Changing my vote. I think the guy is nuts and/or running away. Stuff doesn't add up.
-He claims a particular LEO is after him for pro-western views. This is the hardest hit to his credibility. If he said that botnet authors came after him for outing them, that might be plausible. The Belgian government does not hunt and 'disappear' pro-western people.
-There is no stego in this image like some have suggested. If it was in a letter, there is no data to be read. If it did not come from a latter, it was taken recently, according to the metadata. Also, if he is making direct accusations, he is not hiding information. Either the whole message would be cryptic, or none of it. If he isn't afraid to name the guy, he wouldn't be afraid to plainly state that he found a recording device or whatever else.
-He acts like the image has a smoking gun, and it does not.
-He has never had a real, credible job in the industry. See his LinkedIn: http://nl.linkedin.com/in/danchodanchev
It's either blogging, or "secret companies". And astalavista, which was warez/script kid forums and stuff.
-His blog is completely full of "cyber jihad" research and discussion of "cyber terrorist" nonsense. http://ddanchev.blogspot.com/
The rest of what you said makes sense, and it is possible that this is a script kid trying to make a name for himself - I would be very weary about making that assumption though without more serious evidence.
Nobody who does software security professionally would suggest Dancho is a "script kid". Your first tip-off might have been the article, where you'd learn that his disappearance was featured in the ZDNet security blog, where he is a contributor.
I don't do software security professionally, or have any other way of validating Dancho's legitimacy. It's not that I don't trust ZDNet - I was simply ceding the possibility that the parent was right on that point since I had no "proof" to the contrary. I apologize if it came across as me lending credence to the idea that Dancho may be a hack, I meant it in the sense that I was unable to positively confirm his reputation in the field (since I am not in it) but I should have been more clear :)
Yeah, sorry, I knew it was Bulgaria...just read an unrelated headline about the Belgian government and typed that instead.
I agree, it is worth looking into until there is real evidence either way. Hopefully he will come forward. Someone on twitter did say they heard from him on Dec 15th and he was fine.
My experience with these "independent security professionals" who are heavy on certification alphabet soup/government acronyms, and lacking in real credible work history, is that they are mostly playing "fake it until you make it". This especially applies to bloggers and those who heavily use terms like "cyber warfare" and "cyber terrorism". InfoSec is full of insecure charlatans who are broke or homeless and always making up outrageous nonsense.
If I was going to bug someone for a long time, I would not run new wires. I would piggyback off of some other low power device.
He could have gone searching after they removed everything, and looked for something that was spliced.
On the other hand, I would not bug a bathroom. That seems like the worst place to bug.