In September 2020, the Israeli cybercrime principal Gal Barak, the Wolf of Sofia, was sentenced to 4 years imprisonment in Austria for defrauding Austrian victims with total damage of about 3 million euros. After 11 months of home arrest and 13 months of prison stay in Vienna, his sentence was suspended as of the end of January 2021. In early June 2021, Gal Barak left Vienna was flown out by a private jet to Israel. To date, none of his victims has received any money back. Barak’s lawyers appealed against a German indictment. The case is to be decided by the European Court of Justice. It is a landmark decision in the fight against cybercrime.
The appealed German prosecution
According to his lawyers, a conviction for the acts committed against the remaining tens of thousands of victims throughout Europe with total damage of around 200 million euros (best estimate acc. to the criminal files) is not possible due to the “Right not to be tried or punished twice in criminal proceedings for the same criminal offense also called the “ne bis in idem principle” (Article 50 of the CFR (Charter of Fundamental Rights of the European Union)) applicable in the territory of the European Union. The 1st Criminal Division in Bamberg, Germany has submitted a request for a ruling to the European Court of Justice (ECJ) on June 4, 2021. The pending decision of the ECJ will not only be important in the criminal case of Gal BARAK but plays a decisive role in the entire fight against organized cybercrime in Europe.
On September 1, 2020, at the Court of Vienna, the Israeli citizen Gal BARAK, 33, was sentenced to 4 years of imprisonment by the panel of lay judges presided over by Judge Dr. Christian Böhm for cyber financial crime in the concrete form of serious commercial fraud and money laundering (pursuant to § 147 (3) öStGB and § 165 öSTGB in conjunction with § 28 (1) öStGB). Since Gal BARAK had been convicted in Austria “only” because of the Austrian victims, the German authorities – because of the damage caused to German nationals – applied for an arrest warrant against Gal BARAK for the formation of a criminal organization (§§ 129 para 1, para. 5 sentence 1, sentence 2, 263 para 1, para 3 sentence 2 No. 1, para 5, 25 para 2, 52 of the dStGB) with others (including Marina Barak formerly Andreeva), which was issued on 08.12.2020. A corresponding European arrest warrant was issued subsequently.
After 11 months of home arrest in his Bulgarian apartment and 13 months of detention in the Vienna Prison, the remainder of the sentence imposed on Gal BARAK was suspended on 29.01. 2021, but BARAK was taken into surrender custody by order of the Vienna Regional Court of the same date based on the European Arrest Warrant. Gal BARAK’s appeal against the arrest warrant dated 08.12.2020 was rejected as unfounded by order of the Regional Court of Bamberg dated 08.03.2021. On a further complaint of BARAK`s lawyer, the criminal senate in Bamberg requested a preliminary ruling from the ECJ on 04.06.2021 concerning the application of the “Right not to be tried or punished twice in criminal proceedings for the same criminal offense” according to the European rules (Art. 54 CISA and Art. 50 CFR).
In addition, because the Bulgarian authorities had not given their consent to the transfer of BARAK to Germany (we have our guess, why they did not :)), the Regional Court in Vienna refused to hand over Gal BARAK to the German authorities in a final decision dated May 28, 2021. Immediately afterward, Gal BARAK was flown out to Israel by private jet (it is believed). The whereabouts of Gal BARAK are currently unknown to the authorities.
The 2nd criminal chamber of the regional court Bamberg (2. Strafkammer des Landgerichtes Bamberg) had rejected with the decision of 08.03.2021 the complaints of GAL BARAK against the German arrest warrants as unfounded among other things on the grounds that BARAK had been prosecuted by the Court of Vienna only for the offenses of fraud to the detriment of only Austrian aggrieved persons, whereas BARAK was to be prosecuted in Germany for the offense of fraud against German citizens. The German court argued because of the difference of the aggrieved persons BARAK was not punished for the same offense within the meaning of Art. 54 CISA (Convention implementing the Schengen Agreement) and the Art 50 EuGrCh (Charter of Fundamental Rights of the European Union) (both Articles relate to the “Right not to be tried or punished twice in criminal proceedings for the same criminal offense” resp. the ne bis in idem principle).
The 1st Strafssenat in Bamberg did not follow the 2nd Criminal Chamber and, in contrast, basically assumes that principally the “Right not to be tried or punished twice in criminal proceedings for the same criminal offense” would apply for the BARAK case. However, the 1st Criminal Division has requested a preliminary ruling of the ECJ concerning the interpretation of Art. 55 ( 1) b) CISA regarding the application of the criminal offense of § 129 dStGB in connection with Art. 52 of the European Charter of Fundamental Rights of the European Union with regards Art. 54 CISA and Art. 50 CFR.
The 1st Criminal Division in Bamberg is primarily concerned with the question of whether the “Right not to be tried or punished twice in criminal proceedings for the same criminal offense” also applies to operators of vast criminal organizations like BARAKs as these dangerous criminal organizations are massive threats to the security or other equally essential interests of the German nation resp. the German citizens – since such an exception for “ne bis in idem rule” application for massive threats to the German nation is contained in Article 55 (1) (b) of the CISA (Convention Implementing the Schengen Agreement).
A validity of the exception foreseen in Art. 55 (1) (b) CISA results from Art. 52 (1) CFR, according to which restrictions to the prohibition of the “ne bis in idem rule” are made if they are necessary and correspond to the objectives serving the common good recognized by the Union or to the validated requirements of the protection of the rights and freedoms of others.
Cybercrime in Europe
The number of cybercrime offenses and the extent of the financial losses incurred by cybercriminal attacks has increased massively in recent years – certainly also driven by the pandemic. The individual European countries report double-digit growth rates both in the number of reported cases and in the extent of the damage caused.
Especially the cybertrading fraud cases (investment scams) like the one of Gal BARAK are usually characterized by their large scale, a large number of victims, particularly damaging offenses, supraregional and international connections, and high complexity of the facts.
The mafia-like organized tech-savvy criminal organizations work in a highly professional manner and they commit criminal acts in order to gain power and unlimited financial resources. They spread their activities across several jurisdictions in order to avoid prosecution.
There is still far too little research on the financial and social effects of the increasing scale of cybercrime, but they are certainly immense. Victims who are deprived of their life savings are often traumatized, withdraw from social activities, become depressed, need social treatment and financial support from the state. Old-age poverty, for many of the victims unimaginable before the fraud, become reality with all its accompanying negative effects.
Cybercrime has thus certainly become a massive threat to social security and order in Europe.
So far only insufficiently harmonized law enforcement in European countries is only starting now to understand and to address the cybercrime issue, any cross-border coordination still requires a massive administrative effort and leads to time delays. While cybercriminals communicate and orchestrate their criminal organization via Telegram or Signal, some prosecutors and courts in Germany still insist on a registered letter with an original signature for any communication with victims. Prosecutors in different European countries are investigating the same fraud schemes in an uncoordinated manner resulting in inefficiency and ineffectiveness.
So, leaving currently the European consumers and companies unprotected from the criminals and their unscrupulous raids.
The application of the “ne bis in idem rule” in this context
The transnational “Right not to be tried or punished twice in criminal proceedings for the same criminal offense” rule according to Art. 54 of CISA and Art. 50 CFR is based on the principle of mutual trust in a functioning criminal justice system of the single Member States as well as on the idea that in a single area of freedom, security, and justice, a criminal offense may be punished only once.
In reality, there is evidently currently a massive lack of mutual trust in a functioning criminal justice system of the single Member States due to the obvious imbalance of power between cybercriminals and European law enforcement agencies.
The Criminal Senate in Bamberg argues that Art. 54 CISA is to be interpreted in the sense of Art. 3 (2) TEU, according to which the Union shall offer its citizens an area of freedom, security, and justice without internal frontiers, in which – in conjunction with appropriate measures, inter alia, to prevent and combat crime – the free movement of persons is ensured.
According to Article 52 (1) of the EU Charter, restrictions to rights like the “ne bis in idem principle” may only be imposed (to the extent provided for by law) if they are necessary and genuinely meet objectives of general interest recognized by the Union or the need to protect the rights and freedoms of others.
The Criminal Senate sees such a necessity in the case of criminal organizations such as those of Gal BARAK, since the prosecution of criminal offenses under Section 129 of the Criminal Code serves precisely, as the Senate states, the protection of public peace and security in the Federal Republic of Germany and thus, in any case, the requirements of the protection of the rights and freedoms of others.
We could not agree more with the German approach and can only urge the ECJ to be aware of the wider context of a decision in the BARAK case and to make a very wise decision:
An application of the “ne bis in idem principle” for the BARAK case, a cybercriminal who is responsible for damages of several hundreds of millions of Euros and thousands of injured parties throughout Europe, would finally destroy the already fragile trust of the citizens in Europe in a functioning criminal justice system in the European Union and would for sure be a solicitation to all the cybercriminals out there to even increase their activities in Europe – as punishment – in the rare case that law enforcement succeeds in getting hold of the scammers – turns out to be a joke!
Europe needs an efficient and effective prosecution against cybercriminals!
But even if the ECJ agrees with the criminal senate in Bamberg – which remains to be hoped – still many questions will remain open: what about all the victims in the Netherlands, Sweden, Switzerland, Italy, Australia, and so on can they be included in the criminal proceedings in Germany? If YES, how can this be done? The German courts as well as the German prosecutors lack the administrative possibilities to administer thousands of people. If NO, how to explain to the Danish or the Swedish victims why their prosecutors do nothing and evidently, they do not have the right to get some justice. Or will the decision of the ECJ only be applicable for Germany?
So, what is the further planned approach of the European law enforcement agencies to end the inefficiencies through parallel proceedings against the criminal organizations and at the same time build efficient and powerful law enforcement against cybercriminals?
For sure it does not make sense and is evidently highly inefficiently to do criminal proceedings in each European country – so the European authorities should rush to come up with a solution – I am sure the criminals would have already developed a transnational approach for such an issue – discussed via Telegram and implemented within weeks!
The German Vorlageantrag des OLG Bambergs 1. Strafsenat vom 04.06.2021 AZ: 1 Ws 283/21 is downloadable here on EFRI.