A seasoned cybersecurity executive accused of betraying the U.S. is facing seven years in prison after admitting to selling hacking tools to a Russian firm. Peter Williams, a former executive at L3Harris, was sentenced to 87 months for trading confidential company exploits for $1.3 million in cryptocurrency from 2022 to 2025. He sold these to Operation Zero, described by the U.S. government as a notorious exploit broker.
The conviction marks a significant leak of high-profile Western hacking tools. Despite the case’s conclusion, many questions remain. Williams, a 39-year-old Australian living in D.C., managed Trenchant at L3Harris, developing tools for the U.S. government. Prosecutors claim Williams exploited his unrestricted access to secure networks, copying tools onto a portable drive for later sale, while obscuring his identity from Operation Zero.
Trenchant, known for creating zero-day exploits—vulnerabilities unknown to software developers that fetch millions—works with software like Google and Apple. The hacking tools Williams sold could have compromised millions of devices globally, according to the U.S. Department of Justice.
Before Williams’ arrest, initial reports were fragmented and unclear, with rumors of zero-day thefts potentially tied to various adversaries. Williams’ middle name, John, and his nickname, Doogie, added to the confusion. Over time, details coalesced.
In October, Trenchant dismissed an employee after Williams accused them of leaking Chrome vulnerabilities, followed by Apple alerting the ex-employee of a targeted iPhone attack. The employee denied misconduct. Eventually, the prosecution linked Williams to the Russian buyer, though initial documents didn’t name L3Harris or the zero-days.
The Treasury subsequently sanctioned Operation Zero, labeling it a security threat in its first public link to Williams. Operation Zero, which offers significant payouts for vulnerabilities in popular software like Android, iOS, and more, allegedly collaborates with the Russian government.
Williams used the illicit proceeds for luxury purchases, drastically shifting from his respected status as a hacker and former foreign intelligence official. The court acknowledged the stolen tools harmed L3Harris, estimated at a $35 million loss, noting their non-classification as state secrets.
The Justice Department asserted the exploited tools targeted widespread consumer software, potentially affecting millions of global devices. Yet, which exact tools were stolen remains undisclosed. During hearings, prosecutors highlighted Operation Zero’s claims regarding market demands for mobile exploits, further linking Williams to high-stakes espionage trades.
A court document detailed L3Harris’s identification of these components sold unlawfully, a claim supported by Williams recognizing his own code use by a foreign broker. This suggests L3Harris and law enforcement identified the misappropriated tools.
The case left several unresolved queries, including whether affected companies like Apple or Google were notified about the exploits. Despite repeated contact attempts, neither company, nor L3Harris, has responded.
Another mystery involves the wrongly accused ex-employee, dismissed after Williams falsely implicated them. Though claimed as misconduct by Williams’ lawyer, the Justice Department rebutted, stating Williams allowed blame to shift onto another. Post-firing, the ex-employee received an Apple alert of a spyware attack on their device. The party responsible for this remains unidentified.
The FBI or U.S. intelligence agencies might have pursued the ex-employee during investigations, given the nature of the tools and coinciding timelines. However, the true instigator of this spyware attempt, like other aspects of the saga, may remain undisclosed to both the public and those directly involved.