Cybercrime and Protection Under Criminal Law

Protection under criminal law

The Austrian Criminal Code ("ACC") contains various provisions with a strong focus on providing protection against cybercrime:

• Section 118a ACC punishes illegal access to computer systems such as computer hacking and cyberattacks with the intention to use the received data to damage the victim.
• Sections 119 and 119a ACC cover the interception of confidential data or messages by technical means under certain conditions. These provisions are highly relevant when spy-software is used.
• Section 126a ACC punishes data corruption, e.g. modifying or deleting data.
• Section 126b ACC punishes the disruption of IT systems, e.g. by Denial-of-Service-attacks or computer viruses.
• Section 126c ACC punishes the abuse of computer programs including the possession or the creation of trojans or malware under certain conditions.
• Section 146 et seq. ACC covers fraud, including online fraud and fraudulent data manipulation.

Advantages of criminal proceedings

Companies affected by cyberattacks are well-advised to assess possible actions under criminal law and to decide whether and how to approach the authorities in due time, especially since criminal proceedings provide the following advantages (in particular compared to civil law proceedings):

1. The company can participate in the criminal proceeding as a "private party" to request compensation for the damages caused by the perpetrator without any court fees (as would be the case in civil law proceedings).
2. Public prosecutors and courts may apply investigative measures which are not available to the company itself, such as house searches or requesting information on IP addresses from communication service providers.
3. The public prosecutor is generally in charge of investigations and must clarify the facts and gather evidence.
4. Criminal proceedings may be a good starting point for further civil law actions, in particular with a view to evidence gathered by the authorities in preliminary criminal proceedings.

Criminal proceedings are therefore a good and very economical way to limit damages and to clarify the facts in case of cyberattacks. However, it is crucial to react quickly in such a situation to increase the possibility of success of the criminal investigations.

How to start criminal proceedings

Criminal proceedings are generally initiated and conducted by the public prosecutor. Therefore, victims (in most cases via their lawyer) would in practice file a statement of facts (Sachverhaltsdarstellung) with the public prosecutors' office to encourage the competent prosecutor to start investigations. It is crucial that such a statement includes strong evidence, as the initiation of criminal proceedings requires sufficient initial suspicion (Anfangsverdacht), which is the case if there is concrete evidence that an offence has been committed. A mere suspicion or vague indications are not sufficient. Moreover, it is often important to address certain specific legal aspects, as "virtual offences" (e.g. fraud via the internet) raise various questions regarding international jurisdiction.

Some of the relevant offences at hand are also of a specific legal nature as they are subject to private charges. This means that the victim has to investigate the case, provide evidence and file a criminal charge with the court. Although evidence-protection measures may be requested from the court in that case too, professional legal advice is indispensable.

Should you have further questions about this topic, please do not hesitate to contact us.