How an ex-L3 Harris Trenchant boss stole and sold cyber exploits to Russia

Peter Williams, the former general manager of Trenchant—part of defense contractor L3Harris—has pleaded guilty to charges of stealing and selling classified hacking tools to a broker in Russia. A recent court filing and exclusive insights from TechCrunch, along with interviews with previous colleagues, reveal the shocking methods Williams employed to illicitly acquire and sell these sensitive cyber exploits. At 39 years old, Williams, who was known within the company by the nickname 'Doogie,' confessed to stealing eight zero-day exploits—security vulnerabilities unknown to software creators that hold immense value for cybercriminals. He estimated the worth of these exploits to be around $35 million, yet he received only $1.3 million in cryptocurrency from the Russian intermediary. The crimes spanned several years, occurring between 2022 and July 2025. Court documents indicate that Williams held 'super-user' access to Trenchant’s secure network, which was designed to be accessible only to staff with specific clearance. This level of access allowed him to view detailed logs and data related to the company's proprietary hacking tools. Exploiting this privilege, he transferred the exploits to a personal device using an external hard drive, subsequently sending the stolen tools to the Russian broker through encrypted channels. Former colleagues have noted that Williams was considered highly trustworthy within the organization, having worked there for several years, including before L3Harris acquired two affiliated firms that merged into Trenchant. One anonymous source remarked on his unmonitored autonomy, stating that he was perceived as beyond reproach and had no oversight. In October 2024, Trenchant discovered that one of its products had been compromised and was in the hands of an unauthorized broker. Ironically, Williams was tasked with investigating the leak, which initially ruled out a company-wide breach. Instead, it found that a former employee had improperly accessed the internet from a secure device. Williams later terminated this employee, alleging misconduct, but the former worker believed he was being set up to distract from Williams' own actions. In July, the FBI questioned Williams, who pointed out the vulnerability of the secure network to someone with access. He later admitted his role in transferring the exploits to an external drive. Interestingly, after selling the tools, he noticed his code being utilized by another broker in South Korea. Williams had communicated with the Russian broker under the alias 'John Taylor' using an encrypted email service and applications. The broker, believed to be linked to a group known as Operation Zero, reportedly offers up to $20 million for hacking tools, intended solely for Russian governmental and private entities. Williams received $240,000 for the first exploit, with additional payments promised based on the tool's performance and maintenance. Ultimately, while he was due to receive $4 million for the total transaction, he ended up with just $1.3 million. Williams' actions have sent shockwaves through the offensive cybersecurity sector, where discussions of his rumored arrest had been rampant. Industry insiders express grave concerns, viewing his betrayal as a significant threat to Western national security, especially as these vulnerabilities could empower adversaries like Russia against various targets.