Peter Williams, former general manager of defense contractor L3Harris, has pleaded guilty to selling surveillance technology to Russian brokers who purchase “cyber tools,” the U.S. Department of Justice confirmed Wednesday.
“This material, stolen over a three-year period from a U.S. defense contractor for which he worked, consisted of national security-focused software containing at least eight classified and protected cyber exploit components,” a Department of Justice press release on Wednesday said. “These parts were intended to be sold exclusively to the U.S. government and some allied nations.”
TechCrunch previously exclusively reported, citing four former Trenchant employees, that the company was investigating a leak of hacking tools. Prosecutors now allege that Williams abused his access to the company's “secure network” to steal components of a cyber exploit.
Mr. Williams led Trenchint, the division at L3Harris that develops spyware, exploits, and zero-days, which are security vulnerabilities in software of unknown origin. Trentint sells its surveillance technology to government customers in Australia, Canada, New Zealand, the United States and the United Kingdom, the so-called Five Eyes intelligence alliance. Trentint was founded after L3Harris acquired two sister Australian startups, Azimuth and Linchpin Labs, in 2019. Both companies developed zero-days and sold them to the Five Eyes alliance.
The Justice Department said Williams, a 39-year-old Australian national living in Washington, D.C., sold the exploit to an unnamed Russian broker, promising millions of dollars in virtual currency in exchange. Trenchent's former general manager allegedly entered into an agreement with the broker that provided for an initial payment for exploitation and periodic payments for “subsequent” support.
Prosecutors did not name the Russian broker to whom Williams sold, but said the broker publicly identified itself as a reseller of the exploit to multiple customers, including the Russian government.
Contact Us Do you have more information about this incident and the alleged leak of Trenchint's hacking tools? You can contact Lorenzo Franceschi-Bicchierai securely from a non-work device on Signal (+1 917 257 1382) or on Telegram, Keybase and Wire @lorenzofb, or by email.
U.S. Attorney Jeanine Pirro said Wednesday that the brokers to whom Williams sold the exploits are part of the “next wave of international arms dealers.” Pirro said Williams' crimes cost Trenchent more than $35 million.
“Mr. Williams betrayed the United States and his employer by first stealing and then selling intelligence software,” said John A. Eisenberg, assistant attorney general for national security. “His actions were intentional and deceptive and jeopardized national security for personal gain.”
L3Harris spokesperson Sara Banda declined to comment when contacted by TechCrunch on Wednesday.
Williams' attorney did not immediately respond to a request for comment.
On October 14, the U.S. government accused Mr. Williams, known in the industry as “Doogie,” of selling trade secrets to a Russian buyer, but did not say what the trade secrets were or which company he stole them from. According to documents filed in mid-October, Williams made $1.3 million from selling the exploit.
Mr. Williams pleaded guilty to two counts of stealing trade secrets, each of which carries a potential sentence of 10 years in prison. Prosecutors say he is scheduled to be sentenced in January 2026.
According to Risky Business host and journalist Patrick Gray, Williams is currently under house arrest in the Washington, D.C., area, where he lives. Mr Gray said Mr Williams worked for the Australian Signals Directorate, the country's premier signals intelligence and eavesdropping agency.
When previously contacted by TechCrunch, an ASD spokesperson would not comment on Williams, citing law enforcement issues.
Last week, TechCrunch reported that Williams fired a torrent developer suspected of stealing a Chrome zero-day earlier this year. A former Trenchant employee told TechCrunch that he never had access to these tools because he worked on zero-day development for iOS. Other former colleagues supported his claims.
“I know I was the scapegoat. I wasn't at fault. It's that simple,” the exploit developer told TechCrunch. “I didn't do anything but work hard for them.”