DOJ Secures Tech Support Fraud Suspect from Spain, Amicus Advises on Computer-Crime Evidence Handling

_bfc63ee4-be4a-4a3d-b5f1-4bdccecc6d9c

Extradition Brings Alleged Cyberfraud Operator to U.S. Court

Vancouver, Canada — The United States Department of Justice has announced the extradition of a tech support fraud suspect from Spain, marking another coordinated success in the fight against transnational cybercrime. The suspect, who is accused of orchestrating a scheme that targeted elderly and vulnerable victims across multiple states, was apprehended in Madrid and returned to the United States under the terms of the U.S.–Spain Extradition Treaty. The case illustrates not only the operational value of cross-border cooperation but also the evidentiary complexities involved in prosecuting computer-based offenses.

Amicus International Consulting has issued updated guidance on the handling of computer-crime evidence, with a focus on preserving the integrity, admissibility, and cross-jurisdictional usability of digital data in both domestic and international proceedings.

Details of the Case

According to the indictment, the suspect allegedly operated call centers abroad that impersonated legitimate technology service providers. Victims were told that their computers had been infected with malware or that their accounts were at risk, and were instructed to grant remote access to technicians. Once connected, the technicians would present fabricated security warnings and prompt victims to pay for unnecessary services or software. In some instances, the scheme also facilitated unauthorized transfers from victim bank accounts.

The FBI’s cybercrime task force began investigating after receiving multiple complaints through the Internet Crime Complaint Center (IC3). Agents traced payment flows through a network of bank accounts in the United States and Europe. Spanish authorities executed a provisional arrest at the request of the DOJ, and a Spanish court reviewed the extradition request for compliance with treaty requirements, including the principle of dual criminality.

The Extradition Framework Between the United States and Spain

The U.S.–Spain Extradition Treaty provides for the surrender of individuals charged with offenses punishable by at least one year of imprisonment in both jurisdictions. Spanish courts examine the sufficiency of evidence, verify that the offense is recognized under Spanish law, and assess any claims of procedural or human rights violations.

In cybercrime cases, extradition requests often require detailed technical affidavits to explain the offense to judges unfamiliar with the specific digital tools and methodologies used. Prosecutors must also provide translated evidence packages, including bank records, forensic reports, and victim statements, to meet the standards of the requested state.

Amicus Analysis: Special Challenges in Computer-Crime Evidence Handling

Amicus International Consulting notes that computer-crime cases present unique evidentiary challenges that differ significantly from traditional criminal investigations. Digital evidence is highly volatile, can be altered or destroyed easily, and often exists across multiple jurisdictions with varying legal standards for collection and preservation.

The firm emphasizes that improper handling of digital evidence can lead to challenges on admissibility grounds, potentially undermining the prosecution. In cross-border cases, differences in search and seizure laws can also create obstacles to using evidence collected abroad unless it meets U.S. constitutional and statutory requirements.

Case Study: Suppressed Digital Evidence Due to Chain-of-Custody Failure

In a 2016 U.S. cybercrime case, a forensic image of a suspect’s hard drive was excluded at trial after the defense demonstrated that there were gaps in the chain-of-custody documentation. The evidence had been transferred between agencies without proper logging, raising questions about its authenticity. The suppression significantly weakened the prosecution’s case and ultimately contributed to a reduced plea agreement.

This case underscores the necessity of maintaining rigorous documentation and secure handling procedures for all digital evidence.

Core Principles of Digital Evidence Preservation

Amicus outlines several core principles for preserving digital evidence in computer-crime cases:

  • Forensic Imaging: Create bit-for-bit copies of digital media using verified tools, ensuring the original data remains untouched.

  • Chain of Custody: Maintain a complete, chronological record of every person who handled the evidence, with signatures, timestamps, and the purpose of access.

  • Secure Storage: Store evidence in secure, access-controlled facilities or encrypted digital repositories.

  • Metadata Integrity: Preserve original metadata, including file creation and modification dates, as alterations can compromise evidentiary value.

  • Jurisdictional Compliance: Ensure evidence collection complies with both the jurisdiction where it was obtained and the jurisdiction where it will be prosecuted.

Case Study: Coordinated Forensics Across Borders

In a joint investigation between the United States and an EU member state, authorities executed synchronized search warrants at data centers in both countries. By using standardized forensic imaging protocols agreed upon in advance, investigators ensured that the resulting evidence was admissible in courts in both jurisdictions. The coordinated approach prevented defense challenges based on conflicting evidentiary standards.

Role of Mutual Legal Assistance Treaties in Digital Evidence Gathering

Mutual Legal Assistance Treaties (MLATs) are a critical tool for securing evidence from foreign jurisdictions in a manner that meets domestic admissibility standards. In the current case, U.S. prosecutors obtained Spanish bank records and ISP subscriber data through formal MLAT requests, ensuring that the evidence was certified and accompanied by the necessary affidavits for use in a U.S. court.

MLAT processes can be slow, particularly in cybercrime cases where the relevant data is time-sensitive. Amicus recommends that investigators identify potential international evidence sources early and submit requests as soon as possible to avoid data deletion or overwriting due to retention limits.

Case Study: Lost Evidence Due to Retention Policy

In a 2019 online fraud case, key server logs that could have identified the perpetrator were deleted by the hosting provider before law enforcement submitted a preservation request. The delay occurred because the investigative team underestimated the short retention period of the foreign provider, which was only 14 days for certain logs. This highlights the need for rapid action in securing volatile digital evidence.

Training and Specialization for Cybercrime Prosecutions

Effective computer-crime evidence handling requires specialized training for both investigators and prosecutors. Digital forensics experts must be proficient with current tools and techniques, and prosecutors must be able to explain complex technical concepts in court. Amicus advises legal teams to work closely with forensic specialists from the earliest stages of an investigation to ensure that evidence is both technically sound and legally admissible.

Protecting Victim Data in Cybercrime Cases

Many tech support fraud cases involve sensitive personal and financial data from victims. Prosecutors and investigators must balance the need to use such data as evidence with privacy protections under laws like the U.S. Privacy Act and, where applicable, foreign data protection regimes such as the EU General Data Protection Regulation (GDPR). This often requires redacting personally identifiable information from publicly filed documents and using protective orders to restrict access.

Case Study: Protective Orders Safeguard Victim Data

In a federal cybercrime case in 2021, the court issued a protective order limiting access to unredacted victim financial records to the defense team, court personnel, and designated experts. This prevented sensitive data from becoming part of the public record while still allowing both sides to prepare their cases.

Amicus Recommendations for Cross-Border Cybercrime Evidence Handling

Based on its analysis, Amicus recommends:

  • Implementing standardized forensic protocols that align with international best practices.

  • Engaging digital forensics experts early in the investigation.

  • Using MLATs or other formal channels to secure evidence from foreign jurisdictions.

  • Documenting every step in the collection and transfer process to maintain admissibility.

  • Applying strict privacy protections to victim data at all stages of the case.

Impact on Deterrence and Public Confidence

High-profile extraditions in cybercrime cases send a message that geographic distance does not guarantee impunity for online fraudsters. When authorities handle evidence competently and present strong, admissible cases, they increase the likelihood of convictions and meaningful sentences, thereby reinforcing public trust in the justice system’s ability to address technology-enabled crime.

Conclusion

The extradition of a tech support fraud suspect from Spain to the United States demonstrates the effectiveness of international cooperation in combating cybercrime and the critical importance of proper digital evidence handling. By adhering to rigorous forensic standards and ensuring compliance with both domestic and foreign legal requirements, prosecutors can strengthen their cases and protect the rights of all parties. Amicus International Consulting continues to advise clients on best practices for securing, preserving, and presenting computer-crime evidence in a global legal environment.

Contact Information
Phone: +1 (604) 200-5402
Email: [email protected]
Website: www.amicusint.ca

Anton Stravinsky

Anton Stravinsky

Anton Stravinsky is an associate correspondent for Tri-City News, BC. CanadaStravinsky focuses on international finance, banking, and asset management trends across Europe and Asia for Markets.Before his current role, Stravinsky completed Bloomberg's journalism fellowship, contributing stories to Bloomberg's digital and broadcast platforms. He originally joined Bloomberg as a summer intern covering financial markets and global economies in 2017.Stravinsky’s prior experience includes internships with Reuters' business desk in London, CNBC's Squawk Box Europe, and The Financial Times' editorial team.He earned a bachelor's degree in economics and journalism from New York University, where he served as senior editor for the university’s independent news outlet, Washington Square News.