Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Peter Williams, former managing director of Trenchant, a division of defense contractor L3Harris that develops surveillance and hacking tools for Western governments. He pleaded guilty last week to stealing some of those tools and selling them to a Russian intermediary.
The court document filed in this case, along with exclusive reporting by TechCrunch and interviews with Williams’ former colleagues, explained how Williams was able to steal high-value and sensitive exploits from Trenchant.
Williams, a 39-year-old Australian citizen known within the company as “Doogie,” admitted to prosecutors that he stole and sold eight exploitative software, or “Zero daysWilliams said some of these vulnerabilities, which he stole from his own company, Trenchant, were worth $35 million, but he only received $1.3 million in cryptocurrency from the Russian broker. Williams sold the eight vulnerabilities over several years, between 2022 and July 2025.
Thanks to his position and tenure at Trenchant, according to the court document, Williams “maintained ‘super user’ access” to the company’s “internal, access-controlled, multi-factor authenticated” secure network where its hacking tools were stored and which was accessible only to employees with a “need to know.”
As a “privileged user,” Williams can view all activity, logs and data associated with the secure Trenchant network, including its exploits, the court document states. Access to Williams’ corporate network gave him “full access” to Trenchant’s private information and trade secrets.
Exploiting this widespread access, Williams used an external portable hard drive to transfer the vulnerabilities from secured networks at Trenchant’s offices in Sydney, Australia, and Washington, D.C., and then to a personal device. At that point, Williams sent the stolen tools via encrypted channels to the Russian intermediary, according to the court document.
A former Trenchant employee with knowledge of the company’s internal IT systems told TechCrunch that Williams was “at the highest levels of trust” within the company as part of the senior leadership team. Williams has worked at the company for years, including before its acquisition by L3Harris Azimuth f Axis Laboratoriestwo sisters start it Merged into Trenchant.
“He was seen, in my opinion, as above suspicion,” said the former employee, who requested anonymity because he was not authorized to talk about their work at Trenchant.
“No one had any supervision over him at all. He was allowed to do things the way he wanted,” they said.
Contact us
Do you have more information about this case and the alleged leak of Trenchant hacking tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram, Keybase, Wire @lorenzofb, or By email.
“The general awareness is that whoever it is (the general manager) will have unfettered access to everything,” said another former employee, who also requested to remain anonymous.
Before the acquisition, Williams worked at Linchpin Labs, and before that at the Australian Signals Directorate, the Australian intelligence agency tasked with digital and electronic eavesdropping, according to The Guardian. Cybersecurity Podcast Risky Business.
Sarah Panda, a spokeswoman for L3Harris, did not respond to a request for comment.
“Severe damage”
In October 2024, Trenchant was “alerted” that one of its products had leaked and was in the possession of an “unauthorized software intermediary,” according to the court document. Williams was put in charge of the leak investigation, which ruled out a hack into the company’s network, but found that a former employee “improperly accessed the Internet from a hole-in-the-wall device,” according to the court document.
As TechCrunch previously and exclusively reportedWilliams fired one of Trenchant’s developers in February 2025 after he accused him of double-duty. The fired employee later learned from some former colleagues that Williams had accused him of stealing Chrome Zero-Days software, which he had no access to since he was developing exploits for iPhone and iPad. By March, Apple informed the former employee that his iPhone had been targeted by a “mercenary spyware attack.”
In an interview with TechCrunch, the former Trenchant developer said he believes Williams framed him to cover up his actions. It is unclear whether the previous developer is the same employee mentioned in the court document.
In July, the FBI interviewed Williams, who told agents that the “most likely way” products could be stolen from the secured network was for someone with access to that network to download the products to an “air-vented device… such as a cell phone or an external drive.” (A hard-wired device is a computer or server that does not have access to the Internet.)
As it turned out, that’s exactly what Williams admitted to the FBI in August after being confronted with evidence of his crimes. Williams told the FBI that he recognized his code being used by a South Korean broker after he sold it to the Russian broker. However, it is still unclear how the Trenchant code ended up with the South Korean broker.
Williams used the alias “John Taylor,” a foreign email provider, and unspecified encrypted applications when interacting with the Russian intermediary, likely “Operation Zero.” This is it Russia-based broker offers up to $20 million For tools to hack Android and iPhone phones, which it says it sells to “Russian private and government organizations only.”
Wired was first to report Williams likely sold the stolen tools to Operation Zero, since the court document cites a September 2023 social media post announcing an increase in “reward payments to the unnamed intermediary from $200,000 to $20,000,000,” which matches Operation Zero post on X at that time.
Operation Zero did not respond to TechCrunch’s request for comment.
Williams sold the first exploit for $240,000, with the promise of additional payments after confirming the tool’s performance, and for subsequent technical support to keep the tool updated. After that initial sale, Williams sold seven more exploits, agreeing to pay a total of $4 million, though he ultimately received only $1.3 million, according to the court document.
Williams’ case has rocked the offensive cybersecurity community, where rumors of his arrest have been a topic of discussion for weeks, according to several people who work in the industry.
Some industry insiders see Williams’ actions as causing serious damage.
“It’s a betrayal of the Western national security apparatus, and a betrayal toward the worst kind of threat we have now, which is Russia,” the former Trenchant employee, who has knowledge of the company’s IT systems, told TechCrunch.
“Because these secrets have been given to an adversary who will certainly undermine our capabilities and potentially use them against other targets.”
