American technology companies are unwittingly—or perhaps with insufficient vigilance—providing the digital infrastructure that has transformed scamming into a sophisticated, industrialised global operation. An investigation by the Associated Press and Frontline has documented how firms based in the United States are crucial to enabling fraud networks, particularly concentrated in Southeast Asia, in ways that have largely escaped public attention. The findings underscore a troubling gap between technical capability and corporate action: many of these companies possess the means to disrupt fraudsters but lack the regulatory pressure or financial incentive to do so.

While most public discussion focuses on the consumer-facing platforms where victims encounter scams—social media feeds, email inboxes, messaging apps—the investigation reveals that the real machinery of fraud operates far deeper in the digital ecosystem. The infrastructure layer, which includes internet backbone providers, satellite internet services, data centres, and artificial intelligence platforms, has become the foundation upon which modern scamming operations are built. This upstream abuse has remained largely invisible to regulators and the public, even as it fuels what the Federal Trade Commission estimates as nearly US$200 billion (RM815.34 billion) in losses to Americans in 2024 alone.

The investigation identified two software suites actively used by scammers operating from compounds across Southeast Asia, with OpenAI's ChatGPT playing the central role, supplemented by Google's Gemini and other AI models. These tools, which have legitimate applications in countless industries, become instruments of fraud when deployed at scale. They enable scammers to operate across multiple languages simultaneously, generate convincing automated responses that mimic human interaction, develop believable personas, and track the productivity of their workforce. Blockchain analysis conducted by TRM Labs found that operators purchasing these sophisticated toolsets were processing tens of millions of dollars in illicit transfers.

The involvement of major American technology companies in facilitating this infrastructure is striking. An AP analysis of over 200,000 device connections from scam compounds linked to sanctioned Myanmar entities found that one in five signals originated from US-registered companies. Cogent Communications, Oracle, AT&T, and DigitalOcean all featured prominently, with no other non-regional nation approaching their level of involvement. Even international firms—such as Finland's UpCloud and Canada's GlobalTeleHost—were found routing high-risk traffic through servers located within the United States, effectively integrating American infrastructure into the scam supply chain.

These companies present a consistent defence: they cannot see the content travelling across their networks and therefore cannot monitor what users do with their services. This "privacy by design" architecture, while protecting legitimate users' rights, simultaneously creates blind spots that scammers exploit. When contacted by the AP, these firms emphasised their cooperation with law enforcement and their responsiveness to abuse reports. Oracle stated it was working diligently with authorities on the material shared, while UpCloud indicated the inquiry had prompted an internal review of its risk assessment procedures. Yet critics question whether such voluntary responses represent sufficient effort.

Elon Musk's Starlink satellite internet service presents a particularly complex case study in the tension between innovation and accountability. Despite Congressional attention and a high-profile 2025 enforcement action in which the company claimed to have disconnected 2,500 kits near scam compounds, satellite imagery and device data reveal that Starlink remains the dominant internet provider for fraud operations in Myanmar. More concerning, at least 25 new scam sites have been constructed since that crackdown, with at least 13 demonstrably using Starlink connectivity. The company declined to answer detailed questions but publicly reaffirmed its commitment to serving as "a force for good" and highlighted cooperation with recent Department of Justice enforcement initiatives.

The regulatory disparity between jurisdictions reveals how fragmented the response to tech-enabled fraud has become. The United Kingdom, European Union, Australia, and Singapore have all introduced legislation requiring technology companies to take concrete steps against scams or face financial penalties. This creates real consequences for non-compliance. In contrast, American policymakers have largely relied on voluntary cooperation from industry, asking companies to self-police while declining to impose mandatory requirements or financial sanctions. Lawmakers and federal officials, including US Attorney Jeanine Pirro, who leads the Department of Justice's new Scam Center Strike Force, have publicly advocated for industry partnership but without backing these appeals with legislative teeth.

The economic logic underlying corporate inaction is brutal in its clarity. As Sascha Meinrath, the Palmer Chair in Telecommunications at Penn State University, explained to the AP, technology companies face a cost-benefit calculation that currently favours inertia. "If there's no disincentive to continuing this, if there's no cost to actually facilitating scamming, then why would I spend a dollar to prevent scamming?" Meinrath observed. "This is the problem. It's identifiable, it's addressable – at least somewhat – but it costs something. And right now the cost of facilitating scamming is zero." Absent either regulatory mandates or reputational consequences, profit-maximising firms have little motivation to invest in expensive monitoring and disruption capabilities.

The investigation examined whether any of the companies identified were technically breaking laws, and found no evidence of illegal conduct on their part. However, the patterns of abuse identified raise pointed questions about how rigorously these firms enforce their own terms of service, which universally prohibit illegal activity. When OpenAI was presented with specific information about accounts using ChatGPT to support scams, the company moved relatively quickly to ban three accounts. This responsiveness suggests that action is possible when companies are directly confronted with evidence, yet it also implies that proactive detection and prevention are not occurring at the scale necessary to disrupt the broader ecosystem.

For Malaysian and Southeast Asian readers, this investigation carries particular significance. The concentration of scam compounds in Myanmar reflects the region's vulnerabilities to becoming a hub for organised cybercrime. Malaysia, as a developed economy with sophisticated financial infrastructure and a digitally connected population, represents an attractive target for fraud networks powered by these global tech supply chains. The ease with which American technology facilitates cross-border fraud operations means that Malaysian consumers and businesses are at risk not merely from local actors but from internationally organised syndicates leveraging US infrastructure. Policy responses in Malaysia should consider whether voluntary industry cooperation, as pursued in the United States, provides adequate protection or whether legislation modelled on European and Australian approaches might be necessary.

The investigation ultimately exposes a critical gap in the global governance of technology. American companies dominate the digital infrastructure layer—satellite internet, cloud computing, AI platforms, backbone connectivity—yet the United States has been slower than other major democracies to impose legal obligations ensuring that this dominance serves public safety. Scammers have industrialised fraud by leveraging the openness and efficiency of American networks; the challenge facing policymakers is whether they can impose accountability without sacrificing the innovation and freedom that made these networks valuable in the first place. Until the cost of facilitating scams rises meaningfully for technology companies, the investigation suggests, the infrastructure fuelling this "revolution" in organised fraud will continue operating with minimal friction.