Explanation of Cybercrime and Evidence in North Macedonia 

by

Ilir Iseni

CyJurII Advisor

on 11 November 2025

A. Cybercrime refers to any criminal activity that either targets or uses a computer, a computer network, or a networked device for its commission. It is fundamentally categorized into two types: 

1) cyber-dependent crimes, which can only be committed using digital technology (e.g., hacking, creating and spreading malware, or Distributed Denial-of-Service (DDoS) attacks), and 

2) cyber-enabled crimes, which are traditional offenses enhanced in scale and reach by the internet (e.g., online fraud, phishing, identity theft, or child exploitation). 

The transnational, decentralized nature of cybercrime, coupled with the potential anonymity it offers perpetrators, distinguishes it from conventional crime and presents significant jurisdictional and investigative challenges for law enforcement worldwide.

B. Digital Evidence is any data or artifact stored or transmitted in binary form that has probative value in a legal proceeding. This includes, but is not limited to, system logs, email metadata, document timestamps, hard drive images, and communication records. Because digital evidence is uniquely volatile—easily altered, deleted, or corrupted—its legal admissibility relies on strictly adhering to the principles of digital forensics. This means maintaining an unbroken chain of custody and demonstrating the data’s integrity (that it has not been modified since collection) and authenticity (that it is what it claims to be) through specialized collection, preservation, and analysis techniques. 

Comparison of Major Legal Frameworks

The three legal frameworks – GDPR (European Union), IT Act (India), and CFAA (USA)- represent different strategic approaches to regulating the digital space, focusing respectively on privacy, e-commerce/general cybercrime, and criminal access. The three laws reflect distinct legislative priorities. The GDPR is a robust, civil/administrative regulation centered on Privacy, granting data owners extensive rights over their personal data. Its cybercrime approach is indirect, mandating strict security and breach reporting to protect those rights. It features mandated recognition of digital evidence. In contrast, India's IT Act, 2000, is a broad, multi-faceted Act covering e-commerce and comprehensive cybercrime. It takes a direct approach to cybercrime, balancing the promotion of digital transactions with penalties for digital offenses, and features legislated recognition of digital evidence. 

The CFAA in the USA is a narrow, criminal federal act focused on unauthorized access to protected computers, prioritizing system Security. Its cybercrime approach is narrow/access-based, primarily criminalizing "hacking" and unauthorized data use, with digital evidence relying on procedural recognition. The core contrast highlights GDPR's focus on individuals versus the CFAA's emphasis on the computer system's integrity.

Analysis of Three Cybercrime Cases in the Republic of North Macedonia

Cybercrime in the Republic of North Macedonia is primarily regulated under the Criminal Code (In the Macedonian language: Кривичен законик) . The country's ratification of the Council of Europe's Budapest Convention on Cybercrime  Provides the framework for classifying and investigating digital offenses. 

1. Cyber Attacks on State Institutions and Critical Infrastructure (DDoS and Ransomware)

Type of Crime: Attack on computer systems and data (often DDoS or Ransomware).

Characteristics and Analysis:

• Examples: Cases of DDoS (Distributed Denial of Service) attacks on institutional websites (e.g., during elections or the census, as happened in July 2020) and Ransomware attacks (data encryption with a ransom demand) on government systems, such as the attack on the electronic system of the Ministry of Agriculture, Forestry, and Water Economy in September 2022.

• Modus Operandi: Attackers use malicious software (ransomware) to lock the institution's systems and data, or they flood the servers with traffic (DDoS) to disable their operation. The motive is often political or financial (ransom).

• Impact: Direct disruption of institutional work, disabling electronic services for citizens, and potential loss or compromise of sensitive data. These attacks also undermine public trust in state systems.

• Legal Framework: These acts primarily fall under the criminal offenses in Chapter XXIII of the Criminal Code (e.g., Damage and unauthorized entry into a computer system).

2. Scams via Electronic Communication (Phishing and Business Email Compromise - BEC)

Type of Crime: Computer fraud and phishing.

Characteristics and Analysis:

• Examples: A significant number of Business Email Compromise (BEC) cases, where hackers intercept email communication between companies and alter payment details, redirecting the money to their own accounts. A publicly reported case involved a company in Skopje that lost around €100,000 through intercepted email communication with a business partner.

• Modus Operandi: Attackers most often use phishing to gain access to employees' emails, then monitor communication, and at a crucial moment (e.g., when a large transaction is due) send a fake invoice or payment instruction with their own bank details.

• Impact: Direct financial damage to companies, which can be particularly severe for small and medium-sized enterprises (SMEs). Such scams emphasize the need for employee training and strengthening internal security protocols.

• Legal Framework: Usually classified as Computer Fraud or Fraud under the Criminal Code.

3. Misuse of Personal Data via Online Platforms ("Public Room")

Type of Crime: Misuse of personal data, unauthorized photographing, and public display of pornographic material.

Characteristics and Analysis:

• Examples: The case of the "Public Room" Telegram group, which received massive media attention. Personal data, photographs, and explicit videos of girls and women were shared in this group, often without their consent (known as revenge pornography).

• Modus Operandi: Users of the Telegram application create private groups where they share intimate materials and personal data of others, perpetrating online violence and harassment.

• Impact: Severe psychological consequences for the victims, stigmatization, privacy violations, and serious gender-based online violence. The case highlighted the need for better legal protection against gender-based violence in the digital sphere and more rigorous measures against the misuse of personal data.

• Legal Framework: Criminal offenses related to Misuse of personal data, Unauthorized photographing, Sexual harassment, displaying pornographic material to a child, Production and distribution of child pornography.

Conclusion

These three categories of cybercrime illustrate the wide range of threats facing North Macedonia: from attacks on state security (first case), through financial crime against businesses (second case), to online violence and misuse of personal data against citizens (third case). They point to the need for continuous investment in cybersecurity, raising awareness, and the effective application of existing legislation.