How American Tech Powers a Global Scam Industry: What the AP Investigation Reveals

American technology infrastructure and services have become essential tools enabling the industrialisation and worldwide expansion of scam operations, according to a comprehensive investigation by the Associated Press and Frontline. The probe uncovers how companies ranging from satellite internet providers to artificial intelligence developers are playing pivotal roles in facilitating fraud on an unprecedented scale, often without adequate safeguards despite having the technical capacity to prevent abuse.

The investigation reveals that public attention has largely focused on visible culprits such as social media platforms, where victims first encounter scammers. However, the underlying architecture enabling these crimes operates far upstream in the digital supply chain, where infrastructure companies, AI providers, and internet services firms operate with minimal oversight. This upstream layer—including satellite internet, internet backbone providers, and AI language models—represents the true backbone of modern scamming operations, yet receives far less regulatory scrutiny than consumer-facing platforms.

Regulatory bodies and cybersecurity experts argue that satellite internet companies, artificial intelligence firms, and internet infrastructure providers possess the technical tools necessary to substantially reduce scam activity. Yet without legal mandates or financial penalties, these organisations lack sufficient incentive to invest in abuse prevention. The Federal Trade Commission estimates that fraud cost Americans nearly US$200 billion (RM815.34 billion) in 2024 alone, representing a staggering toll that continues climbing as scam networks become more sophisticated and geographically dispersed.

The AP investigation identified two sophisticated software suites operating from compounds throughout Southeast Asia, with OpenAI's ChatGPT serving as the primary artificial intelligence tool, supplemented by Google's Gemini and other AI models. These platforms enable scammers to operate across multiple languages simultaneously, generate convincing automated responses, develop believable personas, and monitor team productivity—capabilities that transform fraud from artisanal crime into industrialised operations. Blockchain analysis reveals that scammers purchasing access to these tools have collectively stolen tens of millions of dollars, demonstrating the substantial revenue these criminal networks generate.

American infrastructure companies carry a disproportionate share of illegal scam traffic originating from Southeast Asian compounds. Analysis of over 200,000 device connections from four scam compounds linked to sanctioned Myanmar entities shows that one in five signals originated through United States-registered companies. This dominance is striking: no other non-regional nation comes remotely close to matching America's share. Major corporations including Cogent Communications, Oracle, AT&T, and DigitalOcean all hosted significant volumes of high-risk traffic from scam centres, while foreign companies such as Finland's UpCloud and Canada's GlobalTeleHost routed their Myanmar-bound services through American servers.

These companies defend their involvement by citing privacy-by-design architectures that prevent them from monitoring content flowing across their networks. While this stance protects user privacy in legitimate contexts, it also creates convenient opacity regarding illegal activity. All targeted companies claim they respond promptly to abuse reports and cooperate fully with law enforcement investigations. Oracle stated it was diligently collaborating with law enforcement on materials provided by the AP, while UpCloud indicated the investigation prompted internal reviews of its risk assessment procedures. The companies' position essentially places responsibility for detecting abuse squarely on law enforcement rather than on the service providers themselves.

Starlink, Elon Musk's satellite internet venture, remains Myanmar's dominant internet service provider even to scam compounds, notwithstanding Congressional pressure and a much-publicised December 2025 crackdown during which the company claimed to have disconnected 2,500 kits near scam facilities. Device data and satellite imagery analysed by the International Justice Mission reveal that scammers continue accessing Starlink services, including from at least 25 newly constructed compounds established after the company's publicised enforcement action. Device data shows at least thirteen of these new sites have connected via Starlink, though this sample may not capture all activity. Despite detailed questions from the AP, Starlink declined substantive comment, instead pointing to public statements about cooperation with law enforcement and commitment to remaining a force for positive change.

Tech companies possess vast databases and monitoring capabilities that could substantially reduce illicit activity, but deploying these tools requires significant financial and technological investment that few companies willingly undertake voluntarily. Sascha Meinrath, Palmer chair in telecommunications at Penn State University, articulates the fundamental problem: without legal consequences or financial disincentives, technology companies have no motivation to spend resources preventing scamming when facilitating it costs them nothing. The situation presents a paradox—the infrastructure abuse is technically identifiable and largely addressable through existing tools—yet remains unprofitable to address absent regulatory pressure or legal liability.

Regulations mandating stronger anti-scam measures are advancing internationally, reflecting growing frustration with voluntary industry compliance. The United Kingdom, European Union, Australia, and Singapore have all implemented legislation requiring companies to implement stronger scam prevention measures or face substantial financial penalties. These jurisdictions recognise that industry self-regulation has failed to meaningfully constrain fraud. Conversely, American policymakers and law enforcement officials continue requesting voluntary cooperation from technology companies, relying on partnership-based approaches rather than enforceable requirements.

For Malaysia and Southeast Asia more broadly, the implications are substantial. The region has become a primary hub for industrial-scale scamming operations that exploit American technology to defraud victims globally. Malaysian citizens and businesses face exposure to these scams while simultaneously witnessing how American infrastructure enables regional criminal enterprises. The investigation suggests that stronger regional regulatory frameworks—potentially modelled on European and Australian approaches—might prove necessary to protect Southeast Asian consumers and businesses from scam operations headquartered in the region but powered by external technology providers.

The investigation demonstrates a critical asymmetry in the global fraud ecosystem. Sophisticated criminal networks operating from Myanmar and elsewhere have successfully weaponised American technology infrastructure, while the American companies providing that infrastructure face minimal legal or financial consequences. As long as facilitating scamming remains cost-free and consequence-free for technology providers, criminal networks will continue exploiting these tools with impunity. The coming months will reveal whether American regulators and lawmakers move toward mandatory compliance measures similar to those implemented internationally, or whether voluntary cooperation remains the default approach.