Cybercrime writer mysteriously disappears in Bulgaria

Sometimes the media feels untouchable when it comes to talking about sensitive subjects. But what happens when the criminals you write about make you a target?

Dancho Danchev, a Bulgarian national and ZDNet blogger specializing in malware and cybercrime mysteriously went missing in August. There were no clues left behind alluding to his whereabouts except a cryptic note. “Dancho’s alive but he’s in a lot of trouble.”

ZDNet made attempts to contact Dancho to no avail, even asking the Bulgarian CERT authorities and alerting anti-virus colleagues.

Fortunately, a local source was able to get in contact with Dancho on September 9, 2010.

In his letter, Dancho states:


[Name redacted],

As I consider you as a trusted colleague, and someone who understands the big picture of cyber crime and cyber espionage, I’m attaching you photos of the “current situation in my bathroom,” courtesy of Bulgarian Law enforcement+intell services who’ve been building a case trying to damage my reputation, for 1.5 years due to my clear pro-Western views+the fact that a few months ago, the FBI Attache in Sofia, Bulgaria recommended me as an expert to Bulgarian CERT -> clearly you can see how they say “You’re Welcome.”

I’m sending you these not with the idea to see them published, but as an insurance in case things get ugly, knowing that a trusted third-party has access to these and can always distribute them to [redacted] mailing list members, and pretty much the entire industry, especially the press.

The LEO behind the whole operation: [ NAME REDACTED ]

I’m in a process of contacting journalists -> just in case.

I hope you’re the trusted industry contact that I think you are, and you’ll basically keep these somewhere safe. Thank you, and please use my PGP key.

Best regards


Bulgaria has most recently been in the news thanks to WikiLeaks, when the organization noted the country had a discouraging political economy, dominated by organized crime.

In one of the cables released, WikiLeaks stated:

“The strength and immunity from the law of organized crime (OC) groups is arguably the most serious problem in Bulgaria today…OC groups range from local street thugs involved in extortion to sophisticated international narcotic dealers and money launderers. An estimated 118 organized crime groups were operating in Bulgaria at the end of 2004.

“Alhough many of these groups are relatively small and the landscape is dominated by a handful of big players. Organized crime continues to be pervasive in many spheres of Bulgarian life, despite domestic and international efforts to combat it. To date, not a single major OC figure has been punished by the Bulgarian legal system, despite an on-going series of OC-related assassinations.”

So, if WikiLeaks is right, Dancho may be in serious trouble with the organized crime rings that run these cybercrime syndicates.

At this point, Dancho may have ssuccumbed  to the nationwide power of these crime rings, choosing to remain silent on the matters of surveillance and persecution. 

Still no word yet as to whether or not ZDNet was able to make further contact with Dancho.

(Via ZDNet