The former head of a U.S.-based hacking and surveillance technology firm stole and sold powerful cyber tools capable of compromising millions of computers and devices worldwide, according to U.S. prosecutors, who have now publicly detailed the scope of the case for the first time.
In October, Australian citizen Peter Williams, 39, pleaded guilty to selling eight hacking tools he had taken from his employer, Trenchant, a division of L3Harris. Trenchant develops surveillance-enabling technologies for the U.S. government and its close allies. Court filings show that Williams generated more than $1.3 million in cryptocurrency from those sales between 2022 and 2025, according to the U.S. Department of Justice.
In a court document released Tuesday, federal prosecutors stated that Williams’ conduct “directly harmed” the U.S. intelligence community after he sold the exploits to a Russian firm that lists the Russian government among its clients.
While it had already been disclosed that Williams transferred Trenchant’s exploits, specialised software designed to take advantage of vulnerabilities in other programs to gain unauthorised access to computers or devices, prosecutors now say the eight tools could have enabled widespread government surveillance, cybercrime operations, and ransomware attacks on a global scale.
The new details emerge ahead of Williams’ sentencing, scheduled for February 24 in federal court in Washington, D.C. In their sentencing memorandum, prosecutors argued that the exploits would have allowed the Russian broker and its customers to “potentially access millions of computers and devices around the world, including in the United States.”
The Justice Department has asked the court to impose a nine-year prison sentence, followed by three years of supervised release. Prosecutors are also seeking $35 million in mandatory restitution and a maximum fine of $250,000. Court filings indicate that Williams is expected to be deported to Australia upon completion of his sentence.
In a letter submitted to the judge, Williams expressed remorse for his actions.
“I made choices that directly violated the values I believed in and the trust placed in me by my family, colleagues, and friends,” Williams wrote. “I recognize now that I allowed myself to ignore my obligations and my training, and I failed to seek help or guidance when I knew I was moving in the wrong direction.”
His attorney, John P. Rowley, responded to prosecutors by arguing that none of the stolen tools was classified and that there is no evidence Williams knew the Russian government or any other foreign government would ultimately use the exploits. The defence maintained that Williams did not intend to harm either the United States or Australia. However, he now acknowledges that such harm resulted from his conduct.
When contacted, Justice Department spokesperson Pierson Furnish declined to comment further. Rowley did not respond to requests for additional comment.
From internal investigation to criminal charges
In mid-2025, several individuals familiar with the offensive cybersecurity sector reported that a Trenchant employee had stolen sensitive hacking tools and transferred them to a U.S. adversary.
A former Trenchant staff member later came forward, claiming he had been wrongly terminated after the company accused him of stealing and leaking exploit information.
By October, however, prosecutors formally charged Williams — who also used the alias “Doogie” and served as Trenchant’s general manager at the time — with orchestrating the theft and sale of the company’s tools. Authorities allege he sold the exploits to a Russian broker in exchange for cryptocurrency payments.
Court documents state that Federal Bureau of Investigation agents had been communicating with Williams from late 2024 until his arrest in mid-2025. During that period, Williams was overseeing Trenchant’s internal probe into the breach of its own trade secrets.
Despite being aware of the investigation, prosecutors say Williams continued selling the company’s proprietary exploits — including so-called zero-day vulnerabilities, which exploit software flaws unknown to vendors and therefore unpatched — even after learning that federal authorities were examining the theft and sale of Trenchant’s tools.
Williams also supervised the dismissal of the employee accused of leaking the exploits, according to sources and confirmed in court filings. The terminated employee previously stated he believed he was used as a scapegoat. Weeks after losing his job, he reportedly received a notification from Apple warning that he had been targeted with government spyware, though the circumstances remain unclear.
“[Williams] stood idly by while another employee of the company was essentially blamed for the Defendant’s own conduct,” prosecutors wrote in their sentencing memorandum. “He looked on while an internal corporate investigation falsely cast blame on his subordinate.”
A spokesperson for Trenchant did not respond to inquiries regarding Williams or the company’s internal investigation.
On August 6, FBI agents executed search warrants at Williams’ residence. They confronted him with evidence, including cryptocurrency payment records, the alias he allegedly used when dealing with the Russian broker, and documentation of his agreement with that broker.
Although prosecutors did not identify the broker by name, it is widely believed to be Operation Zero. This firm publicly advertises payouts of up to $20 million for tools that can compromise Android and iOS devices. Operation Zero states that it sells exclusively to the Russian government and affiliated domestic entities.
Prosecutors described the unnamed broker as “one of the world’s most nefarious exploit brokers,” asserting that Williams chose it because, by his own admission, it offered the highest payments.
According to court filings, Williams’ pursuit of financial gain drove his actions. “His desire for more money, a better lifestyle, a bigger home and more jewels and trinkets simply could not be satiated,” prosecutors wrote. “He chose to risk it all to betray his company, his colleagues, and the United States and its allies to satisfy that desire.”
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
