Skip to content
A
Alonso Sala
CRIMINAL LAWYERS
ES

Specialist Cybercrime Attorneys in Spain

English-speaking cybercrime defense attorneys across Spain. Hacking, phishing, ransomware, DDoS. IP attribution challenges & chain of custody audits.

call91 078 65 74

Last updated:

Cybercrime: Concept, Types, Penalties and Digital Defense (Arts. 197-264 ter CP)

Cybercrime covers the set of offenses committed through information and communication technologies, regulated dispersedly in the Spanish Criminal Code: discovery and disclosure of secrets (Arts. 197-201 CP), illicit access to computer systems (Art. 197 bis), computer damage and system obstruction (Arts. 264-264 ter), computer fraud (Art. 249.1.a CP), banking fraud and phishing, digital identity theft (Art. 401 CP), threats and harassment by digital means (Arts. 169-172 ter), child pornography (Art. 189 CP) and grooming (Art. 183). Supreme Court doctrine has consolidated criteria on electronic evidence, digital chain of custody, validity of forensic dumps and constitutional limitations on technological interventions. The protected legal interest is plural: privacy, secrecy of communications, integrity of computer systems, patrimony and collective security.

The commission modalities have proliferated at the pace of technology. Hacking covers unauthorized access to systems by breaching security measures, creation or distribution of exploits and introduction of backdoors. Phishing and its variants (spear-phishing, smishing, vishing, spoofing, CEO fraud) constitute technical fraud combined with social engineering, where "banking mules" are frequently accused as necessary cooperators. Ransomware and DDoS attacks are computer damage crimes that can affect critical infrastructure. Cryptocurrency fraud (rug pulls, fraudulent ICOs, crypto Ponzi schemes, mixing) requires specialized blockchain traceability. Paradigmatic current cases are SIM swapping, voice-cloning deepfakes, AI-driven digital cloning, labor intrusions (corporate espionage Art. 278 CP) and attacks on financial, health and energy sector infrastructure.

The statutory penalties are severe and modulated by type and aggravators. Illicit access to systems (Art. 197 bis CP) carries 6 months to 2 years' prison; aggravated, up to 5 years if it affects critical infrastructure or is executed in an organization. Disclosure of secrets (Art. 197 CP) carries 1 to 4 years' prison in its basic form; aggravated, up to 7 years if data is sensitive, if the victim is a minor or if dissemination occurs. Computer damage (Art. 264 CP) carries 6 months to 3 years' prison; aggravated (Art. 264 bis), 2 to 5 years; when critical infrastructure is attacked (Art. 264 ter), up to 6 years. Computer fraud carries 6 months to 6 years' prison. Identity theft (Art. 401 CP), 6 months to 3 years' prison. Grooming and child pornography offenses carry penalties of 1 to 9 years. Additionally, habitual are disqualifications from technological professions, forfeiture of equipment and servers and civil compensation for patrimonial and reputational damage.

The technical defense rests on four consolidated axes. First, IP attribution challenge: case-law recalls that an IP address identifies a connection, not necessarily the user behind the keyboard; shared WiFi networks, dynamic IPs, VPN/Tor use and device malware sow reasonable doubt. Second, digital chain of custody: forensic dump must be performed with hash function (SHA-256, MD5) certifying integrity under ISO 27037 standard; any breach leads to evidentiary nullity (Art. 11 LOPJ). Third, absence of intent: in the "banking mule" deception must be proven (false job offer, fraudulent loan) that excludes criminal will; in cases of involuntary file download (cache, Telegram groups, unopened ZIP) knowledge must be excluded. Fourth, nullity of technological interventions: police use of trojans (Art. 588 septies LECrim), IMSI-catcher interventions, remote searches and requests to Facebook, Google or Microsoft require reasoned and proportionate judicial authorization; excesses open the door to evidence inadmissibility.

In current forensic practice we observe exponential growth of cybercrime. The Budapest Convention (Council of Europe Cybercrime Convention 2001 and its Second Additional Protocol 2022), the NIS2 Directive on cybersecurity, the EU AI Act (Regulation 2024/1689), the MiCA Regulation on crypto-assets, Organic Law 1/2025 on Justice Service Efficiency and Supreme Court case-law on electronic evidence configure a rapidly evolving regulatory framework. The UDEF, the Technology Investigation Brigade (BIT) and the Civil Guard's telematic crime teams have advanced forensic capabilities. At Alonso Sala, with more than 15 years of experience, we approach each case coordinating certified computer experts (CDFE, GCFE, EnCE), blockchain and crypto traceability experts, chain-of-custody specialists and, where necessary, AI and deepfake experts. We connect with disclosure-of-secrets crimes and data-protection compliance when GDPR/LOPDGDD violation concurs.

Our Cyber-Defense Strategies

router

IP Attribution

IP is not an ID. We challenge the automatic connection judges make between "Line Holder" and "Crime Author". We demonstrate third-party access possibilities (open WIFI, malware, shared use) to sow reasonable doubt.

fingerprint

Hash Integrity

Pure technique. If the "Hash" (cryptographic digest) of the police file does not match exactly the seized original, it means it has been altered. We verify radical NULLITY of poorly guarded digital evidence.

person_pin

"Mule" Defense

For those accused of receiving fraudulent transfers (Phishing). We prove they were victims of deceit ("social engineering") and acted without intent, believing they were doing a lawful job. We turn the accused into a victim.

gavel

WhatsApp Challenge

Screenshots are worthless. If the accusation relies on screenshots, we systematically challenge them demanding metadata or the original device. Without the original "log" file, evidence fails.

ART. 197 BIS Hacking & Computer Intrusion

The Criminal Code harshly punishes "unauthorized access" to information systems by breaching security measures. It is the "Hacker's" crime.

Access

Entering is enough. No need to steal data. Merely bypassing the password is a crime

Facilitation

Beware: creating or distributing hacking programs (exploits, keyloggers) is also a crime

Companies

If a company is hacked, the penalty skyrockets. Legally, the legal entity's "privacy" is protected

ART. 248 CP Online Fraud: Phishing & Spoofing

Cyber fraud is the fastest-growing crime. From "Phishing" (impersonating a bank via email) to "Spoofing" (faking caller ID or SMS to appear legitimate). We defend victims who lost their savings demanding bank civil liability, and accused "money mules" who acted without intent.

Read more about Phishing arrow_forward

ART. 172 TER Cyberstalking & Privacy

Harassment through social media, WhatsApp, or fake profiles ("Catfishing") severely alters victims' lives. We secure digital evidence through notarial acts and technological certifiers. We also address crimes against privacy, such as "Sexting" or unauthorized access to devices.

Digital Typologies

terminal

Hacking & Intrusion (Art. 197 bis)

Defense against authorized access accusations, password breaches, and 'Backdoor' systems.

Technical Analysis arrow_forward
phishing

Phishing & Online Fraud

Defense of banking 'mules', spoofing, CEO fraud, and computer manipulation (Art. 248).

Technical Analysis arrow_forward
lock_clock

Ransomware & Sabotage

Corporate data hijacking, malicious encryption, and computer damage crimes (Art. 264).

Technical Analysis arrow_forward
visibility_off

Secrets Disclosure

Digital espionage, communications interception, sexting, and discovery of confidential data.

Technical Analysis arrow_forward
sim_card

SIM Swapping & Carding

Fraudulent SIM duplicates, account draining and card fraud. PSD2 bank claims.

Technical Analysis arrow_forward
smart_toy

Deepfakes & AI Crimes

Deepfakes, voice cloning, AI CEO fraud and EU AI Act compliance.

Technical Analysis arrow_forward
person_alert

Online Identity Theft

Fake profiles, catfishing, digital identity usurpation and account theft (Art. 401 CP).

Technical Analysis arrow_forward
currency_bitcoin

Cryptocurrency Fraud

Fake ICOs, rug pulls, crypto Ponzi schemes and Bitcoin laundering. Blockchain traceability.

Technical Analysis arrow_forward
shield

Why Alonso Sala in Cybercrime?

Because we do not delegate the technical part. Our lawyers work side by side with computer engineering experts. In court, citing laws is not enough; you have to know how to explain to the Judge what a VPN, a Hash, or a Man-in-the-Middle attack is.

We have been defending both ethical 'hackers' unjustly accused and companies victims of sabotage for years. We know both sides of the digital trench.

  • check Certified Computer Experts Network.
  • check Digital Chain of Custody Specialists.
  • check Experience in crypto scams and blockchain.
  • check Technical defense in National Court.

Cybercrime in Spain: Hacking, Phishing & Digital Fraud — Defence Guide

Cybercrime encompasses illegal access to computer systems (Art. 197 bis CP), computer damage and ransomware (Art. 264 CP), phishing and digital fraud (Art. 249.1.a CP), and the production or distribution of hacking tools (Art. 197 ter). Spain's prosecution of cybercrime has intensified dramatically, with specialised units in the National Police (BIT) and Guardia Civil (GDT) leading investigations. Defence requires a unique combination of criminal law expertise and advanced technical knowledge.

Penalty Table: Cybercrime

OffenceArticleDescriptionPenalty
Illegal access to systemsArt. 197 bisUnauthorised access breaching security measures6 months – 2 years
Interception of dataArt. 197 bis.2Intercepting non-public data transmissions3 months – 2 years
Production/supply of hacking toolsArt. 197 terCreating or distributing tools designed for cybercrime6 months – 2 years
Computer damage (basic)Art. 264.1Deleting, damaging or making data inaccessible6 months – 3 years
Aggravated damage (critical infrastructure)Art. 264.2Affecting essential services or critical infrastructure2 – 5 years prison
Cyber fraud (phishing)Art. 249.1.aIT manipulation to obtain unlawful transfer of assets6 months – 3 years

Key Defence Strategies

IP Attribution Challenge

An IP address does not identify a person. Shared Wi-Fi networks, VPNs, Tor exit nodes and NAT configurations mean multiple users may share one IP. The prosecution must prove the accused was the actual user at the relevant time.

Chain of Digital Custody

Digital evidence is extremely fragile. If the police failed to image the hard drive with a write-blocker, if hash values don't match, or if evidence was handled improperly, the defence can seek exclusion of the entire digital evidence chain.

Authorised Security Testing

Ethical hacking and penetration testing carried out with the system owner's authorisation is legal. If the defendant had a written engagement contract, bug bounty agreement or responsible disclosure policy, there is no criminal offence.

Lack of 'Breaching Security Measures'

Art. 197 bis requires that security measures were breached. If the system had no password, no firewall, or the access point was public, the element of 'breaching security' may be absent, negating the offence.

Key Case Law

Doctrina TSElements of illegal access (Art. 197 bis)

The Supreme Court confirmed that 'access' requires effectively entering the system, not merely attempting it. The prosecution must prove: (1) access occurred, (2) it was unauthorised, and (3) security measures were breached. Port scanning alone does not constitute the offence.

Doctrina TSRansomware as combined offence

The Court ruled that ransomware attacks may constitute a concurrent offence of computer damage (Art. 264) and extortion (Art. 243 CP). The encryption of data satisfies the 'damage' element even if data is technically recoverable upon payment.

Doctrina TSPhishing and the 'money mule' defence

In phishing operations, the Court distinguished between the organiser and the 'money mule' (account holder). The mule's liability depends on proof of knowledge that the funds were illicit. Wilful blindness may suffice, but mere negligence does not.

quiz

FAQs

Is an IP address enough to convict me? expand_more
Absolutely NOT. The Supreme Court has reiterated that an IP identifies a phone line, not the physical person behind the keyboard. If it's a dynamic IP or shared Wi-Fi, reasonable doubt is huge. Our defense demands additional authorship proof (hard drive analysis, schedules, witnesses).
What if police seize my laptop? expand_more
Crucial rule: never provide the password voluntarily (no one is obliged to self-incriminate). Contact Alonso Sala immediately. We must verify if the hard drive dump respected the 'hash' (integrity code) and chain of custody. If the seal is broken, evidence is void.
Am I liable if I only received money and forwarded it ('Mule')? expand_more
This is the 'Money Mule' figure. Police often accuse mules as necessary collaborators in fraud or laundry. Our defense proves absence of intent: you were deceived (fake job offer) and believed to act legitimately. No criminal intent, no crime.
Is spying on my partner's WhatsApp a crime? expand_more
Yes, and serious. Discovery and revelation of secrets (Art. 197), punished with 1-4 years prison. Even if nothing is shared, mere unauthorized access violates constitutional privacy.
What is 'computer damage' crime? expand_more
Deleting files, formatting drives, or introducing viruses (sabotage). If damage is severe or affects essential services, prison can reach 5 years.
What if servers are abroad? expand_more
Police use international letters rogatory to ask Facebook, Google, etc. If the Spanish court order doesn't meet destination country requirements (e.g., USA, Ireland), that info can be voided as evidence.
Is using VPN or Tor a crime? expand_more
No, anonymization tools are perfectly legal. Only criminal if used to commit offenses. Merely using Tor cannot be used as an indication of criminality.
What is CEO fraud? expand_more
Sophisticated scam impersonating a CEO to ask for urgent transfer. If you are the deceived accountant, you are a victim. If accused, we prove if real identity theft occurred.
Can I be tracked if I deleted everything? expand_more
'Logical deletion' doesn't physically remove data. Forensic experts recover files months later. Definitive removal needs 'secure wipe'. Still, ISP logs are kept by law for 12 months.
What is 'Grooming'? expand_more
Cyber-harassment of minors for sexual purposes. An adult gains minor's trust online to get images or meetings. Highly prosecuted, carries high penalties and lifetime ban on working with kids.
Is downloading pirated movies a crime? expand_more
In Spain, private download without profit is NOT a criminal offense (maybe civil). Only criminal if there is direct commercial profit (selling copies) or running an ad-supported link site.
Can they record me with a trojan (cam/mic)? expand_more
Police CAN use spy software (trojans) for serious crimes, but only with very specific judicial authorization. If they exceed or lack permission, recordings are void.
What is a DDoS attack? expand_more
Denial of Service. Saturating a web to crash it. It's a computer damage crime. Often committed via 'botnets' (zombie computer networks).
Company liability if hacked? expand_more
If no adequate security, GDPR fines apply, but rarely criminal unless intentional self-leak.
What is 'Sim Swapping'? expand_more
Duplicating victim's SIM to get bank SMS and empty account. Mixed scam: technical + social engineering against telco.
How to defend child porn (download) case? expand_more
We analyze if download was automatic (browser cache, pop-ups, WhatsApp groups). Intent requires 'knowing and wanting' the file. Involuntary download is not a crime.
Are screenshots valid proof? expand_more
Alone, NO. Easily faked. Supreme Court requires expert report authenticate metadata and chain of custody, or notarial act.
What is crypto scam? expand_more
Fake investment promises. Issue is tracing money on Blockchain to an Exchange identifying the holder. We work with crypto-traceability experts.
When does cybercrime expire? expand_more
Depends on penalty. Minor (scams <400€) 1 year. Serious (attacks, secrets) 5-10 years. Internet doesn't forget, but law sets time limits.
What is 'Catfishing' or online identity theft? expand_more
Creating fake social media profiles impersonating someone else. Can be identity theft crime (Art. 401 CP) or fraud if used to deceive and get money or favors. Key is proving economic or moral damage.

Cybercrime and Digital Impersonation Defense

Cybercrimes are the fastest-growing criminal category. Defense requires technical mastery of digital evidence and case law on the validity of evidence obtained from private systems.

Cybercrime Modalities

Specialized defense in each type of cybercrime and computer crime:

Phishing & computer fraudHacking & illegal access (Art. 197 bis CP)Online identity theftCrypto fraud & scams

Looking for a Technological Criminal Law (Cybercrime) Lawyer in Spain?

We offer specialized criminal defense in courts across Madrid and the rest of Spain. We handle each Technological Criminal Law (Cybercrime) case with the urgency and technical rigor it requires from day one.

We also serve

MadridAlicanteMarbellaSevilleMálagaBilbaoZaragoza
View all locations →

Do you need specialised legal assistance?

The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.

Contact Alonso Sala
Call: +34 91 078 65 74
call