Redazione RHC : 4 November 2025 11:19
Former US defense contractor CEO Peter Williams has pleaded guilty to selling ” eight sensitive, protected cyber exploits” to Russian zero-day broker Operation Zero.
Court documents and a TechCrunch investigation have revealed how the head of a company that developed exploits and tools for Western government cyber operations secretly exported and resold its in-house developments for three years.
According to investigators, a 39-year-old Australian citizen, known to colleagues as ” Doogie ,” stole eight zero-day vulnerabilities that could be used to hack modern devices and operating systems. The expensive tools were intended exclusively for U.S. government agencies and their allies.
Williams estimated the total value of the exploits at $35 million, but only received approximately $1.3 million in cryptocurrency from the broker . The transactions occurred between 2022 and July 2025 via encrypted channels.
Internal L3Harris documents indicate that Williams held ” superuser ” status and had full access to Trenchant’s secure, multi-factor-authentication network , where source code, tools, and activity logs were stored. Access to the infrastructure was granted only to a limited number of specialists.
Thanks to his administrative privileges, he could monitor all traffic, developer activity, and internal projects without restriction. Colleagues described him as “highly trustworthy” and not subject to internal controls.
He exploited this trust. Williams copied exploits and related materials to an external hard drive, removed them from the company’s Sydney and Washington offices, and transferred them to personal devices. He then transferred the data to an intermediary via encrypted channels and instant messaging apps, using the pseudonym “John Taylor” and anonymous email services.
According to case materials, the initial buyer was a broker identified in the documents as “Company #3.” Prosecutors later clarified that this codename was used by the Operation Zero platform, a marketplace offering up to $20 million for iOS and Android exploits . In September 2023, Operation Zero posted an announcement increasing the reward from $200,000 to $20 million for unique hacking tools — it was this post that investigators identified as matching evidence in Williams’ correspondence.
The first deal netted him $240,000 , including a bonus for code support and updates. The parties agreed on a total of $4 million, but he only received $1.3 million . After delivering the exploits, Williams even noticed that some of his code was being used by a South Korean broker , although he had officially sold it to another country: the origin of this resale remains unclear.
In October 2024, Trenchant discovered a leak on one of its products: a software component had ended up in the hands of an unauthorized third party. Williams was appointed head of the internal investigation and stated that there was no evidence of a cyberattack , but that a “former employee” had unauthorizedly connected an isolated device to the internet.
In February 2025, he fired the developer, accusing him of “double-dealing” and stealing Chrome exploits , despite the fact that he was working exclusively on iOS vulnerabilities. The developer later received a notification from Apple regarding an attempt to hack his iPhone using paid spyware. In an interview, the developer stated that he suspected Williams had intentionally framed him to cover up his own actions.
The FBI tracked Williams down in the summer of 2025. During questioning, he suggested he could steal products from a secure network by downloading them to an “air gap device,” a computer without internet access. As it later turned out, that’s exactly what he did. In August, after being confronted with the evidence, Williams confessed to the theft and to selling the equipment to third parties.
The U.S. Department of Justice estimated L3Harris’ losses at $35 million, noting that the transfer of such sophisticated tools could have allowed foreign governments to conduct cyberattacks against “numerous unsuspecting victims.” Each charge carries a maximum penalty of 10 years in prison and a fine of up to $250,000, or twice the amount of the illicit profits. Based on federal guidelines, the judge will impose a prison sentence of seven years and three months to nine years. Williams will also be ordered to pay a fine of up to $300,000 and $1.3 million in restitution. He is under house arrest until his sentencing in January 2026.
Former Trenchant employees called its actions a betrayal of U.S. interests and a blow to confidence in the industry . One engineer said that moving such tools to another country “undermines the foundations of Western cybersecurity and could be used against the very entities these developments were created for.”
Williams’s story has become a major event for the entire offensive security community. Many experts recognize that this incident exposed the weaknesses of the internal access control system for classified developments and demonstrated that even a high level of trust does not protect against insider threats.
Redazione
