Trenchant Exec Who Sold Zero Days to Russian Buyer Ordered to Pay $10 Million in Restitution to Former Employers

Peter Joseph Williams, the former L3 Trenchant executive recently convicted of stealing zero-day exploits from his employer and selling them to a Russian broker, has been ordered to pay $10 million to his former employer and its parent company, according to a new judgment issued by a US district court judge. He had previously been ordered to pay $1.3 million in restitution as part of his plea agreement, bringing his total restitution to $11.3 million.

This is considerably less than the $35 million in restitution that prosecutors had sought.

Williams had told FBI agents last year when he voluntarily met with them for an interview during their investigation into the theft of the code that he believed that just two of the eight hacking tools he stole from his employer were worth about $35 million – meaning this was potentially the amount of revenue that L3 Trenchant and its parent company L3Harris Technologies lost from the theft of the tools. Prosecutors subsequently used this against Williams in demanding the court set his restitution payments at $35 million.

Trenchant and L3Harris provided sealed documents to the court about the damages to their business from the theft and were scheduled to attend a sealed hearing later this month, along with Williams, to make a case for the damages they believed he should pay. But the hearing was canceled this week, and on Wednesday the court filed an amended judgment stipulating his restitution would be $10 million for both companies.

Williams, 39 years old and the father of two young children, pleaded guilty last year to stealing eight trade secrets from his employer and selling them individually to a Russian zero-day broker under agreements that would have paid him around $4 million. He was sentenced in February to seven years and three months in prison, with three years of probation after his release. Williams faces likely deportation to his native Australia after release.

Williams is an Australian national who has lived in the US since July 2023 working out of Trenchant's DC offices on a visa. He had served in the Royal Australian Air Force reserves and had also worked a number of years for the Australian Signals Directorate, an Australian intelligence agency equivalent to the US National Security Agency.

After leaving government he went to work for Trenchant, a company that finds zero-day security vulnerabilities in software and creates exploits, or hacking tools, to attack them. Trenchant sells its tools to intelligence agencies in the Five Eyes member countries for use in cyberespionage and military operations. Five Eyes is an intelligence partnership between the US, UK, Canada, Australia and New Zealand.

Prosecutors say that between 2022 and 2025, while Williams was earning "in excess of $2.25 million" from his job at Trenchant, he stole his company's hacking tools and sold them to a Russian company called Operation Zero – a firm known to sell exploits to the Russian government and other non-NATO countries. They say the tools Williams sold were "incredibly powerful" zero-day exploits that would have allowed Russia or any other buyer to "potentially access millions of computers and devices around the world, including in the United States."

Prosecutors say Williams was motivated by a growing "desire for more money, a better lifestyle, bigger home and more jewels." Williams' defense attorney and his wife and brother told the court that he was depressed and had money troubles.

The news of his crimes stunned the security and intelligence communities when it became public last year, particularly when details of his brazenness were revealed. Williams was promoted to general manager of the company during his crime spree, and continued to steal and sell his employer's zero days after his promotion.

Even in October 2024 after Trenchant learned from the FBI that some of its hacking tools had fallen into the hands of a foreign zero-day broker, and the company launched an internal investigation to determine how the code might have been stolen or leaked from its servers, Williams, who was given direct oversight of the investigation, continued to steal code from the company. And when the company's investigation led to a subordinate of Williams being fired, prosecutors say he stood idly by as the worker was blamed for Williams' own conduct.

What's more, he continued to steal and sell Trenchant exploits to his Russian buyer even after he knew the FBI was investigating the theft, and even while he was meeting with federal agents to discuss their investigation. He also made ostentatious purchases – with money tied to the sale of the exploits – during the FBI's investigation. Days before he met with FBI agents to discuss their investigation in the summer of 2025, Williams finalized the purchase of a $1.5 million home in DC with a $300,000 cash down payment. Two months later he was forced to forfeit the home upon his arrest.

In arguing for a lesser sentence, Williams' attorney told the court that the exploits Williams sold weren't classified government tools but were instead "commercial products," and that the Russian buyer-reseller also had commercial customers in addition to government ones. Prosecutors had no evidence his client "knew or intended" that the buyer would re-sell the products to the Russia government or to any other foreign government. Furthermore, although his client had had access to all of Trenchant's products, he only sold ones to the Russian buyer that he believed were "least likely to create harm."

See more:

The Sad Decline of Trenchant Exec Who Had Everything Before Stealing and Selling Zero Days to Russian Buyer

Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Cold He Sold Was Being "Utilized" by Different Broker in South Korea

US Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report