Myanmar, also known as Burma, shares borders with India and China, two of the most populous and increasingly digitally connected nations in the world. However, while digital connectivity has brought many benefits, it has also enabled new forms of cybercrime that can spread across borders and affect people worldwide.
In recent years, Myanmar has become a hub for Chinese-organized cybercriminal networks that target victims globally. These illicit networks take advantage of limited rule of law, poverty, and conflict in Myanmar to establish centers to carry out various cyber-enabled fraud schemes. The rise of Chinese cybercriminal activity operating in Myanmar has implications for India as well, as Indians are frequently targeted.
The Expansion of the Internet in China and India
Both China and India have seen rapid expansions of internet access and digital connectivity in recent decades. China currently has around 1 billion internet users, making up around 70% of the population. India has over 600 million internet users, equivalent to around 50% of its population. The onset of 4G mobile internet infrastructure has meant that hundreds of millions of people in each country are now online for the first time.
While increasing internet penetration has resulted in many benefits, it has also provided new mechanisms for criminal activities. As more individuals go online, there are more potential targets for cybercriminals. The anonymity and lack of borders on the internet makes cybercrime a lucrative prospect. Criminals can reach a global pool of victims from anywhere with just a device and an internet connection.
The Emergence of Transnational Cybercriminal Networks
In China in particular, the explosion in internet availability has been accompanied by the growth of sophisticated cybercriminal networks. China is now considered a major global source of cybercrime groups that carry out attacks and frauds internationally. Many of the cybercriminals operate large networks involving hundreds or thousands of people.
Chinese nationals with advanced technical skills play key roles developing hacking tools, malware, and infrastructure to enable cybercriminal activities. However, much of the lower level criminal work is outsourced to other countries where labor can be acquired cheaply.
Myanmar has emerged as a key base of operations for Chinese cybercriminal groups offshoring illicit work. The groups recruit individuals from Myanmar and other nearby countries through job ads and other schemes. These recruits end up serving as mules laundering stolen money or engaging in fraudulent activities online under the direction of Chinese organizers.
Factors Driving the Growth of Cybercrime Networks in Myanmar
Myanmar has a combination of factors that have made it an ideal location for transnational cybercriminal networks to establish operations:
Limited Governance and Rule of Law – Myanmar has long struggled with effective governance and establishing rule of law, especially in peripheral ethnic states like Shan. The limited law enforcement presence and weak regulation allow illegal activities to be carried out with impunity.
Proximity and Cultural Ties to China – Myanmar’s location next to China’s Yunnan province facilitates cross-border flows of people, goods, and information. Migrant Chinese communities exist in parts of Myanmar. The cultural connections ease recruitment and coordination of Myanmar-based mules.
Poverty and Limited Economic Opportunities – Much of the population in Myanmar struggles with poverty and unemployment. There is a large base of young people desperate to make money, who can be exploited as cybercriminal mules with promises of high-paying jobs.
Conflict and Displacement – Ongoing armed conflicts between ethnic armed groups and the military in border regions like Shan State have resulted in many internally displaced people. These marginalized populations are vulnerable to recruitment by criminal groups.
Corruption – Corrupt officials and law enforcement enable cybercrime networks to operate by accepting bribes and not taking action against their activities. Money laundering relies on corruption as well.
Cryptocurrency – The rise of cryptocurrency has made moving illicit funds easier while helping cybercriminals avoid regulation and detection. Major cryptocurrency uptake in both China and Myanmar helps facilitate transactions.
Online Fraud Schemes Conducted from Myanmar
Chinese-led groups in Myanmar carry out a wide range of cyber-enabled fraud targeting victims globally. Some of the major schemes include:
- Romance scams – Criminals pretend to start a relationship with the victim online, gain their trust, and then solicit funds from them.
- Tech support scams – Fake technology company calls or popups that trick users into providing remote access or sensitive information to “fix” nonexistent issues.
- Investment scams – Fake websites and accounts promoting bogus investment opportunities with promises of high returns.
- Email and SMS phishing – Messages pretending to be from legitimate companies to manipulate users into inputting credentials or bank information on fake sites.
- Business email compromise – Hacking employee email accounts to trick other staff into making unauthorized transfers of funds.
- Reselling stolen data – Information like bank accounts and credit cards stolen through hacking and malware is sold on via dark web markets.
These scams collectively generate huge profits, with individual victims often losing thousands of dollars or more. The widespread telecom fraud operations have amounted to billions of dollars in criminal earnings.
Impacts of Transnational Cybercrime on India
The growth of Chinese cybercriminal activity operating out of Myanmar poses threats to India as well. India has over 600 million internet users, many of them newly online and lacking cybersecurity awareness. This provides a massive target for scammers and cybercriminals, both within India and abroad.
Some of the key impacts on India include:
Financial losses – Indian victims end up losing significant amounts of money to tech support scams, phishing attacks, extortion cybercrime groups like Jao Bolenge Fraud Gang, and other schemes ultimately orchestrated by groups in Myanmar.
Reputational damage – When Indian businesses and infrastructure are compromised as part of cybercriminal campaigns, trust in digital services and the economy suffers.
National security risks – Terrorists and hostile state actors can leverage the same criminal cybercrime tools and infrastructure to carry out disruptive attacks.
Growth of domestic cybercrime – The skills and enterprises developed to support transnational organized cybercrime could be utilized for increased domestic fraud activity as well.
Responses by China and India to Cybercriminal Activity
Both the Chinese and Indian governments have become increasingly concerned about the growth in cybercriminal activity and the reputational damage it causes. However, meaningful cooperation and law enforcement action across borders has been limited thus far.
China has recently undertaken domestic crackdowns on cybercrime and online fraud groups, resulting in many arrests. However, critics argue these efforts are haphazard and largely motivated by incidents that cause embarrassment rather than a systematic approach to stamp out the root causes of cybercrime.
There are also limits on how much pressure China can exert on Myanmar-based groups to disrupt their activities, given geopolitical tensions. Myanmar’s military government has diplomatic and economic ties to China, but wants to balance this with relationships with other countries as well.
India faces difficulties in pursuing cybercriminals based out of Myanmar. Myanmar’s military rulers have little capacity or incentive to target Chinese-linked transnational organized cybercrime groups operating in their territory.
India has lobbied for increased international cybersecurity cooperation, including through the signing of bilateral agreements with nations around the world. However, so far cybercrime appears to remain a low priority in India-Myanmar relations.
Some of the measures India has pursued to build cybersecurity and cyber-fraud protection domestically include:
- Expanding police cybercrime units
- Government cybersecurity training initiatives
- Public awareness campaigns around cyber-hygiene
- Increased regulation around know-your-customer (KYC) norms and transaction monitoring
- Fintech industry collaboration on threat intelligence sharing
Outlook on Fighting Transnational Cybercrime
Cybercriminal activity originating from groups based out of Myanmar seems likely to persist and grow given current conditions. However, a multi-pronged strategy combining domestic law enforcement, international collaboration, and public-private partnerships could help mitigate harm.
Key priorities for improving cybersecurity and combating transnational organized cybercrime should include:
- Enhancing oversight and regulation of cryptocurrency to reduce use in laundering funds.
- Growing public awareness around cyber-hygiene and fraud identification through education campaigns and media reporting.
- Increasing law enforcement training and institutional capacity to investigate and prosecute cybercrime cases.
- Leveraging AI and big data analytics by tech companies to rapidly detect cybercrime operations and block attacks.
- Using diplomatic pressure to encourage nations harboring cybercriminal groups to cooperate and take meaningful action against them.
- Building partnerships between law enforcement and cybersecurity firms to gather threat intelligence and bolster monitoring of cybercriminal infrastructure.
With growing digital connectivity in India, China, and Myanmar likely to continue, managing emerging cybersecurity threats will require keeping pace with innovation in the crimes themselves. Though eliminating transnational cybercriminal groups is unlikely, targeted efforts can go a long way in making online spaces safer and more trusted for the vast populations in these nations relying on digital access.