The former head of a U.S. maker of hacking and surveillance tools stole and sold technology capable of hacking millions of computers and devices worldwide, according to U.S. prosecutors. Australian national Peter Williams, aged 39, pleaded guilty in October to selling eight hacking tools that he stole from his employer, Trenchant. Trenchant is a division of the U.S. defense contractor L3Harris, which sells surveillance tools to the U.S. government and its allies. Williams admitted to making over $1.3 million in cryptocurrency from these sales between 2022 and 2025.
In a recently published court document, federal prosecutors stated that Williams’ actions directly harmed the U.S. intelligence community. He sold the hacking tools to a Russian company that counts the Russian government among its customers. Prosecutors revealed these eight tools could have been used to enable indiscriminate government surveillance, cybercrime, and ransomware attacks globally. The tools are exploits, which are software that takes advantage of flaws in other software to gain access to computers or devices.
This disclosure comes ahead of Williams’ sentencing scheduled for February 24 in a Washington, D.C. federal court. In a sentencing memorandum, the Justice Department argued the exploits would have allowed the Russian broker and its customers to potentially access millions of computers and devices around the world, including in the United States. Prosecutors have asked the judge to sentence Williams to nine years in prison, followed by three years of supervised release. They also seek mandatory restitution of $35 million and a maximum fine of $250,000. Williams is expected to be deported to Australia after serving his sentence.
In a letter to the judge, Williams expressed regret for his actions, stating he made choices that violated his values and the trust placed in him by his family, colleagues, and friends. His lawyer, John P. Rowley, argued in a response that none of the stolen tools were classified and there was no evidence Williams knew they would end up with the Russian or another foreign government. The lawyer said Williams did not intend to harm the U.S. or Australia, though he now recognizes that was a consequence.
The case unfolded after sources in the offensive cybersecurity industry indicated in mid-2025 that someone at Trenchant had stolen and sold sensitive tools to a U.S. adversary. A former Trenchant employee came forward, saying he was wrongly fired and blamed for the leak. By October, prosecutors formally accused Williams, Trenchant’s general manager at the time, who also goes by “Doogie.”
Prosecutors stated that FBI agents were in contact with Williams from late 2024 until his arrest in mid-2025, while he was overseeing Trenchant’s internal investigation into the theft. Despite this, Williams continued to sell the company’s secrets, which included zero-day exploits, meaning the software flaws had not yet been fixed. Williams also oversaw the firing of the employee wrongly accused of the leak. That employee later received a notification from Apple that his iPhone had been targeted with government spyware, an incident that remains unexplained.
Prosecutors wrote that Williams stood by while another employee was falsely blamed for his conduct. FBI agents executed search warrants at Williams’ home on August 6, confronting him with evidence of cryptocurrency payments, an alias used to interact with the Russian broker, and his contract. The Russian broker, likely a company called Operation Zero which offers large sums for hacking tools and says it sells only to the Russian government, was described by prosecutors as one of the world’s most nefarious exploit brokers. They stated Williams chose this broker because he knew they paid the most.
Prosecutors concluded that Williams’ desire for more money and a better lifestyle led him to betray his company, colleagues, and the United States and its allies.