economic problem underlying this situation: without meaningful costs attached to facilitating scams, companies lack financial incentive to invest in prevention, even when the underlying problems are identifiable and technically addressable. This dynamic creates a perverse situation in which the criminals exploit American infrastructure to commit crimes, yet the companies providing that infrastructure face no consequence for failing to restrict such usage. The investigation found no evidence that these companies were knowingly breaking laws, yet the patterns of abuse documented raise serious questions about how vigorously they enforce their own terms of service, which explicitly prohibit illegal activity.

For Malaysian and Southeast Asian readers, the implications are particularly acute. Myanmar's proximity to Malaysia and Singapore, combined with the region's digital interconnectedness, means that fraud networks operating from Myanmar compounds directly threaten citizens throughout the region. The investigation demonstrates that scams targeting Southeast Asians frequently originate from sophisticated operations that leverage American technology and infrastructure, yet the regulatory frameworks that might constrain such activity remain underdeveloped in the United States. Meanwhile, countries like Singapore that have adopted stricter regulatory approaches may gain competitive advantage in terms of reduced fraud exposure for their residents and businesses, creating pressure for other regional governments to follow suit.

The investigation also highlights a gap between technical capability and business incentive. Major technology companies could implement stronger verification protocols, network segmentation, or traffic analysis to identify patterns consistent with fraud operations. Some have invested in such measures—particularly in response to regulatory pressure in Europe and Asia Pacific. Yet in the absence of similar pressure in the United States, investment in such measures has lagged. The AP investigation suggests that the status quo reflects not a technical impossibility but rather a rational business calculation in which the cost of compliance exceeds the perceived risk of enforcement.

Moving forward, the investigation raises fundamental questions about how American technology policy should evolve. Current approaches emphasise voluntary partnership and information sharing with law enforcement, which have yielded some results, including the May 2025 crackdown involving multiple companies and federal agencies. However, voluntary frameworks depend on each company's risk assessment and willingness to invest resources. If other jurisdictions continue tightening regulations while the United States relies on voluntary compliance, American companies could face a patchwork of requirements, with stricter standards applied to their operations in Europe, Asia Pacific, and other regulated regions while facing minimal expectations at home.

The broader challenge extends beyond any single technology or company. The investigation reveals a systemic issue in which the infrastructure enabling fraud—from satellite internet to AI tools to backbone routing—has become deeply embedded in commercial technology services. Disentangling legitimate uses from illicit ones requires sustained technical effort and investment. The companies involved have access to data and technical capabilities that could significantly reduce fraud, yet face weak incentives to deploy those capabilities at scale. Until American regulatory frameworks impose meaningful costs on companies that fail to prevent scammer abuse of their infrastructure, the current trajectory suggests that technology will continue empowering fraud operations at an industrial scale, with consequences felt most acutely in Southeast Asia and other regions where such operations concentrate.

Related Stories

BREAKING: Johor Assemblyman Quits UMNO, Drops Bombshell — Claims Royal Palace Ordered State Election

T-Minus 20 Days: PH Officially Announces Johor PRN Ke-16 Candidates Tonight at Bukit Gambir

On Time for Johor: PH's PRN Ke-16 Candidates Announced Under PM Anwar