Peter Williams admits to selling unpatched iPhone bugs to a shady Russian  broker.

So Long and Thanks for All the Fish

What’s the craic? Lorenzo Franceschi-Bicchierai reports: Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker

“Doogie”
Peter Williams, the former general manager at defense contractor L3Harris, has pleaded guilty to selling surveillance technology to a Russian broker that buys “cyber tools,” the U.S. Department of Justice confirmed. [I] previously exclusively reported, citing four former … employees, that the company was investigating a leak of its hacking tools.
…
Williams headed Trenchant, the division at L3Harris that develops spyware, exploits, and zero-days. … Trenchant sells its surveillance tech to government customers in Australia, Canada, New Zealand, the United States, and the United Kingdom, the so-called Five Eyes intelligence alliance.
…
The DOJ said Williams, … who is known in the industry as “Doogie,” … sold exploits to the unnamed Russian broker, who promised Williams millions of dollars in cryptocurrency in exchange. [He] allegedly signed contracts with the broker that stipulated an initial payment for the exploits, and periodic payments “for follow-on” support.

Sounds like a plea bargain. Kim Zetter confirms it: Ex-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm

“Sentenced”
Peter Williams, a 39-year-old Australia native who resides in the US, faced two charges related to the theft of trade secrets. As part of the plea agreement, Williams faces between 87 and 108 months in prison and fines of up to $300,000. He must also pay restitution of $1.3 million. … The Justice Department accused Williams of stealing eight trade secrets from two companies and selling them to a buyer in Russia between April 2022 and August 2025.
…
Williams will be sentenced early next year. Until then, he will remain on house confinement at his apartment, must undergo electronic monitoring, and is permitted to leave his home for one hour each day. … Trenchant faces no criminal liability. … Trenchant was investigating an alleged leak of its hacking tools by employees earlier this year—an investigation that Williams [himself] oversaw.

Horse’s mouth? Roman Rozhavsky, assistant director of the FBI’s Counterintelligence division: Former General Manager for U.S. Defense Contractor Pleads Guilty

“National security”
Williams placed greed over freedom and democracy by stealing and reselling $35 million of cyber trade secrets from a U.S. cleared defense contractor to a Russian Government supplier. … By doing so, he gave Russian cyber actors an advantage in their massive campaign to victimize U.S. citizens and businesses. This plea sends a clear message that the FBI and our partners will defend the homeland and bring to justice anyone who helps our adversaries jeopardize U.S. national security.

What’s this about him overseeing an internal investigation? Alleging an allegation, commandersaki picks up the other shoe:

This is the same guy who got another Trenchant guy fired alleging he was involved in swiping Chrome 0-days.

Wait … what? u/sskoog explains the allegation:

Peter Williams … apparently scapegoated a junior employee (pseudonym ‘Jay Gibson’), who was investigated in ~March 2025 for “working two jobs” and “leaking Trenchant zero-day exploits,” despite peer developers believing ‘Jay’ was not the leak. The traditional insider-threat levers are M/I/C/E — Money, Ideology, Compromise, Ego. Williams certainly fits in the first category, and probably the fourth.

What can we learn? @pwnallthethings says the story is “super duper interesting”:

It’s a very rare glimpse into the private valuation of high-end exploits held by major defense contractors. … If this valuation is right, Apple’s top-end bug-bounty for top-tier security research, despite their popular image as being generous, is still about an order of magnitude below the offensive market.
…
If you’re wondering what Williams spent his $1.3m on, turns out the answer is lots of watches, a Louis Vuitton handbag, a lot of very expensive jewelry from Tiffany, and some things from Mocler. And when I say lots of watches, I mean lots of watches. Guy really liked watches.

Any more big-picture stuff? Here’s John Scott-Railton:

A “damaging” leak of tools from a five eyes exploit developer? Concerning. We need to know what’s under this rug. Big picture: “Trusted, vetted” private sector players in offensive cyber are not immune to losing control of tooling—with national security consequences.
…
It’s appealing. … But in practice it brings unavoidable counterintelligence & national security downside risk that shouldn’t be downplayed. … The commercial offensive industry’s incentives are structurally misaligned with being transparent about their failures.
…
A tooling leak at boutique firm Trenchant wouldn’t be the first time that exploits from commercial offensive vendors wind up in the wrong place. … Remember when Russian APT29 was caught with exploits first used by NSO & Intellexa?

What of the exploit industry as a whole? bink makes with the moral angle:

I’ve interviewed with these types of companies (not the ones in the article). I’ve even caught them using their exploits on me after they made me an offer.
…
I don’t know how anyone can develop exploits for resale in good conscience. … If these companies have no qualms using their exploits against their own employees they’ll have absolutely no problem using them against members of Congress, the Courts, investment banks, tech leaders, and anyone with any sort of power. This gives them the ability to blackmail some of the most powerful people in the world. … Not even mentioning their reported “intended use” against dissidents and journalists.

Pom-pom-pom-pom tra-la-la-lala. ajadedcynicaloldfart wants to rule the world:

Seems to me that this L3Harris thing is just the U.S. answer to NSO group. With all the morals and scruples that said group have.

Meanwhile, this slightly sarcastic Anonymous Coward makes like clueless Padme:

Surely this will cause L3Harris to have all of their government contracts suspended and then cancelled, right?

And Finally:

2019 (kinda appropriate today)

This month, we’re reprising the best of And Finally (because reasons). Don’t Panic, I’m off to muck about in the water having a good time. [You’re fired—Ed.]

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. Belgium.

Image sauce: Boris Drobnič (via Unsplash; leveled and cropped)