Thursday, December 26, 2024

Vienna Cybercrime Trials – The Political Implications of this landmark Court Case for the EU

Spread financial intelligence

The Vienna Cybercrime Trials against Gal Barak, the alleged Israeli principal of the cybercrime organization around E&G Bulgaria have a political dimension in several respects. Let us start with the light political dimension on Facebook. There we could not promote the last post about the Vienna Cybercrime Trials, because the article mentioned Barak’s many political contacts. Therefore, perhaps also against the background of the current political turmoil in Bulgaria, Facebook classified the article as political election advertising and rejected the application. That’s the more funny side of this case.

Call for EU Jurisdiction and Law Enforcement

On the one hand, it is the first major trial against the Israel-based cybercrime around binary options and scam brokers. The Israeli Gal Barak together with his Bulgarian wife Marina Barak (previously Marina Andreeva) and his Israeli team of co-conspirators with Kfir Levy, Jesse Tally, Amit Hulin, Chen Ganon, Maor Sioni, or Itzik Gellet have attacked small investors and consumers in the EU from their Bulgarian headquarters in the years between 2016 and 2019.

To this end, they operated illegal boiler rooms (call centers) in Serbia, Bosnia-Herzegovina, Kosovo, Macedonia, Ukraine, and Georgia. Cybercrime organizations like E&G Bulgaria are active across all jurisdictions and regulatory regimes and pose a challenge to national law enforcement agencies.

In its anatomy, E&G Bulgaria was comparable to other cybercrime organizations. It was run by Israelis (i.e. non-EU citizens) with headquarters and shell companies in the EU but boiler rooms outside the EU. As non-EU citizens, attackers like Gal Barak are more difficult for law enforcement to apprehend. No EU state feels responsible and Israel is unfortunately known for protecting its cybercriminals.

No Single Market without Central Enforcement Agencies

The idea of a single EU market is great but without central EU authorities to supervise these markets a great idea becomes a disaster. A misconstruction which in times of cybercrime has fatal consequences for EU citizens and companies. UK has solved this problem with BREXIT. But not the other EU countries.

Unfortunately, there are currently no central EU authorities for the prosecution of cybercrime or the regulation and monitoring of market participants in the EU. Europol is at best a coordinator between the law enforcement agencies of the various EU members. The same applies to ESMA, which as an EU regulator has a kind of directive competence but no EU powers like the US SEC.


The EU authorities do not have direct enforcement competence because the relevant laws and powers are lacking. The United States has the SEC and the FBI and in addition to the national authorities. The EU has only national enforcement authorities that have to coordinate themselves for enforcement actions. These shortcomings give cybercriminals a huge advantage and make EU consumers easy targets for cybercriminals and scammers. Politicians are called upon to remedy this grievance.

Multiple Cases in EU Jurisdictions

At present, the fight against cybercrime that operates without borders is complicated. Should Barak be convicted at the Vienna Cybercrime Trials, it will have massive consequences for him personally as well as for his co-conspirators, facilitators, and accomplices:

  • Barak will probably be accused in other EU countries upon his conviction and will then go through various EU jurisdictions over the next years.
  • Barak’s accomplices and facilitators will also be charged in Vienna and then in other jurisdictions.
  • Civil actions brought by victims are scattered across the courts of different EU jurisdictions.
  • In the event of a conviction in Vienna, Barak will probably be appealed against the verdict, and in the event of an acquittal, the public prosecutor’s office. A final decision will probably not be available before the end of 2021. The related civil and criminal proceedings in Vienna and the EU are therefore unlikely to be completed before the end of 2025. That is far too long in the interests of the victims.
  • It will be a long and arduous journey until the victims of all jurisdictions get their satisfaction. At least in the form of trials. Whether they will ever get their money back is not clear at this point. Barak may pay millions to his defenders. He claims to have no money.

For the future development of the EU and the single market approach, the implementation of central enforcement agencies is a conditio sine qua non. The Barak case will prove this statement. It needs a federal EU court with jurisdiction over EU-wide cybercrime cases. And we need EU regulators and enforcement authorities as efficient watchdogs over the sanity and security of the single market.

Only with strong and efficient EU authorities and their ability and willingness to act, the necessary legal certainty in the fight against cybercrime will be provided. In this respect, the Vienna Cybercrime Trials are of great importance not only for the current victims of Barak, but also for future victims of future cybercrime attacks and scams. It sends a signal to perpetrators, politicians, and consumers.