A prominent blogger and security researcher, Dancho Danchev, has gone missing and security publications, including Threatpost.com, are asking for help in locating him.
Danchev, who contributed regular posts to ZDNet’s Zero Day blog, part of CBS Interactive, has been missing since late October. Danchev’s work unravelling cyber criminal networks and scams would have earned him countless enemies in the cyber underground. However, a new post on Zero Day suggests that Danchev, an expert in cyber criminal operations and malware, may have fallen afoul of law enforcement and intelligence agencies in his native Bulgaria.
Danchev was last heard from on September 11, when he posted a new entry on his personal blog, Mind Streams of Information Security Knowledge. However, his Twitter account appears to have been active at least through October 20.
In a post on Friday, Zero Day and Threatpost blogger Ryan Naraine said that Danchev’s editors at ZDNet have been trying to contact him since September. He last posted for the Zero Day blog on August 18, 2010. Efforts to reach Danchev via e-mail, phone and in person have come up empty.
However, in recent weeks, reports have surfaced indicating that Danchev may have been arrested. In one instance, Zero Day reports, a “local source” in Bulgaria confirmed that Danchev was alive but “in a lot of trouble” and unable to be contacted. More recently, a malware researcher passed on a September 9, 2010 “insurance” e-mail from Danchev that said he was being investigated by Bulgarian Law Enforcement and intelligence services who “have been building a case trying to damage my reputation for 1.5 years.” The reason, Danchev claims in the e-mail, were his “pro Western views.” The e-mail included pictures of a surveillance device installed in his bathroom. Danchev said he would be forwarding it to trusted contacts in the press, as well, though its unclear if he succeeded in doing so before disappearing.
Danchev’s e-mail included the (redacted) name of a Bulgarian law enforcement officer who Danchev believed was after him. A press officer at the U.S. Embassy in Sofia, Bulgaria, said that officials there were unaware of Danchev’s case, but would look into reports of his arrest. Danchev’s writings about online scams and the operation of criminal gangs have been an indispensable source of information on a burgeoning, but largely opaque cyber underground. Threatpost has covered Danchev’s work on numerous occasions, along with other leading technical publications, and is now asking for help in locating Dancho and insuring his safety. Readers with any information on Danchev are encouraged to contact members of Threatpost’s editorial team. Any information will be treated confidentially.
