Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Header-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
MTR Legal Rechtsanwälte Logo
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Contact

Legal Lexicon

Wiki»Legal Lexikon»Strafrecht»Cybercrime

Cybercrime

Definition and Distinction of the Term Internet Crime

Internet crime (also known as cybercrime or computer crime) refers to all criminally relevant acts in which the Internet is used as a means, object, or scene of the crime. The range spans from classic fraud offenses and data espionage to serious crimes such as extortion, defamation, or attacks on critical infrastructures. The specific characteristic of Internet crime lies in the use of information technology systems as tools and communication platforms for committing offenses.

The term is not anchored as an independent criminal offense in the German Criminal Code (StGB), but rather encompasses a multitude of specific offenses that have been transferred to the digital world or created specifically for the Internet. Legal literature usually distinguishes between classic offenses with new modes of operation and genuine cybercrime. The former are conventional crimes such as fraud or insult, which are committed with the help of the Internet, while the latter, like hacking, exist exclusively in the digital realm.

Basic Legal Foundations of Internet Crime

Criminal Code (StGB)

The central legal framework for combating Internet crime is the Criminal Code of the Federal Republic of Germany. It contains numerous provisions that have been adapted or newly introduced in response to technological developments. Important relevant provisions include Section 202a StGB (data espionage), Section 263a StGB (computer fraud), as well as Sections 303a and 303b StGB (data alteration and computer sabotage).

Supplementary Laws and Special Provisions

In addition to the StGB, there are special laws that sanction Internet-related offenses. These include, among others:

  • Telecommunications Act (TKG)
  • Telemedia Act (TMG)
  • Copyright Act (UrhG)
  • Network Enforcement Act (NetzDG)
  • Act on Data Protection and Privacy in Telecommunications and Telemedia (TTDSG)

These laws regulate, for example, data protection, the obligations of service providers, as well as sanctions for violations.

International Legal Frameworks

Internet crime is cross-border in nature and therefore requires international cooperation. The central international framework is the Budapest Convention (Convention on Cybercrime), which has been signed by numerous states and sets minimum standards for prosecution, cooperation, and mutual legal assistance.

Typical Forms of Internet Crime

Computer and Data Offenses

  • Espionage and Interception of Data (Sections 202a, 202b StGB): Unauthorized acquisition and interception of data.
  • Data Alteration and Computer Sabotage (Sections 303a, 303b StGB): Unauthorized manipulation, deletion, or impairment of data and IT systems.

Property Offenses

  • Phishing and Identity Theft: Deception of individuals to obtain sensitive data.
  • Computer Fraud (Section 263a StGB): Manipulation of program processes to obtain an unlawful financial advantage.
  • Online Fraud: Fraudulent actions via online sales platforms, fake shops, or social engineering.

Offenses Against Personal Rights

  • Insult and Defamation on the Internet (Sections 185 et seq. StGB): Dissemination of defamatory content via social networks.
  • Cyberbullying and Cyberstalking (Section 238 StGB): Ongoing harassment, stalking, and reputational damage via digital communication channels.
  • Copyright Infringement (Section 106 UrhG): Unauthorized reproduction and distribution of works on the Internet.

Other Offenses

  • Distribution of Child Pornographic Content (Section 184b StGB)
  • Glorification of Violence and Incitement to Hatred (Sections 131, 130 StGB)
  • Violation of Trade Secrets (Sections 17 et seq. UWG / Section 23 GeschGehG)

Prosecution and Evidence Issues in Internet Crime

Investigative Powers of Law Enforcement Agencies

Police and prosecutors depend on extensive technical and legal measures for the investigation of Internet crime. Key investigative tools include:

  • Telecommunications surveillance
  • Online searches
  • Seizure of storage media
  • Forensic analysis of digital traces

However, there are strict legal limits to protect fundamental rights, particularly under the Basic Law (Art. 10 GG – secrecy of telecommunications, Art. 13 GG – inviolability of the home).

Challenges in Prosecution

Internet crime is characterized by anonymity, internationally distributed server structures, and the possibility of disguising traces. Investigation proves to be particularly challenging due to

  • lack of physical proximity to the crime scene,
  • rapid alteration of evidence,
  • and inconsistent legal frameworks in different countries

making investigations especially challenging. Mutual legal assistance treaties and international cooperation are therefore indispensable.

Digital Evidence and Its Preservation

Digital traces are volatile and easily altered. For the preservation of evidence, the general rules of the Code of Criminal Procedure (StPO) apply, particularly regarding searches, seizures, and safeguarding. It must be ensured that the integrity and authenticity of digital evidence are maintained to secure its potential evidentiary value in criminal proceedings.

Prevention and Legal Protection Mechanisms

Statutory Protective Regulations

The legislator has enacted numerous preventive regulations to prevent Internet crime. Providers and platform operators are subject to various obligations, such as data retention, reporting obligations in case of suspicion of criminal offenses, and compliance with technical and organizational measures for IT security (cf. IT Security Act).

Civil Claim System

Victims of Internet crime also have numerous civil law claims, including:

  • Cease-and-desist claim (Section 1004 BGB by analogy)
  • Claim for damages (Sections 823 et seq. BGB)
  • Claim for deletion or correction of personal data (Art. 17 GDPR)

These claims can be asserted in parallel to criminal measures.

The Importance of IT Security Measures

In addition to legal regulations, individual responsibility for IT security is of essential importance. Companies and private individuals are obliged to protect their systems and data using up-to-date technological standards, such as firewalls, encryption, and authentication systems.

Outlook and Development of the Legal Situation

Internet crime continues to evolve rapidly in light of technological progress. The legal situation is in permanent flux in order to effectively respond to current threats and forms of criminal activity. The harmonization of international regulations, the adaptation of national laws, and the expansion of technical investigative powers will shape future legal developments in the coming years.

References

  • Fischer, Strafgesetzbuch und Nebengesetze, current edition
  • Schönke/Schröder, Strafgesetzbuch Commentary
  • Sieber, Computerkriminalität und strafrechtlicher Datenschutz
  • LK-StGB, Commentary on the Criminal Code

This article provides a comprehensive and structured overview of the concept of Internet crime and covers all legal aspects in detail. Ongoing technological advancement continues to require continuous adaptation of the legal framework.

Frequently Asked Questions

How should I proceed if I become a victim of Internet crime?

If you have become a victim of Internet crime, it is legally essential at first to secure evidence. This includes, for example, emails, chat histories, screenshots, payment receipts, or other relevant data. Afterwards, you should immediately report the incident to the police, ideally to a specialized department for cybercrime. Legally, reporting a crime is not only your right, but in certain cases, such as when particularly protected legal interests are involved (such as minors), it is also a civic duty. The police will record your report and initiate investigative proceedings. In serious or complex cases, it may make sense to consult a lawyer specializing in IT law or criminal law to enforce your civil claims, such as damages or injunctive relief. In parallel, you should also contact your bank or payment service provider to stop or reverse any transactions, if possible. It is also advisable to change passwords and activate security measures such as two-factor authentication.

Which statutory provisions regulate Internet crime in Germany?

Internet crime in Germany is primarily regulated by the Criminal Code (StGB), the Telemedia Act (TMG), and further special laws. Central regulations include Sections 202a et seq. StGB (espionage and interception of data), Section 263a StGB (computer fraud), Sections 303a et seq. StGB (data alteration and computer sabotage), and Section 184b StGB (distribution of child or youth pornographic content). In addition, data protection laws such as the GDPR and BDSG apply where personal data are unlawfully processed or spied out. The prosecution of specific offenses is further regulated by the IT Security Act and Section 100g StPO, which govern the storage and disclosure of traffic data. International cooperation is primarily influenced by the Convention on Cybercrime (Budapest Convention) and EU directives.

What options do I have to assert civil claims against the perpetrator?

In addition to criminal prosecution, various civil law claims exist against the perpetrator. These include, above all, a claim for damages under Sections 823 et seq. BGB if the offense has caused financial or immaterial damages. Injunctive claims (Section 1004 BGB by analogy) can also be asserted to prevent further unlawful interference in the future. To assert such claims, legal assistance is generally recommended, as the perpetrator’s address is often unknown and their identity is difficult to determine. These claims can primarily be successfully asserted once the perpetrator’s identity has been established and evidence secured during the course of criminal proceedings. Enforcement of civil law claims, especially against perpetrators abroad, can be challenging and often requires international legal assistance.

Is the operator of a website liable for unlawful acts committed by users?

The liability of a website operator for unlawful acts committed by users is governed by the so-called provider privilege under Sections 7-10 TMG. In principle, providers and website operators are not liable for third-party information as long as they have no positive knowledge of its unlawfulness and, upon gaining knowledge, act without delay (notice-and-takedown procedure). This applies especially to forum operators or social networks. However, a duty to monitor may arise as soon as there are concrete indications of a legal violation. For example, if illegal content is demonstrably not removed despite notification, the operator may bear civil and criminal responsibility. The precise liability depends on the operator’s role (access, host, or content provider) and the individual case.

What role does international cooperation play in the prosecution of Internet crimes?

Since Internet crime operates across borders, international cooperation is of central importance. In Germany, cooperation is based on mutual legal assistance treaties, such as the Budapest Convention (Cybercrime Convention) and the European Investigation Order. These frameworks enable the obtaining of data from foreign providers, questioning of witnesses, or freezing of assets. European institutions such as Europol, the European Cybercrime Centre (EC3), and Interpol support national prosecution through coordination and analysis of incidents. Nonetheless, international law enforcement remains challenging despite existing conventions, as different national legal frameworks and data protection requirements must be observed and can significantly delay investigations.

What evidentiary problems frequently arise in the prosecution of Internet crime?

Numerous evidentiary problems arise in the prosecution of Internet crime in the context of criminal law. One of the greatest challenges is identifying the perpetrator, as anonymization techniques or VPN services are often used. Digital traces (log files, IP addresses, email histories) can be quickly deleted or manipulated. Furthermore, telemedia services in Germany are subject to relatively strict data protection requirements, limiting the long-term storage and disclosure of user information. For court-proof securing and documentation of evidence, specialized IT forensics is often required. Complex questions of the jurisdiction of investigative authorities can also frequently arise when data or perpetrators are located abroad. For admissibility in criminal proceedings, all steps of evidence preservation must be documented and comply with the rule of law.

What reporting obligations do companies have in the event of Internet crime incidents?

Companies are subject to statutory reporting obligations in the event of certain Internet crime incidents. The IT Security Act obliges operators of Critical Infrastructures (KRITIS) to immediately report significant IT security incidents to the Federal Office for Information Security (BSI). Breaches of these reporting duties can result in fines. Furthermore, Articles 33 et seq. of the General Data Protection Regulation (GDPR) require companies to report data breaches that present a risk to the rights and freedoms of affected individuals to the responsible supervisory authority within 72 hours. If those affected are endangered by the data breach, they must also be informed. Internal procedures for fulfilling these obligations should be documented in emergency plans and processes and regularly practiced.

Auf dieser Seite

Further term explanations