The main takeaway, is that our government and this contractor would sit on these exploits so they can use them, while leaving everyone vulnerable. So a little hypocritical about this employee selling them on the side leaving so many computers vulnerable, though technically it was stolen information from his employer. And to have implicated and fired someone in the company to cover his tracks was pretty diabolical.<\/p>\n\n\n\n
https:\/\/techcrunch.com\/2026\/02\/11\/doj-says-trenchant-boss-sold-exploits-to-russian-broker-capable-of-accessing-millions-of-computers-and-devices\/<\/a><\/p>\n\n\n By Lorenzo Franceschi-Bicchierai<\/p>\n\n\n\n The former boss of a U.S. maker of hacking and surveillance tools stole and sold technology that can hack millions of computers and people worldwide, U.S. prosecutors have confirmed for the first time.<\/p>\n\n\n\n In October, Australian national Peter Williams, 39, pleaded guilty to selling eight hacking tools<\/a> that he stole from his employer Trenchant, a division of the U.S. defense contractor L3Harris, which sells its surveillance-enabling tools to the U.S. government and its closest allies. Williams admitted to making more than $1.3 million in crypto from the sales between 2022 and 2025, per the Justice Department.<\/p>\n\n\n\n In a court document<\/a> published on Tuesday, federal prosecutors said Williams\u2019 actions \u201cdirectly harmed\u201d the U.S. intelligence community by selling the hacking tools to a Russian company, which counts the Russian government among its customers. <\/p>\n\n\n\n While it was known that Williams sold Trenchant\u2019s exploits<\/a> \u2014 software that takes advantage of flaws in other software usually to gain access to someone\u2019s computer or device \u2014 prosecutors now say that these eight tools could have been used to indiscriminately enable government surveillance, cybercrime, and ransomware attacks across the globe. <\/p>\n\n\n\n This latest disclosure comes ahead of Williams\u2019 anticipated sentencing on February 24 in a Washington, D.C., federal court. In its sentencing memorandum, which prosecutors use to persuade a court into handing down the maximum punishment, the Justice Department said that the exploits sold by Williams would have allowed the Russian broker and its customers to \u201cpotentially access millions of computers and devices around the world, including in the United States.\u201d<\/p>\n\n\n\n Prosecutors asked the judge to sentence Williams to nine years in prison, with three years of supervised release, a mandatory restitution of $35 million, and a maximum fine of $250,000. Williams is expected to be deported to Australia after serving his sentence, the memorandum said. <\/p>\n\n\n\n In response to the prosecutors\u2019 memorandum, Williams submitted a letter<\/a> to the judge explaining his decisions, saying that he regretted his actions. <\/p>\n\n\n\n \u201cI made choices that directly violated the values I believed in and the trust placed in me by my family, colleagues, and friends,\u201d wrote Williams. \u201cI recognize now that I allowed myself to ignore my obligations and my training, and I failed to seek help or guidance when I knew I was moving in the wrong direction.\u201d<\/p>\n\n\n\n Williams\u2019 lawyer, John P. Rowley, wrote in response to prosecutors<\/a> that none of the stolen hacking tools were classified, and there was no evidence that Williams knew the tools would end up in the hands of the governments of Russia or another country. His lawyer said that Williams did not intend to harm the U.S. and his native Australia, \u201calthough he now recognizes that was a consequence of his actions.\u201d<\/p>\n\n\n\n When reached by TechCrunch, Justice Department spokesperson Pierson Furnish declined to comment. Rowley, Williams\u2019 attorney, did not respond to a request for comment. <\/p>\n\n\n\n During mid-2025, several sources with knowledge of the offensive cybersecurity industry told TechCrunch that someone working for Trenchant had stolen sensitive hacking tools and sold them to an adversary of the United States. <\/p>\n\n\n\n A former Trenchant employee came forward, telling TechCrunch that he had been wrongly fired after the company accused him of stealing and leaking details of some of the company\u2019s exploits.<\/p>\n\n\n\n But by October, prosecutors formally accused Williams, who also goes by \u201cDoogie\u201d and was Trenchant\u2019s general manager at the time, of being behind the theft of the company\u2019s hacking tools. The U.S. government charged Williams with selling the exploits to a Russian broker in exchange for crypto. <\/p>\n\n\n\n Prosecutors said that FBI agents were in contact with Williams from late 2024 until the time of his arrest in mid-2025, during which he was overseeing Trenchant\u2019s internal investigation into the theft of the company\u2019s secrets.<\/p>\n\n\n\n Despite the ongoing investigation, Williams continued to sell the company\u2019s secrets and exploits<\/a> \u2014 technically known as zero-days<\/a> since the software maker affected hadn\u2019t had time to fix them \u2014 even when he was aware that the FBI was investigating the theft and sale of Trenchant\u2019s hacking tools. <\/p>\n\n\n\n Williams also oversaw the firing of the Trenchant employee accused of leaking the tools,sources told TechCrunch and prosecutors have since confirmed. The fired employee told TechCrunch that he believed he was a scapegoat<\/a> for someone else at the company. Weeks after his firing, the employee received a notification from Apple that he had been targeted with government spyware, which has still not been explained. <\/p>\n\n\n\n \u201c[Williams] stood idly by while another employee of the company was essentially blamed for the Defendant\u2019s own conduct,\u201d the prosecutors wrote in their sentencing memorandum. \u201cHe looked on while an internal corporate investigation falsely cast blame on his subordinate.\u201d<\/p>\n\n\n\n A spokesperson for Trenchant did not respond to a request for comment about Williams or its investigation.<\/p>\n\n\n\n On August 6, FBI agents obtained and executed search warrants for Williams\u2019 home, and then confronted Williams with evidence that showed receipts of crypto payments, the alias he used to interact with the Russian broker that purchased the stolen trade secrets, and his contract with the broker. <\/p>\n\n\n\n The Russian broker is likely Operation Zero, which offers up to $20 million for tools to hack into Android devices and iPhones<\/a>. The company explicitly says<\/a> it only sells to the Russian government and local organizations. <\/p>\n\n\n\n Operation Zero did not return a request for comment.<\/p>\n\n\n\n Prosecutors called the broker, which it did not name, \u201cone of the world\u2019s most nefarious exploit brokers,\u201d and said that Williams chose it because, \u201cby his own admission, he knew they paid the most.\u201d<\/p>\n\n\n\n Williams\u2019 \u201cdesire for more money, a better lifestyle, bigger home and more jewels and trinkets simply could not be satiated, and he chose to risk it all to betray his company, his colleagues, and the United States and its allies to satisfy that desire,\u201d the prosecutors wrote.<\/p>\n","protected":false},"excerpt":{"rendered":" The main takeaway, is that our government and this contractor would sit on these exploits so they can use them, while leaving everyone vulnerable. So a little hypocritical about this employee selling them on the side leaving so many computers vulnerable, though technically it was stolen information from his employer. And to have implicated and […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-15741","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/15741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=15741"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/15741\/revisions"}],"predecessor-version":[{"id":15742,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/15741\/revisions\/15742"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=15741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=15741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=15741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}From scapegoat to sentencing<\/h2>\n\n\n\n