Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray. This week's edition is sponsored by Prowler.

You can hear a podcast discussion of this newsletter by searching for "Risky Business News" in your podcatcher or subscribing via this RSS feed.

Listen here

Cambodian scam compound, Amnesty International

China's recent crack down on Southeast Asian scam compounds is clearly good news. But its efforts to tackle the scourge are domestically driven and may even cause scammers to shift their focus to Americans. 

Last week authorities announced that an alleged scam kingpin, Chen Zhi, had been arrested by Cambodian authorities and extradited to China. Chen is the founder of the Prince Group, which is ostensibly a Cambodian corporate conglomerate, but which US authorities allege was a transnational criminal organisation that operated forced-labour scam compounds engaging in various fraud schemes. 

US authorities had taken action against Chen Zhi. Back in October of last year, he was sanctioned and indicted and had a whopping USD$15 billion worth of cryptocurrency seized by the US. But China had the regional clout to actually get him in handcuffs. 

Unfortunately, experts say China's efforts against scam centres are reactive. They're driven by domestic outrage, rather than a desire to strategically improve global or even regional security. 

The country's efforts against scam compounds really kicked off in 2023. In October of that year, a number of Chinese citizens were killed while attempting to escape a scam centre in Kokang, a Myanmar province bordering China. Reports of the deaths circulated on Chinese social media, including a rumor that four of the victims were undercover police officers.  

Until the scam centre killings, China's default policy was to suppress conflict near its border. After the deaths, however, an offensive against Myanmar's military junta appears to have been tacitly approved by Beijing. 

Within weeks, a coalition of armed ethnic groups known as the Three Brotherhood Alliance launched a military offensive in Kokang, with one of its stated goals being to eliminate scam compounds. Beijing subsequently brokered a ceasefire deal, with one of the conditions for the junta being a crackdown on scam centres.

From a counter-scam centre perspective, the Three Brotherhood offensive reaped immediate benefits, with a number of crime family arrests in the following months.

The scam compounds didn't go away, though. In January of last year, Chinese actor Wang Xing was lured to a scam compound with the offer of a fake acting job. He was rescued within days after his girlfriend's pleas for help went viral on Chinese social media. 

The Chinese government has redoubled efforts to crack down on scam compounds and harsh sentences are being handed down in Chinese courts. In September last year 39 members of the Ming crime family were sentenced, including 11 to death and 11 to life sentences. The family operated one of the largest scam compounds in Kokang. Members of three other crime families have also been charged, with another five individuals sentenced to death in November. 

Between them, the four crime families are said to have operated over 100 scam compounds. 

This all sounds great! It's hard to feel sorry for compound kingpins given the horrific human misery they cause. 

With scam compounds, though, there is a dark cloud attached to every silver lining. Unfortunately, the Chinese government isn't motivated to tackle all scam compounds, just the specific ones that generate bad press because they target Chinese citizens. 

That is good for China, but maybe not for anyone else. 

In Congressional testimony in March of last year, Jason Tower, the Myanmar country director for the then US Institute of Peace, said that Chinese crackdowns were narrowly effective in that they had "increased the cost of scamming in China dramatically". On the flip side, that meant "scam syndicates are increasingly pivoting to target the rest of the world, and especially Americans". 

He also noted that the Chinese government wasn't all that interested in cracking down on groups which were laundering money back into China or had deep connections with Chinese political elites. 

It's pretty clear that the US just doesn't have the regional might to tackle Southeast Asian scam centres alone. It could really benefit from having a regional partner with boots on the ground. We doubt that China will play ball, but the Philippines and Thailand come to mind as potentially willing partners. We aren't holding our breath though.  

Maduro Raid Cements Disruptive Cyber Role

The spectacular US raid to capture Venezuelan President Nicolás Maduro signals that disruptive cyber operations are now a regular part of military operations.

In a press conference following the operation President Donald Trump hinted that a cyber operation was used to cut power in Caracas: "The lights of Caracas were largely turned off due to a certain expertise that we have, it was dark, and it was deadly". 

At the same press conference, chair of the Joint Chiefs of Staff General Dan Caine acknowledged that US Cyber Command was one of the organisations involved in "layering different effects" that allowed US forces to fly into the country.  

The New York Times was more explicit, reporting that the "effort began with a cyberoperation that cut power to large swaths of Caracas, shrouding the city in darkness to allow the planes, drones and helicopters to approach undetected". 

Despite our natural inclination to be cautious about everything we read, we think it is very likely what happened. Venezuelan authorities confirmed an outage, cyber attacks on electricity grids are not new and the Trump administration had both the time and intent to develop and refine the capability. And this operation was particularly well suited for a disruptive cyber attack. 

One criticism of disruptive cyber operations, at least when it comes to contributing to conventional warfare, is that they require relatively long lead times to develop and test techniques to ensure they have the desired effect. In this case, US cyber organisations have been looking for weaknesses in Venezuelan networks since at least President Trump's first term. Back then, the US launched disruptive attacks against Venezuela's military payroll systems and the computer networks of Maduro's intelligence service. Agencies were searching for ways to undermine the Maduro regime, so you can be sure that critical infrastructure networks were examined.

In addition to that earlier reconnaissance, months of planning went into the Maduro raid itself. 

The operation was also likely to benefit from, rather than be hindered by, another accepted weakness of cyber operations: their tendency to have short-term effects. Even if computers are completely wiped, replacing them is usually much faster than rebuilding after physical infrastructure has been bombed. In the case of the Maduro raid, a cyber disruption is actually better than the conventional military equivalent because it is less likely to cause long-term damage. The plan was to extract Maduro and leave Venezuela intact for a suitably cowed replacement who would be more receptive to US interests. Destroying energy infrastructure would make managing the country more difficult for that new leadership. 

Given the importance of the raid, we're sure there was a plan B if cyber-enabled disruption wasn't effective. The US already has special purpose munitions that are designed to disrupt the electric grid by dropping conductive fibres across infrastructure to create short circuits. The effects of these 'graphite bombs' are theoretically reversible if the affected sites are carefully cleaned, but when they were used in Iraq in 2003 a number of transformers caught fire and were destroyed. 

So even though the Maduro raid was particularly well-suited for disruptive cyber operations, they merely replaced a conventional capability with something more ephemeral. And cooler, if you are a cyber person. 

But not exactly awe-inspiring. 

The real significance here is political. The Trump administration has signaled it wants an increased role for offensive cyber operations. Cyber agencies were involved in a stunning US military operation and were not found wanting: the President was pleased. It marks the arrival of disruptive cyber operations as a regular part of future military planning. 

Watch Amberleigh Jack and Tom Uren discuss this edition of the newsletter:

Risky Business Podcasts

In this special documentary episode, Patrick Gray and Amberleigh Jack take a historical dive into hacking in the 1980s. Through the words of those that were there, they discuss life on the ARPANET, the 414s hacking group, the Morris Worm, the vibe inside the NSA and a parallel hunt for German hackers happening at a similar time to Cliff Stoll’s famous Cuckoo’s Egg story.