FG Nürnberg Confirms Taxability Despite Virtual Execution: In its judgment of January 22, 2025 (Case No. 3 K 760/22), the Fiscal Court (Finanzgericht, FG) of Nuremberg issued a landmark ruling on the taxation of gains from cryptocurrency transactions. The court not only confirmed the general tax liability of such private sales under § 23(1) sentence 1 no. 2 of the German Income Tax Act (EStG), but also addressed in detail a range of arguments raised by the taxpayer—concerning the lack of economic substance of tokens, the purely virtual nature of transactions, and alleged enforcement deficiencies by tax authorities.
As our world becomes increasingly digitized, digital evidence has emerged as a key component in legal proceedings, especially in Germany. Whether it’s chat logs, data stored on smartphones, or forensic copies of hard drives, courts must determine not only the truth contained in digital artifacts but also whether they were obtained and handled in a legally sound manner. This article offers a structured overview of how digital evidence is treated in German criminal and civil procedures, highlighting key legal challenges and principles.
Encrypted Evidence and Constitutional Boundaries: Over the past several years, German criminal courts have been confronted with an influx of evidence originating from encrypted communications services—so-called “Kryptomessenger” platforms—such as EncroChat, SkyECC, and, more recently, Anom. These platforms, marketed as secure communication tools, often served the criminal underworld as havens for logistical coordination, trafficking, and financial transactions.
Once considered virtually impenetrable, they were ultimately infiltrated by international law enforcement operations. This development has sparked a cascade of legal proceedings in Germany, bringing to the surface one of the most delicate tensions in modern criminal procedure: the admissibility of foreign-sourced, technologically complex digital evidence in a system constrained by strict constitutional norms.
A New Era of Cybercrime Governance: In the early days of the internet, international criminal law lag far behind the technological realities of transnational cybercrime. The adoption of the Budapest Convention on Cybercrime in 2001 marked a watershed moment. For the first time, states committed to a common framework for criminalizing core forms of cybercrime, harmonizing procedural tools, and facilitating international cooperation. But this Eurocentric model, while groundbreaking, has become a geopolitical fault line. In 2024, after years of behind-the-scenes negotiation, the United Nations adopted its own global cybercrime treaty—promising inclusivity and updated standards, but raising deep concerns about surveillance, human rights, and the rise of authoritarian cyber-sovereignty.
The Resurgence of Espionage as a Business Risk: Economic espionage has returned—not as a relic of Cold War intrigue, but as a dominant, digitally enabled force in the contemporary global economy. What once occurred through shadows and surreptitious briefcases now unfolds across networks, supply chains, cloud infrastructures, and human behavior. With over 80% of companies in Germany alone reporting incidents of data theft, sabotage, or espionage in the past year, what we are witnessing is not a security crisis but a structural shift in the nature of competition.
North Korea is one of the main perpetrators of the growing threat to cyber security. At least since the attack on Sony Pictures in 2014, the country has been perceived as a major cyber player on the international stage. Since then, Pyongyang has used its hacking skills to circumvent international sanctions and steal funds.
Pyongyang was able to use the captured funds to finance the development of its nuclear and missile program. North Korea also uses cyber operations for (digital) espionage. The targets are wide-ranging: they are directed against universities, human rights organizations and media companies, create discontent or distrust through election fraud and attack critical national infrastructures. The increasing importance of North Korea in the area of cybercrime and cybersecurity is also the reason why we maintain a separate blog post on the topic here.
As an example, a study by Recorded Future’s Insikt Group paints an alarming picture of North Korean cybercrime. These activities, which have increased since 2017, target the cryptocurrency industry and have enabled North Korea to steal an estimated 3 billion dollars in cryptocurrencies.
In recent years, Iran has significantly expanded its cyber capabilities and is using them aggressively against Western states. These measures include a variety of attacks ranging from data theft to destructive cyberattacks. Iran’s cyber strategy reflects the country’s overall asymmetric warfare and demonstrates how Tehran uses its limited resources to achieve significant impact.
As digitalization progresses, the landscape of international security has changed considerably. The activities of state-supported hacker groups in particular are increasingly becoming the focus of global attention. One of these groups, which has become particularly prominent in recent years, operates from China.
These hackers, often directly or indirectly linked to the Chinese government, are known for their efforts to gain technological and economic advantages through cyber attacks. In this blog post, I will address the topic in a casual style.
Russian hacker groups are known worldwide for their sophisticated and far-reaching cyberattacks. These groups are often associated with state support and pursue a variety of objectives, including political manipulation, espionage, economic sabotage and disinformation. Their activities have a significant impact on global cyber security and pose a serious threat to state and private organizations.
The Russian hacker ecosystem is a complex and diverse network of actors, platforms and methods that is used for both financially motivated and state-sponsored cyber attacks. The close links between criminal actors and government agencies make this ecosystem particularly dangerous and difficult to combat. An effective defense against these threats requires a deep understanding of the structures and motivations within this ecosystem as well as international cooperation and robust cybersecurity measures.
In the age of digital infrastructures, Distributed Denial of Service (DDoS) attacks and the use of botnets have become emblematic of modern cybercrime. While these acts are often discussed in technical or operational terms, their legal dimension—particularly under German criminal law—is both sophisticated and rigorous. This article provides a detailed legal analysis of DDoS attacks and botnets, grounded in German jurisprudence and supported by insights derived from current case law and cybercrime reports.