Myanmar Unwittingly Takes Action Against Industrialized Online Crime
January 29, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
The UN wrote about the link among human trafficking, online and neon-lit casinos, and money laundering. Posts appeared on some of the law enforcement message boards. I included a couple of slides about these integrated systems in my November 2025 law enforcement lectures.
But China has taken action.
If the information in “China Executes 11 Members of Myanmar Scam Mafia,” the Middle Kingdom is sending a message to these unauthorized entities. The write up reports:
Their scam empire came crashing down in 2023, when they were detained and handed over to China by ethnic militias that had taken control of Laukkaing during an escalation in their conflict with Myanmar’s army.
What’s interesting is that the alleged bad actors ended up in the hands of “ethnic militias.” In Myanmar, a group of like minded individuals can team up and claim to be an ethnic militia. Some support a political party or movement; some are opportunists; some linked to the Myanmar border guard force; and others may be supportive of or be supported by another country. The last estimate about the number of ethnic militias in Myanmar was “maybe 20, maybe more.” My source was a donut shop operator in rural Kentucky. You may want to verify this estimate, but let’s assume it is close enough for horse shoes.
Once the scam center prisoners are released, will the people forced to phish go to their home country or will they end up in another phishing factory? Thanks, Midjourney. Good enough.
The unnamed “ethnic militias” snatched the alleged bad actors and somehow moved these individuals to Chinese officials. China, a mysterious country in many ways, found the people guilty. The individuals were killed.
The write up adds:
With these executions Beijing is sending a message of deterrence to would-be scammers. But the business has now moved to Myanmar’s border with Thailand, and to Cambodia and Laos, where China has much less influence.
China is not pleased with unauthorized activites related to certain types of crimes. Killing the bad actors is a reasonably clear message: Try to restart the Crouching Tiger Villa operation, and we will take the offense seriously.
Several observations:
- The illegal online activities are unlikely to be impeded by this series of executions. The question arises, “Why not?”
- The Golden Triangle, Myanmar, and a few other nations or quasi countries have numerous criminal compounds. The question arises, “Why aren’t other enforcement agencies taking steps to curtail these crime factories?”
- Online makes it easy to set up a scam center and operate internationally, why haven’t important “nodes” to the Internet taken action and shut down certain types of online traffic?”
Here’s a final question, “What online service handles about 20 to 25 percent of money laundering?”
Net net: Beijing is sending a message. I am not sure those engaged in these lucrative oiperations will listen or care. Let me amend my statement. Yes, the bad actors will care when the mobile death van rolls out the guerney, the executioner pulls the trigger, or the hangman pushes a button to drop the condemned through a slot on the floor so the termination occurs on the floor below. Until then, international and national enforcement seem ineffective. Online services don’t care. The only people who care are those harmed by the bad actors. Their voices are lost in the noise.
Stephen E Arnold, January 29, 2026
The Final Word on Tricky Online Shopping Tactics
January 26, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
I read a round up of what I call “tricky online shopping tactics.” The data flow from an academic project called WebTAP. The researchers are smart; each hails from either Princeton University or the University of Chicago. Selected data are presented in “Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites.” The authors (hopefully just one of them) will do a talk at a conference about tricky retail methods using the jazzier jargon “dark patterns.” The term (whether my dinobaby version or the hip new buzzword) mean the same thing: You are bamboozled into buying stuff you may not want, need, or price check before clicking.
I don’t want to be critical of these earnest researchers. There is a list of the sites that the researchers determined do some fancy dancing. Here it is:
If you want to read the list, you will find it on page 24 of the study team’s 32 page report. I want to point out that sites I know use tricky online shopping tactics are not on the list. Here’s one example of a site I expected to find on the radar of the estimable study team from Princeton and the University of Chicago: Amazon.
But what do the researchers say about dicey online shopping sites I never encounter? The paper states:
We found at least one instance of dark pattern on approximately 11.1% of the examined websites. Notably, 183 of the websites displayed deceptive messages. Furthermore, we observed that dark patterns are more likely to appear on popular websites. Finally, we discovered that dark patterns are often enabled by third-party entities, of which we identify 22; two of these advertise practices that enable deceptive patterns. Based on these findings, we suggest that future work focuses on empirically evaluating the effects of dark patterns on user behavior, developing countermeasures against dark patterns so that users have a fair and transparent experience, and extending our work to discover dark patterns in other domains.
Net net: No Amazon, no Microsoft, no big name online retailers like WalMart, and no product pitch blogs like Venture Beat-type publications. No suggestions for regulatory action to protect consumers. No data about the increase or decrease in the number of sites using dark patterns. Yep, there is indeed work to be done. Why not focus on deception as a business strategy and skip the jazzy jargon?
Stephen E Arnold, January 26, 2026
Are NoKos Scam Phisher Champs?
January 26, 2026
When you think about scams, do you immediately think about Nigeria or Russian females who really want to meet an amerikos ? hat African nation is one of the scam capitals of the world. Russia is pretty capable in this department. But does North Korea hold the title of Scam King? Probably not. But some experts want people to believe that North Korean bad actors are the top phishers of men. Tech Radar explains the authoritarian country’s latest scam: “North Korean Hackers Using Malicious QR Codes In Spear Phishing, FBI Warns.”
North Korean bad actors are preying own academia, think tanks, and US government institutions with sophisticated QR codes called “quishing” attacks. Their goal is to obtain credentials for VPNs, Okta, or Microsoft 365. The FBI issued a warning about quishing attacks. The attacks are sent from “Kimusky,” who sends out convincing emails with complicated QR codes that bypass protections.
The FBI says that QR codes are easily scanned with mobile devices. Here’s how the scam works:
“When the victim scans the code, they are sent through multiple redirectors that collect different information and identity attributes, such as user-agent, operating system, IP address, locale, and screen size. This data is then used to land the victim on a custom-built credential-harvesting page, impersonating Microsoft 365, Okta, or VPN portals.
If the victim does not spot the trick and tries to log in, the credentials would end up with the attackers. What’s more – these attacks often end with session token theft and replay, allowing the threat actors to bypass multi-factor authentication (MFA) and hijack cloud accounts without triggering the usual “MFA failed” alert.”
Mobile devices aren’t managed as readily as desktop and laptop computers. They’re extremely vulnerable to this QR code scam! The smart thing to do is: Don’t scan strange QR codes. Some outfits hire coders, use their scam software, and just provide more phish to be trawled. Hey, restaurant owner, am I talking about you?
Whitney Grace, January 26 , 2026
AI Business Trickery: Not a Good Sign for the Industry
January 19, 2026
In feat reminiscent of the Great and Powerful Oz, the curtain was pulled back on an UK AI company that turned out to be a great big real fake. The ACS Information Age reported that, “The Company Whose ‘AI’ Was Actually 700 Humans In India.” For eight years, Engineer.ai allegedly fooled the tech industry. It was allegedly founded by Sachin Dev Duggal, who served as the CEO of Builder.ai. Plus, he raised money. He pitched AI, and the check books came out. He acquired funding from Microsoft, Qatar, and SoftBank.
Duggal promised that his AI chatbot, Natasha, would be a no-code tool that could build apps six times faster than typical required work and would be seventy percent cheaper. Duggal embraced Silicon Valley baloney job titles. He dubbed himself the “chief wizard” borrowing from the 1939 motion picture “Somewhere Over the Rainbow.” Yep, the film had a robot too.
However, Engineer.ai declared bankruptcy after a Bloomberg investigation reported that Engineer.ai had been working with the Indian social media startup VerSe. Both were employing criminal financial actions. When these practices were revealed, Viola Credit, a major backer, wanted immediate repayment of its $50 million loan.
More information popped out in December 2025. The smart software Natasha was about 700 Indian app developers. These professional humans wrote customers’ software and adopted the behavior of bots. Not good. The cited source reports:
“Although the developers used a range of software tools in their work, coding was performed manually, meaning that while Builder.ai did eventually deliver apps to its customers, it was simply another player in an Indian offshoring industry attracting $27 billion ($US17.7 billion) annually. That puts the company in a completely different market segment than the one that propelled AI-hungry investors through four funding rounds before and after the debut of OpenAI’s ChatGPT turned the global tech industry on its head.”
What other AI charades are operating using hyperbolic marketing and motion picture tropes? My hunch. Lots.
Whitney Grace, January 19, 2026
Telegram Notes: Mama Durova and Her Inner Circle
January 14, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
We filtered our notes for my new book “The Telegram Labyrinth.” Information about Pavel Durov’s mom was sparse. What we had, however, was interesting. The inner circle boils down to her ex-husbands and her three sons. In Part One of a two-part write up, you can get a snapshot of the individuals who facilitated the technical and business plumbing for VKontakte until its sale to Kremlin-approved buyers and then for the Telegram messaging service. You can find part one of this interesting group on my Telegram Notes online service.
Stephen E Arnold, January 14, 2026
Gambling Is An Addiction & The Internet Starts ‘Em Young
January 8, 2026
Robert Custer was a psychiatrist who promoted the theory that gambling addition was a mental disorder. His pioneering research is the basis for modern treatments of gambling disorder. Since Custer’s prime in the 1970s and 1980s, gambling has exploded, not just with brick and mortar casinos, but also online gambling and expansion of mobile sports betting. Science News discusses the rising tide of online gambling in the article, “As Gambling Addiction Spreads, One Scientist’s Work Reveals Timely Insights.”
Custer’s research is more relevant now than ever especially as the behavior is nurtured in kids from the moment they can hold a mobile device. Custer fought to include the disorder in the DSM and he succeeded:
“Custer argued that pathological gambling was not just a matter of an individual’s building and releasing tension. Rather, pathological gambling followed a progressive course from slightly unhealthy gambling behaviors to increasingly problematic wagering with tangible financial and social consequences. As a result, the committee incorporated the common consequences Custer saw in his clinical experience — such as defaulting on debts, borrowing money and struggling with family relationships — as diagnostic criteria to better identify those suffering. So, while pathological gambling remained alongside impulse control disorders in the DSM-III, its description and diagnostic criteria more closely mirrored the way the manual approached substance use disorders.”
Kids become addicted to online games that mimic the same dopamine release that gamblers experience. Social media giants are huge enablers of this behavior but so is Telegram. Telegram wants to hook the kids young so they’ll be addicted until the day they fall into a hole. It’s despicable and makes you want to toss a kid outside with a ball and stick. Go outside!
Whitney Grace, January 8, 2025
ChatGPT Channels Telegram
January 7, 2026
Just what everyone needs: Telegram type apps on the Sam AI-Man platform. What will bad actors do? Obviously nothing. Apps will be useful, do good, and make the world a better place.k
ChatGPT now connects to apps without leaving the AI interface.? ? According to Mashable, “ChatGPT Launches Apps Beta: 8 Big Apps You Can Now Use In ChatGPT.”? ? ChatGPT wants its users to easily access apps or take suggestions during conversations with the AI.? ? The idea is that ChatGPT will be augmented by apps and extend conversations.
App developers will also be able to use ChatGPT to build chat-native experiences to bring context and action directly into conversations.
The new app integration is described as:
“While some commentators have referred to the new Apps beta as a ChatGPT app store, at this time, it’s more of an app directory. However, in the “Looking Ahead” section of its announcement post, OpenAI does note that this tool could eventually ‘expand the ways developers can reach users and monetize their work.’”
The apps that are integrated into ChatGPT are Zillow, Target, Expedia, Tripadvisor, Instacart, DoorDash, Apple Music, and Spotify.? ? This sounds similar to what Telegram did.? ? Does this mean OpenAI is on the road to Telegram like services?
Just doing good. Bad actors will pay no attention.
Whitney Grace, January 7, 2025
Telegram Notes: Occasional Observations
December 29, 2025
![green-dino_thumb_thumb[3]_thumb](https://www.arnoldit.com/wordpress/wp-content/uploads/2025/12/green-dino_thumb_thumb3_thumb-1.gif "green-dino_thumb_thumb[3]_thumb")
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
My new Telegram Notes’ service is coming along. Watch Beyond Search for a link to the stories. We will post a short summary of a story in Beyond Search which I have producing since 2008. The longer Telegram Notes’ essays will appear in the new service. We are testing a couple of options. We have a masthead. The art was produced by Google and Venice smart software. If you know nothing about Telegram, its Messenger Service, or its new financial services, the illustration won’t make much sense. If you know a bit about Telegram, you will know about the GOAT. The references to crypto and other content are references to allegations about the content on the platform.
The working version of the Telegram Notes’ masthead. Thanks, AI services. You are good enough.
Beyond Search will continue to host new articles in our traditional format. However, as we figure out how to best use our time, the flow of stories is likely to be uneven. (Personally I love the GOAT picture. But what’s that on the information highway beneath the GOAT? Probably nothing.
Stephen E Arnold, December 29, 2025
Microsoft Demonstrates Its Commitment to Security. Right, Copilot
December 4, 2025
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
I read on November 20, 2025, an article titled “Critics Scoff after Microsoft Warns AI Feature Can Infect Machines and Pilfer Data.” My immediate reaction was, “So what’s new?” I put the write up aside. I had to run an errand, so I grabbed the print out of this Ars Technica story in case I had to wait for the shop to hunt down my dead lawn mower.
A hacking club in Moscow celebrates Microsoft’s decision to enable agents in Windows. The group seems quite happy despite sanctions, food shortages, and the special operation. Thanks, MidJourney. Good enough.
I worked through the short write up and spotted a couple of useful (if true) factoids. It may turn out that the information in this Ars Technica write up provide insight about Microsoft’s approach to security. If I am correct, threat actors, assorted money laundering outfits, and run-of-the-mill state actors will be celebrating. If I am wrong, rest easy. Cyber security firms will have no problem blocking threats — for a small fee of course.
The write up points to what the article calls a “warning” from Microsoft on November 18, 2025. The report says:
an experimental AI agent integrated into Windows can infect devices and pilfer sensitive user data
Yep, Ars Technica then puts a cherry on top with this passage:
Microsoft introduced Copilot Actions, a new set of “experimental agentic features” that, when enabled, perform “everyday tasks like organizing files, scheduling meetings, or sending emails,” and provide “an active digital collaborator that can carry out complex tasks for you to enhance efficiency and productivity.”
But don’t worry. Users can use these Copilot actions:
if you understand the security implications.
Wow, that’s great. We know from the psycho-pop best seller Thinking Fast and Slow that more than 80 percent of people cannot figure out how much a ball costs if the total is $1.10 and the ball costs one dollar more. Also, Microsoft knows that most Windows users do not disable defaults. I think that even Microsoft knows that turning on agentic magic by default is not a great idea.
Nevertheless, this means that agents combined with large language models are sparking celebrations among the less trustworthy sectors of those who ignore laws and social behavior conventions. Agentic Windows is the new theme part for online crime.
Should you worry? I will let you decipher this statement allegedly from Microsoft. Make up your own mind, please:
“As these capabilities are introduced, AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs,” Microsoft said. “Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation.”
I thought this sub head in the article exuded poetic craft:
Like macros on Marvel superhero crack
The article reports:
Microsoft’s warning, one critic said, amounts to little more than a CYA (short for cover your ass), a legal maneuver that attempts to shield a party from liability. “Microsoft (like the rest of the industry) has no idea how to stop prompt injection or hallucinations, which makes it fundamentally unfit for almost anything serious,” critic Reed Mideke said. “The solution? Shift liability to the user. Just like every LLM chatbot has a ‘oh by the way, if you use this for anything important be sure to verify the answers” disclaimer, never mind that you wouldn’t need the chatbot in the first place if you knew the answer.”
Several observations are warranted:
- How about that commitment to security after SolarWinds? Yeah, I bet Microsoft forgot that.
- Microsoft is doing what is necessary to avoid the issues that arise when the Board of Directors has a macho moment and asks whoever is the Top Dog at the time, “What about the money spent on data centers and AI technology? You know, How are you going to recoup those losses?
- Microsoft is not asking its users about agentic AI. Microsoft has decided that the future of Microsoft is to make AI the next big thing. Why? Microsoft is an alpha in a world filled with lesser creatures. The answer? Google.
Net net: This Ars Technica article makes crystal clear that security is not top of mind among Softies. Hey, when’s the next party?
Stephen E Arnold, December 4, 2025
AI Agents and Blockchain-Anchored Exploits:
November 20, 2025
This essay is the work of a dumb dinobaby. No smart software required.
In October 2025, Google published “New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware,” which generated significant attention across cybersecurity publications, including Barracuda’s cybersecurity blog. While the EtherHiding technique was originally documented in Guard.io’s 2023 report, Google’s analysis focused specifically on its alleged deployment by a nation-state actor. The methodology itself shares similarities with earlier exploits: the 2016 CryptoHost attack also utilized malware concealed within compressed files. This layered obfuscation approach resembles matryoshka (Russian nesting dolls) and incorporates elements of steganography—the practice of hiding information within seemingly innocuous messages.Recent analyses emphasize the core technique: exploiting smart contracts, immutable blockchains, and malware delivery mechanisms. However, an important underlying theme emerges from Google’s examination of UNC5142’s methodology—the increasing role of automation. Modern malware campaigns already leverage spam modules for phishing distribution, routing obfuscation to mask server locations, and bots that harvest user credentials.
With rapid advances in agentic AI systems, the trajectory toward fully automated malware development becomes increasingly apparent. Currently, exploits still require threat actors to manually execute fundamental development tasks, including coding blockchain-enabled smart contracts that evade detection.During a recent presentation to law enforcement, attorneys, and intelligence professionals, I outlined the current manual requirements for blockchain-based exploits. Threat actors must currently complete standard programming project tasks: [a] Define operational objectives; [b] Map data flows and code architecture; [c] Establish necessary accounts, including blockchain and smart contract access; [d] Develop and test code modules; and [e] Deploy, monitor, and optimize the distributed application (dApp).
The diagrams from my lecture series on 21st-century cybercrime illustrate what I believe requires urgent attention: the timeline for when AI agents can automate these tasks. While I acknowledge my specific timeline may require refinement, the fundamental concern remains valid—this technological convergence will significantly accelerate cybercrime capabilities. I welcome feedback and constructive criticism on this analysis.
The diagram above illustrates how contemporary threat actors can leverage AI tools to automate as many as one half of the tasks required for a Vibe Blockchain Exploit (VBE). However, successful execution still demands either a highly skilled individual operator or the ability to recruit, coordinate, and manage a specialized team. Large-scale cyber operations remain resource-intensive endeavors. AI tools are increasingly accessible and often available at no cost. Not surprisingly, AI is a standard components in the threat actor’s arsenal of digital weapons. Also, recent reports indicate that threat actors are already using generative AI to accelerate vulnerability exploitation and tool development. Some operations are automating certain routine tactical activities; for example, phishing. Despite these advances, a threat actor has to get his, her, or the team’s hands under the hood of an operation.
Now let’s jump forward to 2027.
The diagram illustrates two critical developments in the evolution of blockchain-based exploits. First, the threat actor’s role transforms from hands-on execution to strategic oversight and decision-making. Second, increasingly sophisticated AI agents assume responsibility for technical implementation, including the previously complex tasks of configuring smart contract access and developing evasion-resistant code. This represents a fundamental shift: the majority of operational tasks transition from human operators to autonomous software systems.
Several observations appear to be warranted:
- Trajectory and Detection Challenges. While the specific timeline remains subject to refinement, the directional trend for Vibe Blockchain Exploits (VBE) is unmistakable. Steganographic techniques embedded within blockchain operations will likely proliferate. The encryption and immutability inherent to blockchain technology significantly extend investigation timelines and complicate forensic analysis.
- Democratization of Advanced Cyber Capabilities. The widespread availability of AI tools, combined with continuous capability improvements, fundamentally alters the threat landscape by reducing deployment time, technical barriers, and operational costs. Our analysis indicates sustained growth in cybercrime incidents. Consequently, demand for better and advanced intelligence software and trained investigators will increase substantially. Contrary to sectors experiencing AI-driven workforce reduction, the AI-enabled threat environment will generate expanded employment opportunities in cybercrime investigation and digital forensics.
- Asymmetric Advantages for Threat Actors. As AI systems achieve greater sophistication, threat actors will increasingly leverage these tools to develop novel exploits and innovative attack methodologies. A critical question emerges: Why might threat actors derive greater benefit from AI capabilities than law enforcement agencies? Our assessment identifies a fundamental asymmetry. Threat actors operate with fewer behavioral constraints. While cyber investigators may access equivalent AI tools, threat actors maintain operational cadence advantages. Bureaucratic processes introduce friction, and legal frameworks often constrain rapid response and hamper innovation cycles.
Current analyses of blockchain-based exploits overlook a crucial convergences: The combination of advanced AI systems, blockchain technologies, and agile agentic operational methodologies for threat actors. These will present unprecedented challenges to regulatory authorities, intelligence agencies, and cybercrime investigators. Addressing this emerging threat landscape requires institutional adaptation and strategic investment in both technological capabilities and human expertise.
Stephen E Arnold, November 20, 2025
-
- Subscribe to Beyond Search
Feature archive
News archive
-
