Beijing is going after scam mills that operate out of secretive, dystopian compounds and swindle people worldwide
4 min
It’s called “pig butchering.”
Armies of scammers operating from lawless corners of Southeast Asia—often controlled by Chinese crime bosses—connect with people all over the world through online messages. They foster elaborate, sometimes romantic, relationships, and then coax their targets into making bogus investments. Over time, they make it appear that the investments are growing to get victims to send more money. Then, they disappear.
In recent months, China has unleashed its most aggressive effort to crack down on the proliferation of the scam mills, reaching beyond its territory and netting thousands of people in mass arrests. Its main target is a notorious stretch of its border with Myanmar controlled by narcotics traffickers and warlords.
For decades, frontier fiefdoms such as those in Myanmar have been havens for gambling and trafficking of everything from drugs to wildlife to people. Now, they are dens for pig-butchering operations.
The scammers operate out of secretive, dystopian compounds, many of which are run by Chinese fugitives who fled their country to places where it was easier to flout the law. They cheat Chinese citizens out of billions of dollars each year, as well as victims across the globe. The U.S. Treasury Department in September warned Americans about the scams.
In addition to remote hillside towns in Myanmar, these heavily guarded enclaves are also found in gambling hubs such as Cambodia’s Sihanoukville and Poipet. Cambodian authorities have carried out sporadic raids with China’s help, but the problem has persisted.
For Beijing, it is a significant source of embarrassment that Chinese criminals are at the centre of scams ensnaring people the world over, said Jason Tower, Myanmar country director for the United States Institute of Peace, an independent research organisation founded by the U.S. Congress that specialises in conflict mitigation.
China is “quite sensitive to the narratives that could potentially emerge,” he said. “These are largely Chinese crime groups which China, for years, did very little to check.”
The operations flourished during the Covid-19 pandemic when border trade stopped and internet use surged. They have also fuelled a human-trafficking crisis.
Many of the scammers entrapping people are themselves victims of human trafficking, lured abroad by fake job ads and held captive by withholding pay and passports. The United Nations human-rights office says more than 120,000 people may be forced to work as scammers in Myanmar, with another 100,000 in Cambodia.
One Malaysian trafficking victim told The Wall Street Journal that he was trained to spend weeks or months “fattening” his victims by gaining their trust before “butchering” them. His story was similar to those told by others lured into working in the scam mills. After responding to an ad on a job-recruitment website, he said he accepted an offer for a customer-service role in Cambodia. Once there, he was driven to a prison-like complex in Sihanoukville and forced to work as a scammer under threats of violence.
He said he had a handler who trained him, supplying him with a smartphone preloaded with fake social-media accounts, a “victim list” containing contact information of potential targets and various scripts designed to break the ice and build their trust. After several weeks, he said he convinced a driver who brought people and supplies to the compound to help him escape.
Regional migration researchers have documented trafficking from dozens of countries. Many victims come from Southeast Asia but some from as far as Brazil and Kenya.
“China is starting to signal that enough is enough,” said Inshik Sim, a Bangkok-based lead analyst for the U.N. Office on Drugs and Crime’s regional operations.
In August, China launched a “special joint operation” with three nearby countries and increased pressure on armed groups that oversee remote parts of Myanmar, convincing them to hunt down, round up and repatriate almost 5,000 Chinese nationals suspected of illicit activity.
Chinese authorities have zeroed in on several border areas that are part of Myanmar but are fully controlled by armed groups. These places have often drawn large investments from Chinese nationals—both legal and illicit. Many Chinese people, including notorious fugitives, live in these enclaves, where the Mandarin language and Chinese currency are commonplace.
The Wa Self-Administered Division, located along China’s southwestern border, is of particular interest to China, in part because Beijing has so much leverage over it. The area is home to the ethnic minority Wa people, who claim the territory as their ancestral home. China has been the group’s main benefactor for decades; historians say they helped the Chinese Communist Party flush out enemies who fled across the border in the 1950s and ’60s. The area later became a major economic gateway to resource-rich Myanmar.
Independent researchers say its de facto leadership, the United Wa State Army, commands a force of more than 20,000 people armed with modern Chinese equipment such as portable surface-to-air missiles and armored vehicles.
The area has been a major source of opium for almost two centuries, and in recent decades has become a leading producer of synthetic drugs such as methamphetamine. The U.S. Treasury blacklisted the UWSA in 2003 under the Kingpin Act, and has sanctioned dozens of people and businesses linked to the group, calling it “the largest and most powerful drug trafficking organisation in Southeast Asia.”
The UWSA and other criminal networks have increasingly turned to scamming in addition to the drug trade.
According to a 2022 report in Chinese state media, authorities blocked 2.1 million fraudulent websites and some $51.6 billion in suspicious transactions over the previous year. Beijing has warned citizens to look out for dubious rebate offers, investment schemes and unsolicited contact from anyone claiming to represent a company or law enforcement.
The first sign of a serious cleanup came in early September, when China worked with the UWSA to orchestrate two days of raids that ended with more than 1,000 suspects being marched across the border into Chinese custody. Then China upped the ante, taking aim at the group’s leadership.
On Oct. 12, China’s Ministry of Public Security said arrest warrants had been issued for two senior Wa officials accused of leading scam networks: the state’s construction minister Chen Yanban and a mayor named Xiao Yankui. Four days later, the UWSA said both had been stripped of their roles. Their whereabouts is unknown.
The same day, Chinese authorities said they had transferred 2,349 “telecommunication fraud” suspects from Myanmar two days prior—the single largest such handover. China says 4,666 suspects have been repatriated from Myanmar since the crackdown began earlier this year.
“This is by any measure a major operation, which speaks to the impact on China and Chinese citizens, and the seriousness with which Beijing is approaching this,” said Richard Horsey, senior adviser on Myanmar for the International Crisis Group, a Brussels-based think tank specialis ing in conflict prevention.
While China may be turning up the heat on cybercriminals along its border, experts say scamming is so lucrative that the ringleaders are likely to simply look for more fertile ground—areas in weak states where law enforcement is lax.
“These groups are not going to go away easily,” said Tower, of the U.S. Institute of Peace. “They’re sitting on a massive source of capital and there are many fragile places in the world that they’ll be able to exploit.”
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
What a quarter-million dollars gets you in the western capital.
Alexandre de Betak and his wife are focusing on their most personal project yet.
CIOs can take steps now to reduce risks associated with today’s IT landscape
3 min
As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.
IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.
“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.
That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.
“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.
While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.
“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.
Automation, and maybe even artificial intelligence-based IT tools, can help.
“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”
An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.
One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.
Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.
Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.
For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.
“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.
If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.
The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.
This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.
The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.
CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.
Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”
