On Tuesday, a federal judge sentenced Peter Williams, a 39-year-old Australian citizen and former executive at U.S. defense contractor L3Harris, to 87 months in prison for stealing and selling proprietary surveillance tools.
Williams, the former general manager of Trenchant—a division of L3Harris that develops hacking tools for the U.S. government—pleaded guilty to selling these tools to Operation Zero, a Russian firm, between 2022 and 2025. During this period, he utilized his “full access” to L3Harris’s secure networks to download hacking tools onto a portable hard drive and his personal computer. He then sold these tools to Operation Zero in exchange for $1.3 million in cryptocurrency, using a pseudonym and concealing his true identity. Williams used the proceeds to purchase a house, jewelry, and luxury watches.
The stolen assets were zero-day exploits—flaws in software unknown to the developer—which the Justice Department alleged could potentially allow access to millions of computers and devices worldwide. Trenchant estimated the loss from the stolen tools at $35 million. Although Williams’ lawyers argued that the tools were not classified as government secrets, the stolen tools likely targeted popular consumer software, including Android, iOS, and web browsers, based on Operation Zero’s public posts regarding mobile exploit payouts. Notably, these sales occurred while Russia’s full-scale invasion of Ukraine was already underway.
On the same day as Williams’ sentencing, the U.S. Treasury Department imposed sanctions on Operation Zero and its founder, Sergey Zelenyuk, designating the company as a national security threat. The Treasury stated that Operation Zero “sold those stolen tools to at least one unauthorized user,” whose identity remains unknown. Additionally, the Treasury sanctioned Oleg Vyacheslavovich Kucherov, an alleged member of the Trickbot gang who allegedly worked with Operation Zero.
L3Harris discovered the leak by matching “company-specific vendor data found on a stolen component.” Williams eventually admitted to the crime after recognizing code he had written and sold to Operation Zero being utilized by a South Korean broker. During the investigation, Williams accused a fellow employee, referred to as “Jay Gibson,” of stealing and leaking code. Gibson was fired as a scapegoat. After his termination, Gibson received an Apple notification on March 5, 2025, informing him that his personal iPhone had been targeted with a “mercenary spyware attack.” The FBI “regularly interacted with Williams in late 2024 through the summer of 2025” as part of its investigation. It remains unknown whether Apple, Google, or other affected technology companies were alerted about the compromised zero-day flaws. Notably, Williams previously worked at Australia’s top foreign spy agency and served in the country’s military.
