Black-hat hacker sells HP security secrets… from inside HP

In order to build up a nest egg for a start-up project, French programmer Steve Rigano began selling HP, SAP, and Windows 0day vulnerabilities online for substantial sums of money. The kicker? Rigano was an HP security consultant and on the HP payroll.

The 0day trade is considered by security experts to be something akin to arms dealing. Stockpile enough 0day exploits – exploits that are completely unknown even to the companies they affect and, most importantly, have not been patched – and you have a collection of cyberwar tools unmatched in the industry.

Adam Penenberg at FastCompany interviewed Rigano and his story actually spurred HP to fire Rigano. This just goes to show you that even behemoths don’t know what’s going on in the back offices and that we should all be finding 0days to fund our start-ups.

UPDATE – Rigano writes:

I was never HP employee (but employee in an HP partner company). I never find / discover or sell any HP products bugs, neither HP partner’s bug (as SAP). I have taken legal action action against Fast Company for libelous things.
Moreover I stopped trading vulnerabilities since one year now (so before to work with HP)”