
American technology and corporations are fueling a global cyberscam industry, playing central roles in the industrialization of fraud that cost Americans nearly $200 billion in 2024. An AP/"FRONTLINE" investigation reveals that while public attention focuses on social media platforms, the infrastructure exploited for these scams begins much farther upstream, deeply embedded in the digital supply chain. Watchdogs contend that satellite internet, AI, and internet infrastructure companies possess the technical capacity to better protect consumers. However, they lack the legal, regulatory, and business incentives to curb a crime of this magnitude.
Capital's Complicity
The investigation found no evidence of illegal activity by these companies. Yet, the patterns of abuse identified raise serious questions about the vigor with which they enforce their own terms of service, which explicitly prohibit illegal activity. American AI, specifically OpenAI’s ChatGPT and Google’s Gemini, is being deployed at an industrial scale by scammers in Southeast Asia. These software suites, which also incorporate other AI models, enable fraudsters to operate across dozens of languages, generate automated replies, develop credible characters, and even track employee performance within scam compounds. Scammers who acquired these tools extracted tens of millions of dollars, according to blockchain analysis by TRM Labs.
U.S. internet service providers bear an outsized responsibility for carrying scam center traffic. An AP analysis of over 200,000 device connections, provided by anti-trafficking non-profit International Justice Mission, showed that one in five signals from devices at four scam compounds linked to sanctioned entities in Myanmar was carried by a U.S.-registered company. No other non-regional country approached this figure. Among the implicated U.S. firms are Cogent Communications, Oracle, AT&T, and DigitalOcean. Foreign companies like Finland's UpCloud and Canada's GlobalTeleHost also hosted high-risk traffic from scam centers on their U.S.-based servers.
These corporations uniformly claim they cannot monitor the content their networks transmit or the activities of end users, citing "privacy by design" as a constraint. They assert responsiveness to valid abuse reports and cooperation with law enforcement. Oracle stated it was “diligently working with law enforcement” on information shared by AP. UpCloud indicated that AP's query prompted an internal review and refinement of its risk assessment processes.
Elon Musk’s Starlink remains the dominant internet service provider in Myanmar, serving scam centers despite Congressional scrutiny and a publicized crackdown last fall. The company claimed it cut off 2,500 kits near scam compounds then. However, satellite imagery and device data from International Justice Mission show scammers continue to use Starlink, including from a proliferation of at least 25 new sites constructed in Myanmar since the crackdown, with at least 13 using Starlink to get online. Starlink declined detailed questions, publicly stating cooperation with law enforcement, including a May crackdown with the Department of Justice’s Scam Center Strike Force.
The State's Inaction
In the United States, the cost for tech companies to facilitate scamming remains effectively zero. Cybersecurity analysts point out that tech companies possess vast data troves capable of minimizing illicit activity. However, leveraging this data demands significant investment. Sascha Meinrath, the Palmer chair in telecommunications at Penn State University, articulated the core problem: “If there’s no disincentive to continuing this, if there’s no cost to actually facilitating scamming, then why would I spend a dollar to prevent scamming? This is the problem. It’s identifiable, it’s addressable — at least somewhat — but it costs something. And right now the cost of facilitating scamming is zero.”
While the United Kingdom, the European Union, Australia, and Singapore have implemented regulations requiring companies to act against scams or face financial penalties, Washington's approach is different. Lawmakers and government officials in the U.S. have merely asked American tech companies to cooperate voluntarily to sever scammers' access to U.S. infrastructure. U.S. Attorney Jeanine Pirro, who leads the new Scam Center Strike Force, emphasized at a recent conference that “the criminals use our own infrastructure to commit the crime.” She added, “When fraud is detected, industry must be ready, willing and able to stop it.” This voluntary framework ensures capital's profits are prioritized over public protection.
Profits Over People
OpenAI and Google claim robust programs to disrupt abuse, with OpenAI banning three accounts based on AP's information. Yet, the scale of the problem, with tens of millions of dollars extracted by AI-powered scams and hundreds of billions lost by consumers, dwarfs these limited corporate responses. The structural reality is that without mandatory regulation and financial penalties, the incentive for these corporations remains to maximize profit by minimizing investment in consumer protection, even as their infrastructure enables massive wealth extraction from the working class.