Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I suspect that means someone is supposed to find that transformer. Presumably there may be something of interest with/in/near it. Its easy to hide a microSD


This sounds more reasonable than thinking that they photos are showing eavesdropping devices.


Presumably? If these photos were taken for proof/evidence they just don't cut it, especially coming from a security specialist/professional.

... Or, they could just be a photos of a shoddy light fixture installation.


I think that's sort of madmaze's point - the presumption being that the photos do indeed come from Danchev and that he is not crazy.


Spy devices are small, right? That's kind of the point. He said that someone might have hidden something small nearby, but if the real thing is small and hidden... why draw attention to it in the first place with a transformer? It doesn't make sense that "it was supposed to be found", as it alerts him to the fact that something's going on.

He would be far from the first geek to be overly paranoid.


The suggestion is that Danchev purposely sent a picture of what is obviously a large transformer hoping or knowing that it would mean something to someone - that the image itself is a message of some sort. I don't think anybody is suggesting that someone "covertly" installed a large transformer in Danchev's quarters to disguise a smaller device nearby.

You're right, it is of course possible that something is getting overanalyzed as we geeks are prone to do, but in the face of what is possibly a bad situation it's worth considering the worst case scenario.


They ARE photos of a shoddy light fixture installation... that is, unless government spying devices are dimmable!

The full text of the image once rotated reads:

ELECTRONIC TRANSFORMER MODEL: TE-60

(20-60W) PRI: 220-240V, 50Hz, CosΦ=0,99 SEC: 11,6V, max. 4.9A Ta: max. 50°C, Tc: max. 85°C

GTV (R)

Dimmable EMC Approved Surge Protection Overload Protection Short Circuit Protection

Symbols: CE, double insulated, don't throw away, and some I don't know.

I can't find it on Google, though.


That is very obviously what the photos appear to be. The discussion here is about whether, as the article claims, there is something else evident/hidden in these photographs.


From what's visible in the second photo, things look fairly legit (albeit shoddy) if the power feed is coming through the wall at the center of the image and the transformer is on the left below the ledge and the wires to/from it are going down through the hole and the wires heading out of the frame to the left are simply a splice between the feed line and the leads on the transformer.

Now if he cracked open the transformer and found a transmitter hidden inside - then it might get interesting...


That transformer is a standard fixture for halogen lights, which are the little circular items with the spring clips.


Could it have been a formerly-proper light fixture installation that had a power wire borrowed to power a recording device?

If I was going to bug someone for a long time, I would not run new wires. I would piggyback off of some other low power device.

He could have gone searching after they removed everything, and looked for something that was spliced.

On the other hand, I would not bug a bathroom. That seems like the worst place to bug.


Changing my vote. I think the guy is nuts and/or running away. Stuff doesn't add up.

-He claims a particular LEO is after him for pro-western views. This is the hardest hit to his credibility. If he said that botnet authors came after him for outing them, that might be plausible. The Belgian government does not hunt and 'disappear' pro-western people.

-There is no stego in this image like some have suggested. If it was in a letter, there is no data to be read. If it did not come from a latter, it was taken recently, according to the metadata. Also, if he is making direct accusations, he is not hiding information. Either the whole message would be cryptic, or none of it. If he isn't afraid to name the guy, he wouldn't be afraid to plainly state that he found a recording device or whatever else.

-He acts like the image has a smoking gun, and it does not.

-He has never had a real, credible job in the industry. See his LinkedIn: http://nl.linkedin.com/in/danchodanchev It's either blogging, or "secret companies". And astalavista, which was warez/script kid forums and stuff.

-His blog is completely full of "cyber jihad" research and discussion of "cyber terrorist" nonsense. http://ddanchev.blogspot.com/


Belgium != Bulgaria

The rest of what you said makes sense, and it is possible that this is a script kid trying to make a name for himself - I would be very weary about making that assumption though without more serious evidence.


Dancho is not a "script kid".

I met him in September in a meeting for international law enforcement. He was lecturing.


I assume you're that Mikko Hypponen?

http://mikko.hypponen.com/


Cool. As I stated above, I did not mean to suggest that he was one, simply that I didn't know enough to take a position.


Nobody who does software security professionally would suggest Dancho is a "script kid". Your first tip-off might have been the article, where you'd learn that his disappearance was featured in the ZDNet security blog, where he is a contributor.


I don't do software security professionally, or have any other way of validating Dancho's legitimacy. It's not that I don't trust ZDNet - I was simply ceding the possibility that the parent was right on that point since I had no "proof" to the contrary. I apologize if it came across as me lending credence to the idea that Dancho may be a hack, I meant it in the sense that I was unable to positively confirm his reputation in the field (since I am not in it) but I should have been more clear :)


Yeah, sorry, I knew it was Bulgaria...just read an unrelated headline about the Belgian government and typed that instead.

I agree, it is worth looking into until there is real evidence either way. Hopefully he will come forward. Someone on twitter did say they heard from him on Dec 15th and he was fine.

My experience with these "independent security professionals" who are heavy on certification alphabet soup/government acronyms, and lacking in real credible work history, is that they are mostly playing "fake it until you make it". This especially applies to bloggers and those who heavily use terms like "cyber warfare" and "cyber terrorism". InfoSec is full of insecure charlatans who are broke or homeless and always making up outrageous nonsense.


Either that or some form of steganography is the pics were sent as digital and not paper forms.


This could also explain why "current situation in my bathroom" is in quotes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: