Draft:Dancho Danchev

Submission declined on 8 February 2024 by Paul W (talk). This submission's references do not show that the subject qualifies for a Wikipedia article—that is, they do not show significant coverage (not just passing mentions) about the subject in published, reliable, secondary sources that are independent of the subject (see the guidelines on the notability of people). Before any resubmission, additional references meeting these criteria should be added (see technical help and learn about mistakes to avoid when addressing this issue). If no additional references exist, the subject is not suitable for Wikipedia. This submission appears to read more like an advertisement than an entry in an encyclopedia. Encyclopedia articles need to be written from a neutral point of view, and should refer to a range of independent, reliable, published sources, not just to materials produced by the creator of the subject being discussed. This is important so that the article can meet Wikipedia's verifiability policy and the notability of the subject can be established. If you still feel that this subject is worthy of inclusion in Wikipedia, please rewrite your submission to comply with these policies. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Paul W 3 months ago. Last edited by Citation bot 17 days ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 2 November 2023 by Vanderwaalforces (talk). This submission's references do not show that the subject qualifies for a Wikipedia article—that is, they do not show significant coverage (not just passing mentions) about the subject in published, reliable, secondary sources that are independent of the subject (see the guidelines on the notability of people). Before any resubmission, additional references meeting these criteria should be added (see technical help and learn about mistakes to avoid when addressing this issue). If no additional references exist, the subject is not suitable for Wikipedia. Declined by Vanderwaalforces 6 months ago.

• Comment: Subject may be notable, but article needs substantial editing to remove the promotional tone (needs to be factual and neutral - see WP:NPOV - the first two paragraphs of the biography section should be immediately deleted for a start), and to present the subject's life/career in a more chronological order up to the present day. Paul W (talk) 14:11, 8 February 2024 (UTC)

• Comment: Currently source does not cover him significantly, please see WP:SIGCOV. Vanderwaalforces (talk) 13:42, 2 November 2023 (UTC)

---

Bulgarian cybersecurity researcher

Danchev photo

Danchev Danchev (Данчо Данчев) (born November 22, 1983) is a Bulgarian cyber security researcher, journalist and blogger. Born in Sofia, he now lives in Troyan.

Biography

Danchev is an influential figure in the world of cybersecurity. With his extensive knowledge and experience he has made significant contributions to this field. By helping to protect individuals and organizations from various cyber attacks Danchev continues to share his expertise and insights with the wider community. His work has been widely recognized and has a positive impact on the industry. One of his key contributions to cyber security is his role in uncovering and analyzing new cyber threats. He has a keen ability to identify emerging trends and techniques used by threat actors, which has helped organizations stay one step ahead in protecting their systems and data. His deep understanding of the tactics and strategies employed by cyber criminals has proven invaluable in helping organizations develop robust defense mechanisms.

Dancho Danchev has pioneered his own methodology for processing threat intelligence leading to a successful set of hundreds of high-quality analysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld and H+Magazine.

He's been active on Twitter^[1], LinkedIn^[2] and Facebook^[3] and has made all of his research throughout the years publicly accessible on the Internet Archive^[4].

He has presented at RSA Europe 2012^[5], CyberCamp 2016 in Spain^[6], InfoSec 2012 in London, GCHQ^[7] in Cheltenham and Interpol^[8] in Lyon, France.

Danchev has been an active security blogger since 2007. He is a cybersecurity researcher and a WhoisXML API threat researcher.^[9][10][11] He is known for reporting on the Chinese hacktivist attack on CNN in 2008, with additional reports on the Operation Ababil attack on Wells Fargo U.S. Bank and PNC Bank and the New York Times advertisement attack in 2009.^[12]

At ZDNet’s Zero Day blog, he co-wrote articles and analyses on East European criminal activity and online scams. Danchev’s research often focused on cyber terrorism activities of terrorist groups and monitoring the activities of the Koobface worm which targeted users of social networking sites, including Facebook.

He then started working for Webroot.^[13] In 2021 he started^[14] working for CyberNews.

Danchev went missing in 2011, according to reports, after his blog post on the collection of his research on terrorist organizations' use of the internet for jihad.^[15] With help from the security community and security professionals he then resurfaced^[16] in January 2011.

Key career points

 

Trojan information database

• Presented at the GCHQ with the Honeynet Project^[17]
• SCMagazine Who to Follow on Twitter for 2011
• Participated in a Top Secret GCHQ Program called "Lovely Horse"^[18]
• Identified a major victim^[19] of the SolarWinds Attack - PaloAltoNetworks
• Found malware^[20] on the Web Site of Flashpoint^[21]
• Tracked monitored and profiled the Koobface Botnet^[22] and exposed one botnet operator
• Made it to Slashdot^[23] two times^[24]
• His personal blog got 5.6M page views since December, 2005
• His old Twitter Account got 11,000 followers^[25]
• He had an average of 7,000 RSS readers on my blog
• He had his own vinyl "Blue Sabbath Black Cheer / Griefer – We Hate You / Dancho Danchev Suck My Dick"^[26] made by a Canadian artist
• He's currently running Astalavista.box.sk
• Listed as a major competitor by Jeffrey Carr's Taia Global

Education

Danchev studied in Vasil Levski Secondary School in Troyan, Bulgaria and later in The Netherlands at Hogschool Zuyd in Sittard, and Hogeschool In Holland in Rotterdam.^{[citation needed]}

Work career

 

InfoSec

Danchev is known to have been moderating DiamondCS's Trojan Defense Suite newsletter in 1999.^[27] He then joined the Netherlands-based company Frame4 Security Systems where he wrote the infamous "The Complete Windows Trojans Paper". He then worked for TechGenix's^[28] WindowSecurity.com where he wrote "Building and Implementing a Successful Information Security Policy" paper. Danchev is known to have been running Astalavista Security Group's Astalavista.com^[29] in 2003 Web site and Astalavista.box.sk Web site in 2021. He presently works at WhoisXML API as a DNS Threat Researcher.

Following a successful career and contribution as a Member to WarIndustries (http://warindustries.com) List Moderator at BlackCode Ravers (http://blackcode.com) Contributor Black Sun Research Facility (http://blacksun.box.sk) (BSRF) List Moderator Software Contributor (TDS-2 Trojan Information Database) (https://packetstormsecurity.com/files/25533/tlibrary.zip.html) DiamondCS Trojan Defense (http://tds.diamondcs.com.au) contributor to LockDownCorp (http://lockdowncorp.com) Contributor to HelpNetSecurity(http://forbidden.net-security.org) Managing Director of Astalavista Security Group's Astalavista.com (http://astalavista.com) (2003-2006) - The Underground a security consultant for Frame4 Security Systems (http://frame4.com) contributor to TechGenix's WindowSecurity.com (http://www.windowsecurity.com/authors/dancho-danchev/) security blogger for ZDNet (http://www.zdnet.com/blog/security/) threat intelligence analyst for Webroot (https://www.webroot.com/blog/).

He has also contributed to ITSecurity.com's Security Clinic^[30] and was a newsletter moderator at Blackcode Ravers^[31].

Disappearance

 

Hitman request for Danchev on the Darkode forum

In September 2010, Danchev went missing under mysterious circumstances amid concerns about his safety. Prior to his disappearance, he had expressed concerns about surveillance by Bulgarian law enforcement and intelligence services. Despite efforts to contact him through various means, including phone and email, he could not be reached. ZDNet published a letter and photos he had sent, seeking information on his whereabouts. While anonymous sources indicated he was alive but facing difficulties, the exact details of his disappearance remain unknown.^[15]

According to Internet Anthropologist^[32] who tried to track him and find out using his law enforcement contacts his legal contact in Sofia Bulgaria told him that he was in a psychiatric clinic as his mother requested the hospitalization due to his belief that he was under surveillance. The same information was confirmed by Krypt3ia^[33] and Threatpost who approached a press officer^[34] at the U.S. Embassy in Sofia, Bulgaria who told him that they were unaware of his case, but would look into reports of his arrest. The hospital where Danchev was held confirmed that he will be released^[35] within four or six weeks but declined to comment. He sent an email letter^[36] describing the situation to a colleague prior to his disappearance just in case something might happen including a photo of a supposed surveillance device in his bathroom.

In 2013 the infamous Darkode forum got breached and based on public information by the ones who breached it there was a Hitman request^[37] for Danchev Danchev in the forum.

This was covered by Slashdot,^[38] ZDNet,^[39] CSO Online,^[40] SC Magazine,^[41] Gizmodo,^[42] Gawker,^[43] PC Mag,^[44] Techdirt^[45] and TG Daily.

Cybercrime Underground

 

Phoenix exploit kit

The numerous occasions Danchev's work and research has been quoted and referenced by Russia based cybercriminals and cybercrime gangs.

• Dancho Danchev and Brian Krebs got married message^[46]
• Koobface Botnet C&C channel referencing him in the network communication^[47]
• SpyEye blog post referencing him^[48]
• Darkode Leak mentioning his kidnapping and Ivan Kaspersky's kidnapping^[49]
• U.S Treasure Department web site redirected to his personal Blogger profile^[50]
• Scareware serving campaign using a message referencing him^[51]

Astalavista.com

 

Astalavista.com

Danchev is known to have been running Astalavista Security Group's Astalavista.com^[52] in since 2003. He was responsible for producing the monthly security newsletter.^[53]

He has interviewed the following people from the security industry and the Scene.

• Proge — http://www.progenic.com/
• Jason Scott — http://www.textfiles.com/
• Kevin Townsend — http://www.Itsecurity.com/
• Richard Menta — http://www.bankinfosecurity.com
• MrYowler — http://www.cyberarmy.net/
• Prozac — http://www.astalavista.com/
• Candid Wuest — http://www.trojan.ch/
• Anthony Aykut — http://www.frame4.com/
• Dave Wreski — http://www.linuxsecurity.com/
• Mitchell Rowtow — http://www.securitydocs.com/
• Eric (SnakeByte) — http://www.snake-basket.de/
• Björn Andreasson — http://www.warindustries.com/
• Bruce — http://www.dallascon.com/
• Nikolay Nedyalkov — http://www.iseca.org/
• Roman Polesek — http://www.hakin9.org/en/
• John Young — http://www.cryptome.org/
• Eric Goldman — http://www.ericgoldman.org/
• Robert — http://www.cgisecurity.com/
• Johannes B. Ullrich — http://isc.sans.org/
• Daniel Brandt — http://google-watch.org/
• David Endler — http://www.tippingpoint.com/
• Vladimir, 3APA3A — http://security.nnov.ru/

Astalavista.box.sk

 

dancho danchev

In 2020 Danchev announced the official re-launch^[54] of the infamous Astalavista.box.sk hacking search engine web site with a forum community targeting security experts and hackers.

On April 7, 2021, an article was published on Medium.com^[55] by Dancho Danchev stating that the site is back up and running. Danchev has released several versions of the web site.^[56][57][58]

Koobface botnet

 

Hacker news network

In October 2009 the gang redirected Facebook's Internet Protocol (IP) netspace^[59] to his blog.

In February 2010 Danchev posted an article called "10 things you didn't know about the Koobface gang"^[60] where he discussed some of the key aspects of the Koobface botnet. In May 2010 the group responded^[61] to his article in a step by step fashion response within the source code of all the malware-infected hosts that were distributing the malicious software.

In January The Register released^[62] an article stating that five Koobface gang suspects were named by The New Times^[63] following Danchev's investigation.

In January 2012 Danchev gave an interview^[64] to DW where he discussed his findings into the Koobface botnet.

In February 2012 Danchev posted an OSINT (Open Source Intelligence) analysis called "Who's Behind the Koobface Gang?"^[65] where he provided personally identifiable information on one of the botnet masters behind the Koobface botnet.

Interviews

Danchev is known to have given an interview to Russian OSINT^[66]. Danchev is also known to have given an interview to LinuxSecurity.com^[67].

Research achievements

 

cyber wars

• Danchev is known to have participated in a Top Secret GCHQ Program to monitor hackers online based on a document part of Edward Snowden's archive.^[68]
• Danchev is known to have discovered a major SolarWinds supply chain attack victim which is PaloAlto Networks.^[69]
• Danchev is also known to have contributed to research involving the Avalanche and the Mumba botnets.^[70]
• Danchev is known to have contributed to the use of search engines by Cyber Criminals in the context of blackhat SEO (search engine optimization) and malicious search engine results poisoning research.^[71]
• Danchev is known to have contributed research on the Luthuanian cyber attacks and the Russia vs Georgia cyber attacks.^[72]
• Danchev is known to have been running and maintaining the "Diverse Portfolio of Fake Security Software" blog posts on scareware blog posts series.^[73]

Awards

• Jessy H. Neal Award for Best Blog for ZDNet's Zero Day Blog in 2010^[74]
• SCMagazine Social Media Award for "Five to Follow on Twitter" in 2011^[75]

External links

Danchev Danchev's Blog

Gallery

•  
  cyber camp
•  
  cyber camp 01
•  
  cyber security talks
•  
  cyber camp 02
•  
  rsa europe

References

1. "Twitter". Twitter. Retrieved 2024-04-25.
2. "LinkedIn". LinkedIn. Retrieved 2024-04-25.
3. "Facebook". Facebook. Retrieved 2024-04-25.
4. "Archive.org". Archive.org. Retrieved 2024-04-25.
5. "Cyber Jihad vs Cyberterrorism - Separating Hype from Reality". Speakerdeck. Retrieved 2024-04-25.
6. "Exposing Koobface - The World's Largest Botnet". Speakerdeck. Retrieved 2024-04-25.
7. "Who's Who in Cybercrime for 2007?". Speakerdeck. Retrieved 2024-04-25.
8. "Exposing the Dynamic Money Mule Recruitment Ecosystem". Speakerdeck. Retrieved 2024-04-25.
9. "Who Could Be Behind the Latest GitHub-Hosted Malware Infrastructure?". circleid.com. Retrieved 2023-07-17.
10. "Koobface Makes a Comeback". circleid.com. Retrieved 2023-07-17.
11. "Predator Surveillance Software May Not Be Lawful at All". circleid.com. Retrieved 2023-07-17.
12. "Hackers expand massive IFRAME attack to prime sites". NetworkWorld. Archived from the original on 2020-10-20. Retrieved 2023-07-17.
13. "Welcome to the team, Dancho!". Webroot Blog. 5 January 2012. Retrieved 2024-01-25.
14. "Dancho Danchev". Cybernews. Retrieved 2024-01-26.
15. Zetter, Kim. "Security Researcher, Cybercrime Foe Goes Missing". Wired. ISSN 1059-1028. Retrieved 2023-07-17.
16. "Dancho Danchev returns". SCMagazine. 21 January 2011. Retrieved 2024-01-26.
17. "Who's Who in Cybercrime for 2007?". Speakerdeck. Retrieved 2024-04-25.
18. "Lovely Horse" (PDF). Cryptome. Retrieved 2024-04-25.
19. "Robust Indicators of Compromise for SUNBURST". Netresec. Retrieved 2024-04-25.
20. "After-Action Report: Flashpoint Remediation of 0-Day Exploit on Our Public-Facing Website". Flashpoint. Retrieved 2024-04-25.
21. "Flashpoint: Our site was not dishing malware". SCMagazine. Retrieved 2024-04-25.
22. "Dancho Danchev unmasks man behind the Koobface Botnet". CSO Online. Retrieved 2024-04-25.
23. "The Strange Disappearance of Dancho Danchev". Slashdot. Retrieved 2024-04-25.
24. "Future Trends of Malware". Slashdot. Retrieved 2024-04-25.
25. "Twitter". Twitter. Archived from the original on 2015-01-23. Retrieved 2024-04-25.
26. "Blue Sabbath Black Cheer / Griefer – We Hate You / Dancho Danchev Suck My Dick". Discogs. Retrieved 2024-04-25.
27. "Trojan Defense Suite". DiamondCS. Archived from the original on 1999-10-12.
28. "Dancho Danchev". TechGenix. Retrieved 2024-01-26.
29. "Team Astalavista Group". Astalavista.ch. Archived from the original on 2004-02-16.
30. "Dancho Danchev". ITSecurity.com. Archived from the original on 2004-06-01. Retrieved 2024-04-25.
31. "Blackcode". Blackcode. Archived from the original on 1999-11-27. Retrieved 2024-04-25.
32. "Dancho Danchev Missing". Internet Anthropologist Think Tank. Archived from the original on 2011-01-20. Retrieved 2024-04-25.
33. "The NRS, Dancho Danchev, and A Beautiful Mind". Krypt3ia. 17 January 2011. Retrieved 2024-01-26.
34. "ZDNet Security Blogger Goes Missing in Bulgaria". Threatpost. 14 January 2011. Retrieved 2024-01-26.
35. "Dancho Danchev: Missing cybersecurity expert". SCMagazine. 20 January 2011. Retrieved 2024-01-26.
36. "Cybercrime Blogger Resurfaces After Mysterious Disappearance". Gizmodo. 21 January 2011. Retrieved 2024-01-26.
37. "Darkode Repository". Cybercrime Tracker. Retrieved 2024-01-26.
38. "The Strange Disappearance of Dancho Danchev". Slashdot. 14 January 2011. Retrieved 2024-01-27.
39. "We need help with the strange disappearance of Dancho Danchev". ZDNet. Retrieved 2024-01-27.
40. "Update on Dancho Danchev". CSO Online. Retrieved 2024-01-27.
41. "Dancho Danchev: Missing cybersecurity expert". SC Magazine. 20 January 2011. Retrieved 2024-01-27.
42. "ZDNet Blogger Disappears Mysteriously in Bulgaria". Gizmodo. 14 January 2011. Retrieved 2024-01-27.
43. "Cybercrime Blogger Vanishes After Finding Tracking Device In His Bathroom". Archived from the original on 2011-01-16.
44. "ZDNet Security Blogger Mysteriously Disappears". PC Mag. 14 January 2011. Retrieved 2024-01-27.
45. "Bulgarian Security/Cybercrime Researcher Missing For Months". Techdirt. 14 January 2011. Retrieved 2024-01-27.
46. "Krebs, KrebsOnSecurity, As Malware Memes". Krebsonsecurity.com. Retrieved 2024-04-25.
47. "The Heart of KOOBFACE C&C and Social Network Propagation" (PDF). Kaspersky.com. p. 25. Retrieved 2024-04-25.
48. "SpyEye, ZeuS Users Target Tracker Sites". Krebsonsecurity.com. Retrieved 2024-04-25.
49. "Dancho Danchev". Darkode Cybercrime Tracker. Retrieved 2024-04-25.
50. "U.S. Treasury Site Compromise Linked to the NetworkSolutions Mass WordPress Blogs Compromise". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. Retrieved 2024-04-25.
51. "From Ukrainian Blackhat SEO Gang With Love - Part". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. Retrieved 2024-04-25.
52. PC Mag. Ziff Davis. 2005. p. 73. ISSN 0888-8507.
53. "Astalavista". Packetstormsecurity. Retrieved 2024-01-26.
54. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2020-03-13. Retrieved 2024-04-25.
55. "Astalavista.box.sk — We're Back! Introducing the World's first search engine for hackers!". Medium.
56. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2020-05-07.
57. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2021-03-03. Retrieved 2024-04-25.
58. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2021-03-03. Retrieved 2024-04-25.
59. "Koobface Botnet Redirects Facebook's IP Space to my Blog". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. Retrieved 2024-04-25.
60. "10 things you didn't know about the Koobface gang". ZDNet.com. Retrieved 2024-04-25.
61. "Koobface Gang Responds to the "10 Things You Didn't Know About the Koobface Gang Post"". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. Retrieved 2024-04-25.
62. "Five Koobface botnet suspects named by New York Times". The Register. Retrieved 2012-01-18.
63. "Web Gang Operating in the Open". The New York Times. Retrieved 2024-04-25.
64. "Cybercriminals unveiled". DW.com. Retrieved 2024-04-25.
65. "Who's Behind the Koobface Botnet? - An OSINT Analysis". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. Retrieved 2024-04-25.
66. "Интервью с болгарским хакером Данчо Данчевым специально для Russian OSINT: Киберкрайм в 2021". Russian OSINT. Archived from the original on 2021-04-13.
67. "Open Source Intelligence, Security Hacking, and Security Blogger Dancho Danchev". LinuxSecurity.com. Retrieved 2024-04-25.
68. "LOVELY HORSE – GCHQ Wiki Overview". The Intercept. Archived from the original on 2019-04-14.
69. "Robust Indicators of Compromise for SUNBURST". NETRESEC. 11 January 2021. Retrieved 2024-01-25.
70. "The "Mumba" Botnet Disclosed" (PDF). AVG. Retrieved 2023-07-18.
71. "Web hacks of 2007 and how to protect your web applications in 2008 with OWASP" (PDF). OWASP. Retrieved 2023-07-18.
72. "International Cyber Incidents Legal Considerations" (PDF). CCDCEO. Retrieved 2023-07-18.
73. "Malzilla: Exploring scareware and drive-by malware" (PDF). HolisticInfoSec. Retrieved 2023-07-18.
74. "2010 Jesse H. Neal Award Winners". Ad Age. Retrieved 2023-07-17.
75. "SC Social Media Awards". SCMagazine. 16 February 2011. Retrieved 2022-07-17.