Blessed with natural beauty, Sri Lanka draws tourists from across the world. Now it is attracting a different kind of visitor entirely
Cybercriminal networks rarely shut down when the pressure mounts. Instead, they tend to migrate, seeking out new territories with weaker regulation and less oversight. Evidence increasingly suggests Sri Lanka may be their latest go-to destination.
A recent surge in police raids on suspected cyber scam centres in and around the capital of Colombo has intensified concerns that the island nation is becoming a new haven for transnational fraud.
Shan Wijethunga, a senior official at Sri Lanka’s Computer Emergency Response Team (CERT), says the “significant surge in apprehending various nationals,” alongside large quantities of computers, mobile phones and tablets seized across the country, “is a cause for serious concern”.
He attributes the trend to Sri Lanka’s rapid digital expansion and its relatively open visa regime, which he says has attracted foreigners to enter the country under the guise of tourism. “Vulnerability is there due to a lack of knowledge and awareness,” he explains. “We conduct workshops but it involves high costs […] This goes to show we are slow in digital progress [on cybercrime].”
“Vulnerability is there due to a lack of knowledge and awareness”
More than 1,000 foreign nationals have been arrested in the past five months. The majority are Chinese citizens aged between 22 and 43, with others from Myanmar, Vietnam, Malaysia, Madagascar, the Philippines, Thailand, Cambodia and India.
Investigations have revealed that many operated in groups from rented apartments and buildings. At least 50 of those recently arrested had previously been detained and deported. Sri Lankan police have now warned local landlords against providing accommodation to foreign nationals who have overstayed visas or violated immigration laws.
The crackdown follows reports that relaxed immigration regulations introduced in September 2024 to boost tourism have inadvertently attracted cybercriminal syndicates to Sri Lanka’s shores. Under the new regime, free visas were offered to tourists from seven countries including China, India and Malaysia. The scheme has since been extended to 40 countries, including the UK. China is now among the top-five largest providers of tourists for Sri Lanka, alongside neighbouring India and the UK.
Industrial-scale scam centre operations across Myanmar, Cambodia, Thailand, Vietnam and Laos have faced mounting international pressure and domestic crackdowns in recent years. Bilateral and multilateral cooperation – particularly with the US – has proven key to disrupting those networks. The FBI received more than 80,000 complaints relating to cyberscams in 2025 alone, with losses from them reportedly exceeding $2.9bn.
Yet despite the Sri Lanka arrests, a second CERT official, speaking on the condition of anonymity, says there has been “no actual crackdown” on cyber centres. “They have all been arrested for violating their visa regulations or overstaying,” he says. “None of them have been prosecuted for cyber crimes.”
That apparent reluctance to act more decisively may not be coincidental. Chinese investment and influence in Sri Lanka deepened significantly during and after the country’s brutal civil war, which ended in 2009.
Beijing provided military support during the conflict, including fighter jets, weapons and sophisticated radar systems. China subsequently expanded its strategic and economic presence in the country, securing a 99-year lease on the Southern Hambanota port project and investing heavily in infrastructure, including the Colombo Port City development. Thousands of Chinese nationals currently work on Chinese-funded projects across the country.
“It appears that the government does not want to hurt the sentiments of Chinese investors and diplomats by taking action against these arrested cybercriminals or exposing their illegal activities,” says Sulochana Mohan, deputy editor of the Colombo-based Ceylon Today newspaper.
“The government does not want to hurt the sentiments of Chinese investors and diplomats by taking action against these arrested cybercriminals”
In a statement issued in March, the Chinese embassy in Sri Lanka said it was closely monitoring the arrests and providing “full support to Sri Lankan law enforcement agencies in resolutely cracking down on suspects while protecting their legitimate rights and interests in accordance with the law”.
Balendra Elangco, a UK-based cybersecurity adviser, says Sri Lanka’s authorities must “work very closely” with international partners, including the US, UK and Europe, on intelligence sharing and identifying the full scope of operations. He said the US and UK working in collaboration had already bore fruit, stopping a significant number of cyberattacks and scammers in their tracks.
He also suggests Sri Lanka’s national telecoms provider could monitor activity in identified hotspots, and that seeking assistance from Singapore, which has advanced cyber capabilities, “could help Sri Lanka detect and counter threats similar to those seen in Cambodia, Thailand and Vietnam”.
The question now is not whether cybercrime is happening, but how quickly Sri Lanka and its international partners can respond. Early detection, financial tracking and regional cooperation may yet prevent the country from becoming the next criminal hub. If history is any guide, the window to act is narrow.
Featured image: Sri Lankan prison guards escort suspected cyber scam centre operatives to a Magistrate. Credit: Ishara Kodikara
