A veteran cybersecurity executive who prosecutors said “betrayed” the United States will spend at least the next seven years behind bars, after pleading guilty to stealing and selling hacking and surveillance tools to a Russian firm.
Peter Williams, a former executive at U.S. defense contractor L3Harris, was sentenced on Tuesday to 87 months in prison for leaking his former company’s trade secrets in exchange for $1.3 million in crypto between 2022 and 2025. Williams sold the exploits to Operation Zero, which the U.S. government calls “one of the world’s most nefarious exploit brokers.”
The successful conviction of Williams follows one of the most high-profile leaks of sensitive Western-made hacking tools in recent years. Even now that the case is over, there are still unanswered questions.
Williams, a 39-year-old Australian citizen who resided in Washington, D.C., was the general manager of Trenchant, the division of L3Harris that develops hacking and surveillance tools for the U.S. government and its closest global intelligence partners. Prosecutors say Williams took advantage of having “full access” to the company’s secure networks to download the hacking tools onto a portable hard drive, and later to his computer. Williams contacted Operation Zero under a pseudonym though, so it’s unclear if Operation Zero ever knew Williams’ real identity.
Trenchant is a crew of hackers and bug hunters who dig deep into other popular software made by companies like Google and Apple, identify flaws in those millions of lines of code, then devise techniques to turn those flaws into workable exploits that can be used to reliably hack into those products. These tools are typically called zero-day exploits because they take advantage of software flaws unknown to its developer, which can be worth millions of dollars.
The U.S. Department of Justice alleged that the hacking tools Williams sold could have allowed whoever used them to “potentially access millions of computers and devices around the world.”
For the past few months, I have been talking to sources and reporting on Williams’ story before news broke that he had been arrested. But what I had heard was patchwork and at times conflicting. I had heard someone had been arrested, but given the secret nature of the work involved in exploit development, proving it would be challenging.
Contact Us Do you have more information about this case, and the alleged leak of Trenchant hacking tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or . Do you have more information about this case, and the alleged leak of Trenchant hacking tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email
When I first heard of Williams, I wasn’t clear that I had even gotten his name right. At that point, his story was a rumor, moving through the hush-hush grapevine of zero-day exploit developers, sellers, and people with ties to the intelligence community.
I heard that maybe he was called John, or perhaps Duggan? Or all the different ways you can spell that in English.
... continue reading