A veteran cybersecurity executive who prosecutors said betrayed the United States will spend at least the next seven years in prison. Peter Williams, a former executive at U.S. defense contractor L3Harris, pleaded guilty to stealing and selling hacking and surveillance tools to a Russian firm. He was sentenced on Tuesday to 87 months in prison for leaking his former company’s trade secrets in exchange for $1.3 million in cryptocurrency between 2022 and 2025.
Williams sold the exploits to Operation Zero, which the U.S. government calls one of the world’s most nefarious exploit brokers. This successful conviction follows one of the most high-profile leaks of sensitive Western-made hacking tools in recent years. Even now that the case is over, many questions remain unanswered.
Williams, a 39-year-old Australian citizen who lived in Washington, D.C., was the general manager of Trenchant. This division of L3Harris develops hacking and surveillance tools for the U.S. government and its closest global intelligence partners. Prosecutors say Williams used his full access to the company’s secure networks to download hacking tools onto a portable hard drive and later to his computer. He contacted Operation Zero under a pseudonym, so it is unclear if the Russian broker ever knew his real identity.
Trenchant is a team of hackers who find flaws in popular software from companies like Google and Apple. They turn those flaws into workable exploits, known as zero-days because they take advantage of software weaknesses unknown to the developer. These tools can be worth millions of dollars.
The U.S. Department of Justice alleged the hacking tools Williams sold could have allowed whoever used them to potentially access millions of computers and devices around the world.
For months before his arrest became public, reporters were piecing together a patchwork of information from sources. The story moved through the secretive world of zero-day exploit developers and sellers. Initial rumors were contradictory, mentioning different names and potential buyers like Russia, North Korea, or China. It took weeks to confirm a person even fit the description, and longer to confirm it was Peter Williams of Trenchant.
Reporting revealed that Trenchant had fired an employee after Williams, while still head of Trenchant, accused that employee of stealing and leaking code. Intriguingly, after being fired, that employee received a notification from Apple that his personal iPhone had been targeted with a mercenary spyware attack. This was just the tip of the iceberg.
Prosecutors later made their first formal accusation against a man named Peter Williams for stealing trade secrets, confirming the buyer was in Russia. However, the initial court documents did not name L3Harris, Trenchant, or specify that the secrets were zero-days. Only after confirmation from the Department of Justice was the full story clear. Williams pleaded guilty a week later.
Prosecutors allege Williams acted for money, which he used to buy a house, jewelry, and luxury watches. It was a remarkable fall for someone once seen as an accomplished hacker who had worked for Australia’s top foreign spy agency and served in its military.
We still do not know specifically which exploits Williams stole and sold. Trenchant estimated a loss of $35 million but said the stolen tools were not classified government secrets. Given the Justice Department’s statement that the tools could hack millions of devices, they likely were zero-days for popular consumer software like Android, iOS, and web browsers.
Evidence points in this direction. During a hearing, prosecutors read a post from Operation Zero that mentioned increasing payouts for top-tier mobile exploits for Android and iOS, noting the end user is a non-NATO country. Operation Zero offers millions of dollars for vulnerabilities in Android, iPhones, Telegram, Microsoft Windows, and other software and hardware. The broker claims to work with the Russian government. Williams sold the exploits after Putin’s full-scale invasion of Ukraine began.
On the day Williams was sentenced, the U.S. Treasury imposed sanctions against Operation Zero and its founder, calling the company a national security threat. This confirmed Williams sold the exploits to them. The Treasury stated the broker sold those stolen tools to at least one unauthorized user, who could be a foreign intelligence service or a ransomware gang.
A court document indicated L3Harris discovered an unauthorized vendor selling a component of a stolen trade secret by matching company-specific data. Prosecutors also said Williams recognized code he wrote and sold being used by a South Korean broker, suggesting authorities know which tools were stolen.
A major unanswered question is whether the U.S. government or L3Harris alerted tech companies like Apple or Google, whose products were affected, so they could patch the flaws. When asked, Apple, Google, and L3Harris did not respond.
Another mystery involves the scapegoated employee who was fired after Williams accused him of the theft. At sentencing, prosecutors confirmed Williams stood idly by while another employee was blamed for his conduct. Williams’ attorney claimed that employee was fired for separate misconduct, including dual-employment and improper handling of intellectual property.
As part of L3Harris’s internal investigation, the company seized that employee’s devices and offered them to the FBI. After being fired, that employee, identified with the alias Jay Gibson, received an Apple notification that his iPhone was targeted with a mercenary spyware attack in March 2025. This was more than six months after the FBI investigation into Williams began.
Who tried to hack Gibson? Given the nature of the leaked tools, it is plausible the FBI or another U.S. intelligence agency targeted him as part of the investigation. However, we do not know, and the public may never find out.