The former boss of a US defense contractor has pleaded guilty to selling zero-day exploits to a Russian cyber broker whose clients include the Kremlin.
Australian national Peter Williams, 39, was general manager at L3Harris cyber-division Trenchant. He pleaded guilty in a US district court yesterday to two counts of theft of trade secrets.
According to the Justice Department, Williams used his privileged access to the company’s network to steal at least eight “cyber-exploit components” to the unnamed broker, in return for millions of dollars in cryptocurrency.
He transmitted these via encrypted channels to maintain secrecy, receiving payment for the sale and additional instalments for “follow-on support,” according to court documents. The Washington DC-based exec apparently used the proceeds to buy himself high-value items.
Read more on commercial spyware: France Warns Apple Users of New Spyware Campaign
Although the crime is listed as “sale of trade secrets,” the authorities are positioning it as a national security threat, given that the broker’s clients include the Russian government. It’s believed that Trenchant usually sells its exploits to Five Eyes agencies.
Various sources quoted by the Justice Department claimed the code could be worth tens of millions of dollars.
“Williams placed greed over freedom and democracy by stealing and reselling $35m of cyber trade secrets from a US-cleared defense contractor to a Russian government supplier,” said assistant director Roman Rozhavsky of the FBI’s Counterintelligence Division.
“By doing so, he gave Russian cyber actors an advantage in their massive campaign to victimize US citizens and businesses. This plea sends a clear message that the FBI and our partners will defend the homeland and bring to justice anyone who helps our adversaries jeopardize US national security.”
Commercial Spyware Under Scrutiny
US attorney Jeanine Ferris Pirro described cyber brokers trading in zero-day exploits as “the next wave of international arms dealers,” and something “we continue to be vigilant about.”
In fact, international momentum is already gathering to oppose the burgeoning trade in commercial spyware tools and related zero-day exploits. A joint agreement, dubbed the “Pall Mall Process,” was signed last year by 25 countries led by the UK, US and France, as well as tech giants including Google, Microsoft, Apple, Meta and others.
The UK’s National Cyber Security Centre (NCSC) has estimated that the commercial sector for such tools doubles every 10 years.
Zero-day exploits, developed by firms like Israel’s NSO Group and Intellexa, are typically bought by autocratic regimes to help them install spyware on the devices of dissidents and opposition figures.
However, they are also used by governments to target other nation states, as in a case from August 2024 revealed by Google which pointed to use of similar exploits by a Russian state-backed group.
Williams faces a statutory maximum of 20 years behind bars and a fine of up to $250,000 or twice the financial “gain or loss” of the offense – which could be a significant sum.