The U.S. Department of Justice just made a move that signals a significant evolution in how American law enforcement approaches transnational cybercrime infrastructure — and it goes straight to the satellite dish on the roof.
In November 2025, federal magistrate judges authorized seizure warrants targeting Starlink satellite terminals and accounts allegedly used by criminal scam compounds operating along the Myanmar-Thailand border. The action is part of a newly launched initiative called the District of Columbia Scam Center Strike Force, a joint effort between the DOJ, FBI, and Secret Service aimed specifically at dismantling the Southeast Asian pig butchering and crypto investment fraud ecosystem that has been bleeding American victims dry for years.
The numbers are staggering. The Strike Force has already seized and forfeited over $401.6 million in cryptocurrency and has initiated civil forfeiture proceedings for an additional $80 million. In fiscal year 2025 alone, the Secret Service fielded roughly 3,000 victim contacts related to cryptocurrency investment schemes. And that’s just who called in.
The Starlink Problem Nobody Wanted to Talk About
For years, the connectivity puzzle at Southeast Asian scam compounds was hiding in plain sight. These operations — many of which are staffed through forced labor and run by Chinese organized crime syndicates — deliberately established themselves in lawless border regions with limited telecommunications infrastructure. That was supposed to make them harder to reach and harder to disrupt.
Starlink changed that calculus entirely, and not in a good way.
As we documented in our deep-dive Inside Myanmar’s Expanding Scam Empire, vendors were openly advertising Starlink access as a “solution for online scam operators” on Telegram-based markets long before law enforcement caught up. Thai authorities seized 38 smuggled Starlink terminals in a single March 2025 operation. The adaptation was fast, deliberate, and very visible to anyone paying attention.
A WIRED investigation earlier in 2025 confirmed what many threat researchers had suspected: scam compounds in Myanmar were blanketing their rooftops with Starlink dishes. One compound documented in the DOJ affidavits — the Tai Chang compound, controlled by the U.S.-sanctioned Democratic Karen Benevolent Army — had at least 79 Starlink dishes visible on its rooftops. Another cluster of compounds near Three Pagodas Pass showed at least 26 dishes across multiple buildings.
Between November 2024 and early February 2025, mobile devices connected to Starlink terminals more than 40,000 times while physically located at known scam sites. The devices weren’t registered locally — the two Starlink accounts tied to the Three Pagodas Pass terminals were registered in the Philippines, a detail that underscores how sophisticated the account obfuscation has become.
How the Warrants Work — and Why This Matters
This is where things get legally interesting for anyone paying attention to transnational cyber enforcement.
The DOJ didn’t need to physically reach Myanmar to take action. Instead, U.S. Magistrate Judge G. Michael Harvey authorized the seizure of nine specific Starlink terminals and two associated accounts by ordering SpaceX to effect seizure directly — freezing and disconnecting the terminals from the SpaceX network. The warrant obligates Starlink to suspend access. No boots on the ground required.
This is a meaningful precedent. By treating infrastructure providers as enforcement partners rather than passive bystanders, the DOJ is effectively extending American legal reach into territory it cannot physically access. Civil forfeiture authorities make this even more powerful — these actions run against the property itself and don’t require criminal proceedings to be initiated first.
The affidavits also demonstrate how investigators connected the dots: records from SpaceX and Meta (which owns WhatsApp) were used to link specific phone numbers to Starlink systems, and those systems to the “Wealthob” crypto fraud scheme that victimized at least 22 Americans for an estimated $6.7 million between 2017 and late 2024.
For a fuller picture of how these crypto investment fraud schemes are structured from the victim’s side, see our guide: Cryptocurrency Investment Scams: The Latest Tricks and How to Avoid Them.
SpaceX Response: Proactive Disabling, Ongoing Pressure
To be fair to Starlink, SpaceX wasn’t simply ignoring the problem. In October 2025, Lauren Dreyer, Starlink’s VP of Business Operations, announced the company had proactively disabled over 2,500 Starlink terminals in the vicinity of suspected scam centers in Myanmar. Starlink usage in the region reportedly dropped following that announcement.
But the devices keep coming. As covered extensively in our reporting on Myanmar’s Massive Scam Hub Crackdown, the November 2025 raids on Shwe Kokko — which resulted in nearly 1,600 arrests — also revealed the depth of the Starlink problem: continuous new construction, fresh satellite dishes appearing on rooftops, and compounds adapting faster than enforcement can respond. Authorities found steamrollers crushing rows of computer monitors while other compounds a few kilometers away continued operations uninterrupted.
The Myanmar junta seized 30 Starlink receivers in a raid on KK Park in October 2025, though experts have questioned how much of that was genuine enforcement versus political theater to appease Western critics. The U.S. Congress’ Joint Economic Committee has also opened an investigation into Starlink’s involvement, though its authority to compel Elon Musk to testify remains limited.
The Broader Threat Picture
This isn’t just a Myanmar story. The scam compound model — systematized fraud operations powered by trafficked labor, Chinese organized crime leadership, and increasingly sophisticated technology — has been exported globally.
Our coverage of the Thailand Scams 2025: The Dark Zomia Crisis details how the Thai-Myanmar border has effectively become the operational headquarters of a multi-billion-dollar transnational crime empire, with KK Park and Shwe Kokko serving as the two primary hubs. An estimated 100,000+ people from over 60 countries are held there under conditions of modern slavery, forced to run the very scams targeting Americans and others worldwide.
The scale of it is hard to internalize. In our 2025 Global Scam Landscape report, we documented that criminals extracted an estimated $442 billion globally from victims in 2025 alone — and that figure almost certainly represents a fraction of true losses given severe underreporting. The FTC reported $12.5 billion in U.S. consumer fraud losses in 2024, a 25% increase over 2023, and 2025’s final tally is expected to be worse.
The tactics have evolved alongside the technology. Scammers increasingly use:
- Generative AI to create convincing victim-tailored communications at scale- Deepfake video tools for real-time face-swapping during video calls with victims- Encrypted messaging apps (WhatsApp, Telegram) to move conversations away from easily monitored channels- Layered account obfuscation — registering infrastructure across multiple jurisdictions to obscure beneficial ownership
The classic pig butchering playbook — an unsolicited “wrong number” text, a cultivated relationship, an invitation to a fake crypto investment platform — now operates at industrial scale. For a comprehensive breakdown of how these schemes work from first contact to financial devastation, our Pig Butchering: The $12.4 Billion Romance-Crypto Scam Epidemic piece covers the full anatomy of the operation, including how the Huione Guarantee marketplace has processed $70 billion in crypto to support it.
One of the starkest illustrations of how these scams actually land on real people: our piece When AI Became Her Lifeline follows a San Jose widow who nearly lost $1 million to a pig butchering operation before ChatGPT identified the pattern and urged her to go to police. It’s a useful read for anyone building security awareness content for non-technical audiences.
What This Means for Security Practitioners
A few takeaways worth tracking:
Infrastructure is now a prosecution target. The DOJ’s Strike Force is explicitly pursuing civil forfeiture of operational infrastructure — satellite terminals, websites, accounts — not just stolen funds. This means the technical scaffolding that enables fraud is on the table, and providers who don’t respond to seizure orders face real legal exposure.
The Meta-SpaceX data cooperation angle is significant. The fact that investigator warrants against SpaceX and Meta produced data that linked phone numbers to specific satellite terminals to specific fraud operations tells you something important about how attribution is being constructed in these cases. If you’re doing threat intelligence work involving pig butchering campaigns, understanding that evidentiary chain matters.
Victim education remains the weakest link. With 3,000 Secret Service contacts in FY2025 alone, and the DOJ acknowledging they don’t yet have a clear framework for returning seized funds to victims, the consumer-facing side of this problem is underdeveloped. Organizations doing security awareness training should be incorporating pig butchering and crypto investment fraud scenarios — especially for employees managing personal finances online. Our 2025 Most Expensive Scams piece is a good starting point for building that awareness content; investment fraud now costs Americans a median of $9,000+ per incident.
This is a geopolitical enforcement story, not just a crime story. The Strike Force operates under the banner of countering Chinese organized crime and is explicitly framed as part of the Trump administration’s broader cryptocurrency enforcement posture. The intersection of sanctions, civil forfeiture authority, and satellite infrastructure seizure is creating new enforcement terrain that will evolve quickly. For a broader reference on the scam types practitioners should be briefing on, our Ultimate Scam Hub covers 150+ scam categories with red flags and protection guidance.
Bottom Line
The DOJ’s move against Starlink terminals at Myanmar scam compounds is more than a headline. It represents a doctrinal shift in how U.S. law enforcement is willing to pursue transnational cybercrime infrastructure — reaching across borders through commercial providers rather than waiting for international cooperation that never comes.
For security professionals advising organizations, particularly those with staff in high-risk demographics for social engineering, this is a good moment to revisit your pig butchering threat briefings. The operations are scaling, the technology is getting smarter, and the money moving out is very, very real.
$400 million recovered is a start. But if you do the math against the billions lost annually, the Strike Force has a long road ahead.