The former boss of a U.S. maker of hacking and surveillance tools stole and sold technology that can hack millions of computers and people worldwide, U.S. prosecutors have confirmed for the first time.

In October, Australian national Peter Williams, 39, pleaded guilty to selling eight hacking tools that he stole from his employer Trenchant, a division of the U.S. defense contractor L3Harris, which sells its surveillance-enabling tools to the U.S. government and its closest allies. Williams admitted to making more than $1.3 million in crypto from the sales between 2022 and 2025, per the Justice Department.

In a court document published on Tuesday, federal prosecutors said Williams’ actions “directly harmed” the U.S. intelligence community by selling the hacking tools to a Russian company, which counts the Russian government among its customers. 

While it was known that Williams sold Trenchant’s exploits — software that takes advantage of flaws in other software usually to gain access to someone’s computer or device — prosecutors now say that these eight tools could have been used to indiscriminately enable government surveillance, cybercrime, and ransomware attacks across the globe. 

This latest disclosure comes ahead of Williams’ anticipated sentencing on February 24 in a Washington, D.C., federal court. In its sentencing memorandum, which prosecutors use to persuade a court into handing down the maximum punishment, the Justice Department said that the exploits sold by Williams would have allowed the Russian broker and its customers to “potentially access millions of computers and devices around the world, including in the United States.”

Prosecutors asked the judge to sentence Williams to nine years in prison, with three years of supervised release, a mandatory restitution of $35 million, and a maximum fine of $250,000. Williams is expected to be deported to Australia after serving his sentence, the memorandum said. 

In response to the prosecutors’ memorandum, Williams submitted a letter to the judge explaining his decisions, saying that he regretted his actions. 

“I made choices that directly violated the values I believed in and the trust placed in me by my family, colleagues, and friends,” wrote Williams. “I recognize now that I allowed myself to ignore my obligations and my training, and I failed to seek help or guidance when I knew I was moving in the wrong direction.”

Williams’ lawyer, John P. Rowley, wrote in response to prosecutors that none of the stolen hacking tools were classified, and there was no evidence that Williams knew the tools would end up in the hands of the governments of Russia or another country. His lawyer said that Williams did not intend to harm the U.S. and his native Australia, “although he now recognizes that was a consequence of his actions.”

When reached by TechCrunch, Justice Department spokesperson Pierson Furnish declined to comment. Rowley, Williams’ attorney, did not respond to a request for comment. 

From scapegoat to sentencing

During mid-2025, several sources with knowledge of the offensive cybersecurity industry told TechCrunch that someone working for Trenchant had stolen sensitive hacking tools and sold them to an adversary of the United States. 

A former Trenchant employee came forward, telling TechCrunch that he had been wrongly fired after the company accused him of stealing and leaking details of some of the company’s exploits.

But by October, prosecutors formally accused Williams, who also goes by “Doogie” and was Trenchant’s general manager at the time, of being behind the theft of the company’s hacking tools. The U.S. government charged Williams with selling the exploits to a Russian broker in exchange for crypto.  

Prosecutors said that FBI agents were in contact with Williams from late 2024 until the time of his arrest in mid-2025, during which he was overseeing Trenchant’s internal investigation into the theft of the company’s secrets.

Despite the ongoing investigation, Williams continued to sell the company’s secrets and exploits — technically known as zero-days since the software maker affected hadn’t had time to fix them — even when he was aware that the FBI was investigating the theft and sale of Trenchant’s hacking tools. 

Williams also oversaw the firing of the Trenchant employee accused of leaking the tools, sources told TechCrunch and prosecutors have since confirmed. The fired employee told TechCrunch that he believed he was a scapegoat for someone else at the company. Weeks after his firing, the employee received a notification from Apple that he had been targeted with government spyware, which has still not been explained. 

“[Williams] stood idly by while another employee of the company was essentially blamed for the Defendant’s own conduct,” the prosecutors wrote in their sentencing memorandum. “He looked on while an internal corporate investigation falsely cast blame on his subordinate.”

A spokesperson for Trenchant did not respond to a request for comment about Williams or its investigation.

On August 6, FBI agents obtained and executed search warrants for Williams’ home, and then confronted Williams with evidence that showed receipts of crypto payments, the alias he used to interact with the Russian broker that purchased the stolen trade secrets, and his contract with the broker. 

The Russian broker is likely Operation Zero, which offers up to $20 million for tools to hack into Android devices and iPhones. The company explicitly says it only sells to the Russian government and local organizations. 

Operation Zero did not return a request for comment.

Prosecutors called the broker, which it did not name, “one of the world’s most nefarious exploit brokers,” and said that Williams chose it because, “by his own admission, he knew they paid the most.”

Williams’ “desire for more money, a better lifestyle, bigger home and more jewels and trinkets simply could not be satiated, and he chose to risk it all to betray his company, his colleagues, and the United States and its allies to satisfy that desire,” the prosecutors wrote.