ZDNet Security Blogger Goes Missing in Bulgaria

A prominent blogger and security researcher, Dancho Danchev, has gone missing and security publications, including Threatpost.com, are asking for help in locating him. 

Dancho DanchevA prominent blogger and security researcher, Dancho Danchev, has gone missing and security publications, including Threatpost.com, are asking for help in locating him. 

Danchev, who contributed regular posts to ZDNet’s Zero Day blog, part of CBS Interactive, has been missing since late October. Danchev’s work unravelling cyber criminal networks and scams would have earned him countless enemies in the cyber underground. However, a new post on Zero Day suggests that Danchev, an expert in cyber criminal operations and malware, may have fallen afoul of law enforcement and intelligence agencies in his native Bulgaria.

Danchev was last heard from on September 11, when he posted a new entry on his personal blog, Mind Streams of Information Security Knowledge. However, his Twitter account appears to have been active at least through October 20.

In a post on Friday, Zero Day and Threatpost blogger Ryan Naraine said that Danchev’s editors at ZDNet have been trying to contact him since September. He last posted for the Zero Day blog on August 18, 2010. Efforts to reach Danchev via e-mail, phone and in person have come up empty.

However, in recent weeks, reports have surfaced indicating that Danchev may have been arrested. In one instance, Zero Day reports, a “local source” in Bulgaria confirmed that Danchev was alive but “in a lot of trouble” and unable to be contacted. More recently, a malware researcher passed on a September 9, 2010 “insurance” e-mail from Danchev that said he was being investigated by Bulgarian Law Enforcement and intelligence services who “have been building a case trying to damage my reputation for 1.5 years.” The reason, Danchev claims in the e-mail, were his “pro Western views.” The e-mail included pictures of a surveillance device installed in his bathroom. Danchev said he would be forwarding it to trusted contacts in the press, as well, though its unclear if he succeeded in doing so before disappearing.  

Danchev’s e-mail included the (redacted) name of a Bulgarian law enforcement officer who Danchev believed was after him.  A press officer at the U.S. Embassy in Sofia, Bulgaria, said that officials there were unaware of Danchev’s case, but would look into reports of his arrest. Danchev’s writings about online scams and the operation of criminal gangs have been an indispensable source of information on a burgeoning, but largely opaque cyber underground. Threatpost has covered Danchev’s work on numerous occasions, along with other leading technical publications, and is now asking for help in locating Dancho and insuring his safety. Readers with any information on Danchev are encouraged to contact members of Threatpost’s editorial team. Any information will be treated confidentially. 

Suggested articles


  • Anonymous on

    It wouldn't be the first time a high profile 'security' or 'hacker' person disappeared or met with an untimely end.... 


    I can recall at least 20 similar disappearances/deaths/accidents over the last ten years that befell high profile security/hackers.

  • Teri on

    I will try to find information about Dancho. I didn't hear any news about him in Bulgaria, the country where I live too. 

  • Anonymous on

    I live in Bulgaria, and:
    1) the transformer & halogen lamp setup is standard here, we're on 220v so low voltage/amps is required for any lighting within a certain distance of running water.
    2) Dancho Danchev is a common name, much like "John Smith" in the USA. There are probably hundreds of guys with that name in Sofia alone, it would be almost impossible to trace him without a physical address. we don't have phonebooks like in the USA.
    3) Several people were arrested in Sofia about that time for running massive illegal file sharing servers. It would be a standard practice to deny them use of the internet while on release pending trial.

    I posted this on the ZDnet page, it was immediately marked as spam so I'm guessing the whole thing's a spoof.

  • Svetlin on

    To Anonymous above: I'm pretty sure internet access can't be denied in Bulgaria. Also apart from illegal it would be unenforceable.

  • Anonymous on

    What is Dancho's nationality?  The story mentions the US Embassy.  Is he an American citizen?

  • Surfer on

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.