Security Researcher, Cybercrime Foe Goes Missing

A well-known security researcher and cybercrime foe appears to have gone missing in Bulgaria and is feared harmed, according to a news organization that hosts a blog the researcher co-writes.

Bulgarian researcher Dancho Danchev, who writes for ZDNet’s Zero Day blog, is an independent security consultant who’s garnered the enmity of cybercriminals for his work tracking and exposing their malicious activity. He has often provided insightful analysis of East European criminal activity and online scams.

His last blog entry was a compilation of his research into the cyberjihad activity of terrorist groups. He was also particularly focused on monitoring the group believed to be behind the Koobface worm, which targets users of Facebook and other social networking sites.

Danchev has reportedly been missing since at least September, when he sent a mysterious letter to a friend in the malware-research community revealing concerns that his apartment was being bugged by Bulgarian law enforcement and intelligence services.

The letter, sent to the friend as “insurance in case things get ugly, ” included photos that Danchev purportedly took of a device that he believed was planted in his bathroom by government agents to monitor him. The device appears to be a transformer.

The letter said:

I’m attaching you photos of the “current situation in my bathroom”, courtesy of Bulgarian Law enforcement+intell services who’ve been building a case trying to damage my reputation, for 1.5 years due to my clear pro-Western views+the fact that a few months ago, the FBI Attache in Sofia, Bulgaria recommended me as an expert to Bulgarian CERT -> clearly you can see how they say “You’re Welcome”.

ZDNet, which has been trying unsuccessfully to contact Danchev since August, published the letter and photos Friday in the hope that someone with information about Danchev’s whereabouts would come forward.

ZDNet blogger Ryan Naraine, who blogs at Zero Day with Danchev, reported that Danchev had contributed his last blog entry Aug. 18 and that his personal blog was last updated Sept. 11. The letter Danchev apparently sent to his friend about the surveillance on him was received Sept. 9.

Subsequent attempts to contact Danchev by phone, e-mail and postal mail have been unsuccessful, ZDNet reports. A knock on the door at his residence in Bulgaria also went unanswered.

“Last month, we finally got a mysterious message from a local source in Bulgaria that ‘Dancho’s alive but he’s in a lot of trouble,’” Naraine wrote. “We were told that he’s in the kind of trouble to keep him away from a computer and telephone, so it would be impossible to make contact with him.”

Naraine told Threat Level that Danchev was an active participant on a mailing list where ZDNet’s bloggers discuss their stories and would generally contact editors and fellow bloggers once a week to let them know what he was working on. That communication stopped in August. Naraine said that he also hasn’t seen Danchev logged into his Skype, Google Talk or instant messaging account for months.

“I’ve been hearing from a lot of people on private lists saying that Dancho is alive,” Naraine said. “But no one can say where he is or why he has disappeared off the grid. He was not the kind of guy to just disappear.”