Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A former cybersecurity chief who prosecutors said “betrayed” the United States will spend the next seven years in prison after pleading guilty to stealing and selling hacking and surveillance equipment to a Russian company.
Peter Williams, a former executive at US Defense contractor L3Harris, was sentenced Tuesday to 87 months in prison for releasing the secrets of his former company in exchange for $ 1.3 million in crypto between 2022 and 2025. Williams sold what happened to Operation Zero, which the US government calls “one of the most destructive people in the world.”
Williams’ winning streak follows one of the most successful white-knuckled rackets in recent years. Even now that the case is over, there are still unanswered questions.
Williams, a 39-year-old Australian who lives in Washington, DC, was the general manager of Trenchant, a division of L3Harris that makes surveillance equipment for the US government and its allies around the world. Critics say so Williams took advantage of the “full range” of the company’s secure network downloading the hacking tools onto a portable hard drive, and then onto his computer. Williams contacted Operation Zero under a pseudonym, so it is unclear whether Operation Zero ever knew who Williams was.
Trenchant is a group of hackers and bug hunters who dig deep into popular software developed by companies such as Google and Apple, identify flaws in millions of lines of code, and then develop methods to convert those flaws into hard code that can be used to reliably break those products. These tools are often called day zero exploits because they take advantage of software bugs unknown to the developer, which it can be millions of dollars.
The The US Department of Justice said that the hacking tools that Williams sold could have allowed anyone who used them “to access millions of computers and devices around the world.”
For the past several months, I have been talking to sources and reporting on the Williams story before the news broke he had been arrested. But what I heard was anecdotal and sometimes contradictory. I heard that someone has been arrested, but because of the secrecy of the work involved in the development, it would be difficult to confirm.
contact us
Do you have any information on this, and the leak of Trenchant hacks? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or on email.
When I first heard about Williams, I didn’t know his name was correct. At the time, the story was a rumor, circulating among developers, vendors, and people with zero-day engagements.
I heard he was probably called John, or Duggan? Or different ways to pronounce it in English.
Some of the first rumors I heard were conflicting. It seems that they stole the zero days from Trenchant, and maybe sold them to Russia, or maybe another enemy of the United States and its allies, like North Korea or China?
It took weeks to confirm that there was indeed someone who fit that description. (It turned out that Williams’ middle name is John, and Doogie is his nickname in the vandalism circles.)
Then, as the reporting weeks wore on, things began to clear up.
The Russian Federation
Like I first revealed it in OctoberTrenchant fired an employee after Williams, who is still the head of Trenchant, accused the employee of stealing and skipping Chrome zero days. The story was particularly interesting because the employee told me that after he was fired, Apple notified him that someone had looked into his iPhone.
What I learned was just a tip. I had heard a lot from my sources, but we were putting together some parts of the story.
Soon after, prosecutors filed the first indictment against a man named Peter Williams for stealing trade secrets, the first to appear in federal courts in the United States. In the first court filing, prosecutors confirmed that the buyer of the trade secrets was a buyer in Russia.
However, there was no clear statement of L3Harris or Trenchant, and that the trade secrets Williams stole were zero-days. Fortunately, we still haven’t confirmed that it was the same Peter Williams, who we thought might have a chance to take on a more serious role as Trenchant’s boss, rather than some misguided case.
Us on it doesn’t exist.
Shortly and with nothing to lose, we contacted the Department of Justice to ask if they could confirm that the person in the document was Peter Williams, who was the head of L3Harris Trenchant. The prophet confirmed.
Finally, the story ended. A week later, Williams agreed.
As soon as I heard about his story, while I trusted my sources, I became skeptical. Why would someone like Williams do what the rumors said? But he did, and he did it for money, prosecutors say, which Williams bought houses, bracelets, and luxury watches.
It was a remarkable fall for Williams, who was once seen as a stealthy and highly intelligent man, especially for someone who previously worked for Australia’s foreign intelligence agency and served in the country’s military.
What happened and what was stolen?
We still don’t know what weapons Williams stole and sold. Trenchant is said to have lost $35 million, according to court documents. But Williams’ lawyers say the stolen weapons are not classified as a government secret.
We can get some wisdom depending on the situation of the matter.
Since the Justice Department said the stolen tools could be used to hack “millions of computers and devices,” the tools may be referring to zero days in popular consumer software, such as Android devices, Apple’s iPhones and iPads, and browsers.
There is some evidence to show their side. At last year’s hearing, prosecutors read aloud post published on X and Operation Zero, according to freelance cybersecurity reporter Kim Zetterwho attended the trial.
“Due to increased demand in the market, we are increasing the premiums on premium smartphones,” read the post, which specifically mentioned Android and iOS. “As always, the user is a non-NATO country.”
Operation Zero they give millions of dollars to learn more about the security of Android devices and iPhones, messaging apps like Telegramalso other types of softwaresuch as Microsoft Windows, and hardware vendors, such as several types of servers and routers.
Operation Zero what to say working with the Russian government. By the time Williams sold the stock to a Russian broker, Putin’s full-scale invasion of Ukraine was already underway.
On the same day Williams was sentenced, the US Treasury announced that he had imposed sanctions against Operation Zero and its founder Sergey Zelenyuk, calling the company a national security threat. It was the first time the government had confirmed that Mr Williams had sold information about Operation Zero.
In a statement, the Treasury said the seller “sold the stolen weapons to one unauthorized person.” At this time we do not know who this person is. The operator could be a foreign intelligence, or it could be a ransom group, because the Treasury also recognized Oleg Vyacheslavovich Kucherov, a member of the Trickbot group, who also allegedly worked with Operation Zero.
In a court filing, prosecutors said L3Harris was able to identify an “unauthorized seller selling a single component” of the stolen secrets “by comparing the company’s information to the stolen products that are similar.”
Prosecutors also said that Williams “discovered the code he wrote and sold” to Operation Zero “was being used by a South Korean broker,” implying that L3Harris and prosecutors knew of the weapons stolen and sold to Operation Zero.
Another unanswered question is: Did anyone, the US government or L3Harris, warn Apple, Google, or whatever tech company was involved in the zero-day bug, since the incident went down?
Any company or software developer would like to know that someone could have used (or could still use) a zero-day against users and customers so that they can fix the bugs as soon as possible. And for now, zero days are irrelevant to L3Harris and its government customers.
When I asked Apple and Google, neither company responded. L3Harris also did not respond.
Who broke the scapegoat, and why?
Then there’s the mystery of the scapegoat, who was fired after Williams accused him of stealing and leaking code.
In making the decision, attorneys for the Department of Justice it has been confirmed that the employee was fired, said Williams “stood by when another employee of the company was held accountable for (his) conduct.” In response, Williams’ attorney denied the allegations, saying the former employee was “fired for misconduct,” citing allegations of double duty and mismanagement of the company’s intellectual property.
According to a court document filed by Williams’ lawyers, as part of an internal investigation of L3Harris, the company placed the employee on leave, confiscated his equipment, transferred it to the US, “and turned it over to the FBI.”
Asked for comment, an unnamed FBI spokeswoman said the bureau had nothing to add other than the Justice Department. Press release.
After being fired, the employee, who we identified as Jay Gibson, received a notification from Apple that his iPhone was being targeted “with an espionage problem”.
apple sending this information for users thinking they were the target of an attack using tools such as those developed by NSO Group or Intellexa.
Who tried to hack Gibson? He received the information on March 5, 2025, six months after the FBI’s investigation began. The FBI “will be in regular contact with (Williams) in the fall of 2024 through the summer of 2025,” according to a court document.
Given the nature of the leaked material, it makes sense that the FBI, or indeed the US law enforcement agency, targeted Gibson as part of the investigation into the Williams leak. But we don’t know, and there’s a chance that neither the public, nor Gibson, will.
It has been amended to clarify paragraph 22 regarding the lack of resources for Williams’ lawyers.
