Chuyên mục: Cyberattack

Vì sao băng nhóm tội phạm Crypto ở Đông Nam Á nở rộ –  Why scam gangs in Southeast Asia are a growing global threat

~ Đào Thu Hằng ~ Bình luận về bài viết này

Griffith.edu.au May 19, 2025 By Dr Hai Thanh Luong

From fake job offers to cryptocurrency fraud and online romance scams, Southeast Asia has become a global hub for transnational scam operations. 

These aren’t isolated crimes, they are organised, cross-border and industrial-scale criminal enterprises that exploit vulnerable people and expose the limits of international law enforcement.

New research shows this surge in scams represents more than just a regional issue. It’s a transnational emergency, and it demands an urgent, coordinated response.

Why Southeast Asia?

Several factors have turned Southeast Asia into a hotbed for scam syndicates. 

The collapse of rule of law in parts of Myanmar has created ungoverned spaces where criminal operations flourish. 

Meanwhile, countries like Cambodia, Laos and the Philippines offer a fertile environment for transnational crime due to weak governance, corruption, and limited oversight.

These scam centres don’t just target foreign victims. They also lure and trap workers—many of them young people from poorer nations—under the false promise of legitimate employment. Once inside, many are subjected to forced labour, abuse and trafficking.

This has become a humanitarian crisis as scam compounds across Southeast Asia have held thousands of people against their will, forcing them to commit fraud under threat of violence.

The rise of digital technologies has only made these operations harder to trace and easier to scale. From encrypted messaging to unregulated cryptocurrency, scam networks have globalised rapidly, while enforcement efforts remain stuck behind borders.

Why national responses aren’t working

One of the key challenges in confronting this crisis is the fragmented nature of law enforcement. 

Scams that begin in one country can target victims in another, while using platforms, payment systems, and communication tools hosted across multiple jurisdictions.

But many national police forces are not equipped to act beyond their borders. And transnational criminal syndicates have exploited the lack of international coordination to operate with relative impunity.

Even where political will exists, legal mismatches and diplomatic bottlenecks prevent timely investigations, arrests or prosecutions. 

Countries tend to focus inward, launching isolated crackdowns that fail to dismantle the broader networks.

This mismatch between the global nature of the threat and the localised nature of responses is precisely what allows these scams to thrive.

What needs to happen

To seriously confront this growing criminal economy, regional governments must prioritise coordinated responses, cross-border investigations, and robust intelligence sharing.

This includes:

  • Building shared databases and real-time intelligence channels to track trends, suspects and operations;
  • Developing harmonised legal tools to enable prosecutions and asset recovery across jurisdictions;
  • Working with tech and financial platforms to shut down scam infrastructure;
  • Protecting and rehabilitating victims, particularly those trafficked into scam compounds.

ASEAN, Interpol, and UNODC all have a role to play. But meaningful cooperation remains patchy, slow and overly politicised. Tackling scams as a global crisis, not just a regional one, will require serious investment and political leadership.

A crisis we can’t ignore

Scams are often dismissed as digital annoyances or consumer issues. 

The response to this crisis cannot be local, slow or siloed. The fight against transnational scams cannot be won in isolation. 

Only by working together can states dismantle the criminal networks exploiting the region’s vulnerabilities.

But what we are seeing in Southeast Asia is a complex ecosystem of transnational organised crime, often underpinned by exploitation and violence.

Billions of dollars are being stolen. Thousands of people are being trafficked and abused. And public trust in digital systems is eroding as scams become more sophisticated.

“Một loại ung thư” – UN cảnh báo tập đoàn tội phạm mạng Châu Á mở rộng khắp thế giới – ‘A cancer’: UN warns Asia-based cybercrime syndicates expanding worldwide

Al Jazeera

Agency says gangs caused $37bn in losses in Asia as they gain new footholds in Africa, South America, and Middle East.

Tiếp tục đọc “Vì sao băng nhóm tội phạm Crypto ở Đông Nam Á nở rộ –  Why scam gangs in Southeast Asia are a growing global threat”

Crypto Crime – Tội phạm crypto, tài sản mã hoá, tiền ảo

~ Đào Thu Hằng ~ Bình luận về bài viết này

Thị Trường Crypto Đen toàn cầu – Global Crypto Black Market – National Geographic

Đế chế tội phạm mạng tỉ đô được xây ở Cambodia như thế nào?- How a Billion Dollar Cambodian Cybercrime Empire Was Built  – Bloomberg 

Vì sao băng nhóm tội phạm Crypto ở Đông Nam Á nở rộ –  Why scam gangs in Southeast Asia are a growing global threat

Griffith.edu.au May 19, 2025 By Dr Hai Thanh Luong

From fake job offers to cryptocurrency fraud and online romance scams, Southeast Asia has become a global hub for transnational scam operations. 

Tiếp tục đọc “Crypto Crime – Tội phạm crypto, tài sản mã hoá, tiền ảo”

Is Cambodia serious about ending organized cyberscams?

~ Đào Thu Hằng ~ Bình luận về bài viết này

DW.com

Cambodia’s central bank has reportedly revoked the banking license of a conglomerate accused of illicit online activities. But doubts abound about Phnom Penh’s commitment to taking action against cyberfraud networks.

A symbolic image of cybercrime, a person typing on a keyboard
Southeast Asia’s vast cyber scam industry exploded during the COVID-19 pandemic when many of the region’s illegal casino operators turned to online fraudImage: allOver-MEV/IMAGO

The banking arm of a Cambodia-based conglomerate accused of running the world’s “largest ever illicit online marketplace” has had its banking license revoked by the Cambodia’s central bank, Radio Free Asia reported last week.  

Huione Guarantee, the Telegram marketplace of Huione Group, has reportedly processed up to €22 billion ($24 billion) in illicit transactions since 2021, making it by far the world’s largest illegal online marketplace, cryptocurrency compliance firm Elliptic reported last year.

Huione Pay, the group’s banking arm, had its license withdrawn because of noncompliance with “existing regulations and recommendations that may have been made by the regulators,” a National Bank of Cambodia spokesperson told Radio Free Asia, a US Congress-funded media outlet.

Hub for cyberscams

Tiếp tục đọc “Is Cambodia serious about ending organized cyberscams?”

“More than 0s and 1s”: Cambodia battles cybercrime

~ Đào Thu Hằng ~ Bình luận về bài viết này

UNODC.org

Through training held in Phnom Penh, UNODC is helping to build a more robust response to cybercrime in Cambodia.

Photo: UNODC / Laura Gil

Through training held in Phnom Penh, UNODC is helping to build a more robust response to cybercrime in Cambodia.

All the screens in the room, including the one projected on the wall, have turned black, and a series of green letters have started to rain down. “Your wallet has been stolen,” one of the trainers says. All participants —some in uniform, others in suits— start scrolling down, looking for the fictitious cybercriminal.

The mix of Cambodian cybercops, law enforcement officials and judges in the room each have a laptop, and each have a task at hand: to seize the cryptocurrencies before it’s too late. If they collect and manage the digital evidence, they have succeeded, because that evidence can be later presented to the court. On their screens, what they are seeing is a simulation of a cyber-enabled fraud case involving cryptocurrencies in which criminals operate nowadays.

Tiếp tục đọc ““More than 0s and 1s”: Cambodia battles cybercrime”

Online fraud leaves nobody safe – The vast and sophisticated global enterprise that is Scam Inc

~ Đào Thu Hằng ~ Bình luận về bài viết này

economist.com

EDGAR MET Rita on LinkedIn. He worked for a Canadian software company, she was from Singapore and was with a large consultancy. They were just friends, but they chatted online all the time. One day Rita offered to teach him how to trade crypto. With her help, he made good money. So he raised his stake. However, after Edgar tried to cash out, it became clear that the crypto-trading site was a fake and that he had lost $78,000. Rita, it turned out, was a trafficked Filipina held prisoner in a compound in Myanmar.

In their different ways, Edgar and Rita were both victims of “pig-butchering”, the most lucrative scam in a global industry that steals over $500bn a year from victims all around the world. In “Scam Inc”, our eight-part podcastThe Economist investigates the crime, the criminals and the untold suffering they cause. “Scam Inc” is about the most significant change in transnational organised crime in decades.

Pig-butchering, or sha zhu pan, is Chinese criminal slang. First the scammers build a sty, with fake social-media profiles. Then they pick the pig, by identifying a target; raise the pig, by spending weeks or months building trust; cut the pig, by tempting them to invest; and butcher the pig by squeezing “every last drop of juice” from them, their family and friends.

The industry is growing fast. In Singapore scams have become the most common felony. The UN says that in 2023 the industry employed just under 250,000 people in Cambodia and Myanmar; another estimate puts the number of workers worldwide at 1.5m. In “Scam Inc” we report how a man in Minnesota lost $9.2m and how a bank in rural Kansas collapsed when its chief executive embezzled $47m to invest in crypto, under the tutelage of a fake online woman, called Bella. A part-time pastor, he also stole from his church.

Online scamming compares in size and scope to the illegal drug industry. Except that in many ways it is worse. One reason is that everyone becomes a potential target simply by going about their lives. Among the victims we identify are a neuroscience PhD and even relatives of FBI investigators whose job is to shut scams down. Operating manuals give people like Rita step-by-step instructions on how to manipulate their targets by preying on their emotions. It is a mistake to think romance is the only hook. Scammers target all human frailties: fear, loneliness, greed, grief and boredom.

What is the UN cybercrime treaty and why does it matter?

~ Đào Thu Hằng ~ Bình luận về bài viết này

chathamhouse.org

Explaining the UN cybercrime treaty, its potential benefits and risks, key issues in the negotiations, and likely paths forward.

What is the UN cybercrime treaty?

Since May 2021, UN member states have been negotiating an international treaty on countering cybercrime. If adopted by the UN General Assembly, it would be the first binding UN instrument on a cyber issue. The treaty could become an important global legal framework for international cooperation on preventing and investigating cybercrime, and prosecuting cybercriminals.

But without a clearly defined scope and sufficient safeguards, the treaty could endanger human rights – both online and offline – and repressive governments could abuse its provisions to criminalize online free speech. It could also threaten digital rights by legitimizing intrusive investigations and unhindered law enforcement access to personal information.

What is cybercrime?

There is no universally accepted definition of cybercrime. A common approach is to define it in two categories: cyber-dependent crimes and cyber-enabled crimes.

Cyber-dependent crimes are crimes that can only be committed by using Information and Communication Technologies (ICTs). A notorious example is ransomware: hacking into an organization or individual’s device, encrypting data and demanding payment for decryption.

Without a clearly defined scope and sufficient safeguards, the treaty could endanger human rights – both online and offline – and repressive governments could abuse its provisions to criminalize online free speech.

Tiếp tục đọc “What is the UN cybercrime treaty and why does it matter?”

What is ZeroTrust Strategy?

~ Trần Đình Hoành ~ Bình luận về bài viết này

TĐH: Traditional cybersecurity strategies are no longer sufficient for today’s cyberwar. The Zero Trust strategy is a new concept in cyberwar. To help understand this concept, I post here a paper by the US Department of Defense entitle “DOD Zero Trust Strategy.” This concept will involve not just DOD or military institutions, but also many private enterprises and individuals. Indeed, it involves the entire nation. I select the DOD presentation to post because, by nature of its job, DOD is probaly concerned about cybersecurity more than anyone else. Below is the Foreword of the DOD paper.

DOD ZERO TRUST STRATEGY

Download full paper >>

Foreword


Our adversaries are in our networks, exfiltrating our data, and exploiting the Department’s users. The rapid growth of these offensive threats emphasizes the need for the Department of Defense (DoD) to adapt and significantly improve our deterrence strategies and cybersecurity implementations. Defending DoD networks with high-powered and ever-more sophisticated perimeter defenses is no longer sufficient for achieving cyber resiliency and securing our information
enterprise that spans geographic borders, interfaces with external partners, and support to millions of authorized users, many of which now require access to DoD networks outside traditional boundaries, such as work from home. To meet these challenges, the DoD requires an enhanced cybersecurity framework built upon Zero Trust principles that must be adopted across the Department, enterprise-wide, as quickly as possible as described within this document.

Tiếp tục đọc “What is ZeroTrust Strategy?”

This is the real story of the Afghan biometric databases abandoned to the Taliban

~ Đào Thu Hằng ~ Bình luận về bài viết này

technologyreview.com

By capturing 40 pieces of data per person—from iris scans and family links to their favorite fruit—a system meant to cut fraud in the Afghan security forces may actually aid the Taliban.By 

August 30, 2021

afghans targeted by biometric data

ANDREA DAQUINO

As the Taliban swept through Afghanistan in mid-August, declaring the end of two decades of war, reports quickly circulated that they had also captured US military biometric devices used to collect data such as iris scans, fingerprints, and facial images. Some feared that the machines, known as HIIDE, could be used to help identify Afghans who had supported coalition forces.

According to experts speaking to MIT Technology Review, however, these devices actually provide only limited access to biometric data, which is held remotely on secure servers. But our reporting shows that there is a greater threat from Afghan government databases containing sensitive personal information that could be used to identify millions of people around the country. 

MIT Technology Review spoke to two individuals familiar with one of these systems, a US-funded database known as APPS, the Afghan Personnel and Pay System. Used by both the Afghan Ministry of Interior and the Ministry of Defense to pay the national army and police, it is arguably the most sensitive system of its kind in the country, going into extreme levels of detail about security personnel and their extended networks. We granted the sources anonymity to protect them against potential reprisals. 

Related Story

Tiếp tục đọc “This is the real story of the Afghan biometric databases abandoned to the Taliban”

Deepfakes đe dọa doanh nghiệp

~ Thiều Linh ~ Bình luận về bài viết này

By Nguyễn Vũ 3/8/2019, 06:36

TBKTSG – Lâu nay khi nói đến deepfakes, tức kỹ thuật dùng trí tuệ nhân tạo và học máy để làm ra các video giả, người ta chỉ nghĩ đến loại video giả các chính trị gia nói chuyện trên trời dưới đất hay loại video các nhân vật nổi tiếng như David Beckham kể chuyện tiếu lâm bằng tiếng Việt. Thế nhưng, vừa có những cảnh báo bọn lừa đảo dùng công nghệ này để giả danh chủ doanh nghiệp đánh lừa nhân viên để chiếm đoạt tiền bạc. Tiếp tục đọc “Deepfakes đe dọa doanh nghiệp”

U.S. Escalates Online Attacks on Russia’s Power Grid

~ Trần Đình Hoành ~ Bình luận về bài viết này
A heating power plant in Moscow. Officials described the move into Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.CreditCreditMaxim Shemetov/Reuters

By David E. Sanger and Nicole Perlroth

WASHINGTON — The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.

In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.

Read more on New York Times >>

In Vietnam, Fake Death Certificates Are Weaponized to Hack Facebook Accounts

~ Đào Thu Hằng ~ Bình luận về bài viết này
Published on Monday, 24 December 2018 16:00Written by Saigoneer.

Vietnam’s fake document industry has upgraded for the information age.

Vietnam has one of the largest populations of Facebook users in the world. According to Noudhy Valdryno, a representative from Facebook’s Asia-Pacific Division, the country has 42 million daily users, accounting for 17% of Southeast Asia’s total 242 million. With a robust local Facebook user base comes darker implications, however, such as the manifestation of fake news, bullying or porn bots. Tiếp tục đọc “In Vietnam, Fake Death Certificates Are Weaponized to Hack Facebook Accounts”

Microsoft uncovers more Russian hacking ahead of midterms

~ Trần Đình Hoành ~ Bình luận về bài viết này
AP

Microsoft has uncovered new Russian hacking efforts targeting U.S. political groups ahead of the midterm elections.

The company said Tuesday that a group tied to the Russian government created fake websites that appeared to spoof two American conservative organizations: the Hudson Institute and the International Republican Institute. Three other fake sites were designed to look as if they belonged to the U.S. Senate. Tiếp tục đọc “Microsoft uncovers more Russian hacking ahead of midterms”

AN NINH MẠNG VÀ KHÁI NIỆM QUY TẮC (NORMS)

~ Thiều Linh ~ 3 bình luận

Cybersecurity and the Concept of Norms

Những yêu cầu về quy tắc để đảm bảo và ổn định không gian mạng đã trở nên phổ biến. Những lời kêu gọi này thường cung cấp kiến thức chi tiết về an ninh mạng nhưng hiếm khi nói nhiều khái niệm về các quy tắc – là những quy tắc gì, quy tắc làm việc như thế nào, chuyển đi ra sao và tại sao bất cứ ai cũng thích điều này hơn so với các chính sách công vụ khác. Kết quả là, các cuộc thảo luận chính sách và báo chí truyền thông thường áp dụng thuật ngữ cho các công cụ chính sách – thực tế không phải là quy tắc. Việc gộp chung lại như vậy có thể hiểu được, nhưng chúng có thể tạo ra nhầm lẫn không cần thiết và làm giảm giá trị quá trình xây dựng quy tắc. Các tài liệu học thuật liên quan mô tả các điểm cơ bản của khái niệm quy tắc và cách chúng hoạt động như thế nào, trong khi rút ra những bài học từ những phạm vi lĩnh vực chính sách khác – mà các quy tắc đã hoặc chưa được sử dụng thành công. 

QUY TẮC LÀ GÌ (VÀ KHÔNG LÀ GÌ)?

 Theo định nghĩa tiêu chuẩn hiện nay, quy tắc là “một tập hợp mong muốn đối với thái độ phù hợp của những người tham gia có đặc tính nhất định”.  Một số điểm của định nghĩa này đáng đem ra thảo luận. Tiếp tục đọc “AN NINH MẠNG VÀ KHÁI NIỆM QUY TẮC (NORMS)”

What it means that the Russians-hacking-US-energy-grid story is being leaked in a big way now

~ Trần Đình Hoành ~ 1 bình luận
DailyKos.com

By Karen Wehrstein
US_power_grid_night.JPG

This morning, Associated Press (AP) had the story that Russians have succeeded in hacking into the US energy grid, though they were then expelled.  From the CNBC version:

U.S. national security officials said the FBI, the Homeland Security Department and American intelligence agencies determined that Russian intelligence and others were behind the attacks on the energy sector. The officials said the Russians deliberately chose U.S. energy industry targets, obtaining access to computer systems and then conducting “network reconnaissance” of industrial control systems that run American factories and the electricity grid. Tiếp tục đọc “What it means that the Russians-hacking-US-energy-grid story is being leaked in a big way now”