Southeast Asian casino industry supercharging cyber fraud, UN says

Avatar

The expanding Southeast Asian casino industry has become the nexus of the region’s criminal ecosystem, including its cyber fraud industry, and it is facilitating large-scale money laundering by organized crime networks, a new United Nations report reveals.

The money laundering includes the proceeds from online scams like pig-butchering schemes, where scammers develop a relationship with a victim and lure them into making fraudulent investments.

In many cases, such scams originate from the casinos themselves, which are often located in lawless areas of countries like Laos and Myanmar. Hundreds of thousands of people are believed to have been trafficked into scamming compounds in these areas and forced to carry out telecommunications fraud.

“The acceleration of globalized crime networks centred in the Mekong aided by technology has dramatically expanded criminal revenue streams,” said Jeremy Douglas, regional representative for Southeast Asia and the Pacific at the United Nations Office on Drugs and Crime, in the report’s forward.

“This has necessitated a revolution in the regional underground banking architecture, resulting in the development of systems and infrastructure capable of moving and laundering massive volumes of state-backed fiat and cryptocurrencies.”

The use of casinos to launder organized crime proceeds in Southeast Asia is not necessarily new. As the report points out, multiple Philippines-based casinos helped to launder about $81 million believed stolen by North Korea’s Lazarus hacking group from Bangladesh Bank.

The industry has metastasized in recent years, however, experiencing “exponential growth” following a crackdown on Macau’s gambling sector starting in 2019, according to the UNODC. As of early 2022 there were more than 340 “land-based casinos,” the report said.

Whereas casinos near the border with China and Thailand originally catered to tourists gambling in person, when the pandemic arrived and travel was frozen, many shifted their operations to cyber fraud.

There are an untold number of online casinos also involved in money laundering.

A suite of technological tools means that “it has never been easier to set up an online casino operation with limited technical expertise and overhead capital.” These include cryptocurrencies, mirror websites and “white-label” service providers, outsourcing companies that provide betting software, design, marketing and even operating licenses.

These online gambling platforms are now one of the most popular means for cryptocurrency-based money laundering, the UN said.

“Using this method, funds are paid into an online gambling platform or an affiliate agent who may be part of a money laundering network and arranges the transfer of in-game points online through some combination of identifiable or anonymous accounts,” they said. “They are either cashed out or placed in bets, often in collusion with affiliates. Once the money in the gambling account is paid out in a desired currency and jurisdiction, it can effectively be given legal status and integrated into the formal financial system and economy.”

The report highlights the use of the stablecoin Tether (USDT) as the cryptocurrency of choice for the cyber fraud industry “due to its stability and the ease, anonymity, and low fees of its Transactions.”

A recent audit by an independent blockchain data analysis company found more than $17 billion in USDT transactions over a one-year period beginning in September 2022 connected to “underground currency exchanges, illegal commodity trades, unlawful collection and payment processes, and various criminal activities,” the report said.

In November 2023, the U.S. Department of Justice and Tether froze $225 million in USDT connected to Southeast Asia-based pig butchering scams.

One case study presented in the report displays the extent to which casino enterprises are involved in cybercrime. The Fully Light business conglomerate, which is involved in casinos in the Kokang region of Myanmar, has Telegram channels with hundreds of thousands of members “facilitating underground banking and cryptocurrency exchange ‘pass-through’ activities, cybercrime as a service, recruitment of migrant smugglers, and development of underground banking and money laundering teams.”

In one post, a group administrator shares a request for “white capital,” i.e. clean, Singaporean dollars in exchange for USDT. In another post on the same channel, a user from an overseas labor service warned that workers being smuggled into Laukkaing — a notorious hotbed of scamming activity in Myanmar — would need to pass through territory controlled by a different rebel group, requiring a bonus for the intermediaries.

A recent crackdown by China on cross-border cybercriminal operations in Myanmar — alongside a successful rebel offensive in the Kokang region — has seen the arrest and repatriation of tens of thousands of people involved in the industry in northern Myanmar. But as the report highlights, the organized criminal actors making billions from cyber fraud have proved adept at shifting operations under pressure.

“This strategy of jurisdiction shopping has proven common among high-level cyberfraud operators relocating deeper into the most vulnerable parts of the Mekong,” they said.

CybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.

 

Total
0
Shares
Previous Post

Androxgh0st malware hackers creating large botnet, CISA and FBI warn

Next Post

Ford drops attempt to patent tech allowing lenders to remotely meddle with cars

Related Posts

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,
Avatar
Read More