How an ex-L3 Harris Trenchant boss stole and offered cyber exploits to Russia by means of NewsFlicks

Peter Williams, the previous common supervisor of Trenchant, a department of protection contractor L3Harris that develops surveillance and hacking equipment for Western governments, pleaded accountable closing week to stealing a few of the ones equipment and promoting them to a Russian dealer.  

A court docket report filed within the case, in addition to unique reporting by means of TechCrunch and interviews with Williams’ former colleagues, defined how Williams was once ready to thieve the extremely precious and delicate exploits from Trenchant. 

Williams, a 39-year-old Australian citizen who was once identified within the corporate as “Doogie,” admitted to prosecutors that he stole and offered 8 exploits, or “zero-days,” which might be safety flaws in device which might be unknown to its maker and are extraordinarily precious to hack right into a goal’s units. Williams mentioned a few of the ones exploits, which he stole from his personal corporate Trenchant, had been price $35 million, however he handiest gained $1.3 million in cryptocurrency from the Russian dealer. Williams offered the 8 exploits over the process a number of years, between 2022 and July 2025. 

Due to his place and tenure at Trenchant, in step with the court docket report, Williams “maintained ‘super-user’ entry” to the corporate’s “interior, access-controlled, multi-factor authenticated” protected community the place its hacking equipment had been saved, and to which handiest workers with a “wish to know” had entry.  

As a “super-user,” Williams may just view the entire job, logs, and knowledge related to Trenchant’s protected community, together with its exploits, the court docket report notes. Williams’ corporate community entry gave him “complete entry” to Trenchant’s proprietary knowledge and business secrets and techniques. 

Abusing this wide-ranging entry, Williams used a conveyable exterior laborious force to switch the exploits out of the protected networks in Trenchant’s places of work in Sydney, Australia and Washington D.C., after which onto a private tool. At that time, Williams despatched the stolen equipment by means of encrypted channels to the Russian dealer, according to the court docket report.  

A former Trenchant worker with wisdom of the corporate’s interior IT techniques informed TechCrunch that Williams “was once within the very top echelon of consider” throughout the corporate as a part of the senior management workforce. Williams had labored on the corporate for years, together with previous to L3Harris’ acquisition of Azimuth and Linchpin Labs, two sister startups that merged into Trenchant.  

“He was once, in my view, looked as if it would be past reproach,” mentioned the previous worker, who requested to stay nameless as they weren’t approved to talk about their paintings at Trenchant.  

“No person had any supervision over him in any respect. He was once roughly allowed to do issues the way in which he sought after to,” they mentioned. 

Every other former worker, who additionally requested not to be named, mentioned that “the overall consciousness is that whoever is the [general manager] would have unfettered entry to the whole lot.” 

Prior to the purchase, Williams labored at Linchpin Labs, and ahead of then at Australian Alerts Directorate, the rustic’s intelligence company tasked with virtual and digital eavesdropping, in step with the cybersecurity podcast Dangerous Trade.  

Sara Banda, a spokesperson for L3Harris didn’t reply to a request for remark.  

‘Grave harm’ 

In October 2024, Trenchant “was once alerted” that one among its merchandise had leaked and was once within the ownership of “an unauthorized device dealer,” according to the court docket report. Williams was once put answerable for the investigation into the leak, which dominated out a hack of the corporate’s community however discovered {that a} former worker “had improperly accessed the web from an air-gapped tool,” in step with the court docket report.  

As TechCrunch up to now and completely reported, Williams fired a Trenchant developer in February 2025 after accusing him of being double hired. The fired worker later discovered from a few of his former colleagues that Williams accused him of stealing Chrome zero-days, which he had no entry to since he labored on creating exploits for iPhones and iPads. By way of March, Apple notified the previous worker that his iPhone have been centered by means of “mercenary spy ware assault.”  

In an interview with TechCrunch, the previous Trenchant developer mentioned he believed Williams framed him to hide up his personal movements. It’s unclear if the previous developer is identical worker discussed within the court docket report.  

In July, the FBI interviewed Williams, who informed the brokers that “the perhaps means” to thieve merchandise from the protected community could be for any individual with entry to that community to obtain the goods to an “air‑gapped tool […] like a cell phone or exterior force.” (An air-gapped tool is a pc or server that has no entry to the web.)  

Because it grew to become out, that’s precisely what Williams confessed to the FBI in August after being faced with proof of his crimes. Williams informed the FBI that he identified his code being utilized by a South Korean dealer after he offered it to the Russian dealer; although, it stays unclear how Trenchant’s code ended up with the South Korean dealer first of all. 

Williams used the alias “John Taylor,” a overseas electronic mail supplier, and unspecified encrypted apps when interacting with the Russian dealer, most likely Operation 0. That is a Russia-based dealer that provides as much as $20 million for equipment to hack Android telephones and iPhones, which it says it sells to “Russian personal and executive organizations handiest.”  

Stressed out was once first to record that Williams most likely offered the stolen equipment to Operation 0, for the reason that the court docket report mentions a September 2023 publish on social media saying an building up within the unnamed dealer’s “bounty payouts from $200,000 to $20,000,000,” which fits an Operation 0 publish on X on the time.  

Operation 0 didn’t reply to TechCrunch’s request for remark.  

Williams offered the primary exploit for $240,000, with the promise of extra bills after confirming the instrument’s efficiency, and for next technical fortify to stay the instrument up to date. After this preliminary sale, Williams offered any other seven exploits, agreeing to a complete fee of $4 million, even if he ended up handiest receiving $1.3 million, in step with the court docket report.  

Williams’ case has rocked the offensive cybersecurity neighborhood, the place his rumored arrest have been a subject of dialog for weeks, in step with a couple of individuals who paintings within the business.  

A few of these business insiders see Williams’ movements as inflicting grave harm. 

“It’s a betrayal to the Western nationwide safety equipment, and it’s a betrayal against the worst roughly risk actor that we’ve got at the moment, which is Russia,” mentioned the previous Trenchant worker with wisdom of the corporate’s IT techniques informed TechCrunch.  

“As a result of those secrets and techniques had been given to an adversary that totally goes to undermine our functions and goes to probably even use them towards different goals.”