US contractor who sold hacking tools to Russian dealer ordered to pay $10M to former employers

Peter Williams, a cybersecurity veteran who was head of the hacking and surveillance technology division of US contractor L3Harris, has been ordered to pay $10 million to his former employer. Williams was at the center of one of the worst leaks of advanced hacking tools in the history of the United States and its closest allies.

On Wednesday, a judge ordered Williams to pay that amount in restitution on top of the $1.3 million he was ordered to pay to L3Harris. Williams, a 39-year-old Australian citizen who once worked in one of the intelligence agencies in Australia, was last year the general manager of Trenchant. Born from the discovery of two sister startups, Trenchant is an L3Harris corporation that develops advanced spy and hacking tools and sells them to the US government and its partners in the Five Eyes intelligence alliance, an alliance of five English-speaking nations that share intelligence. In addition to the US, the alliance includes Australia, Canada, New Zealand, and the United Kingdom.

Veteran cybersecurity reporter Kim Zetter first reported on the new restitution order in her newsletter.

Attorneys for Williams did not respond to a request for comment.

Last year, Williams was arrested and accused of stealing seven unspecified trade secrets – mostly cyber exploits, code that steals software vulnerabilities, and surveillance technology – from Trenchant and selling them to Operation Zero. The Russian company acts as a broker, buying and selling hacking tools, and says it only works with the Russian government and local companies.

Williams pleaded guilty and was sentenced to more than seven years in prison.

Williams made $1.3 million selling trade secrets, which he used to buy luxury watches, a house near Washington DC, and family vacations. Trenchant told prosecutors he lost as much as $35 million to Williams’ theft.

US prosecutors said Williams “betrayed” the United States and its allies by giving Operation Zero, which the US government called “one of the most exploitative hackers in the world,” tools that could be used to hack “millions of computers and devices around the world.”

As TechCrunch previously reported, Williams took advantage of his “full access” to Trenchant’s internal network to remove tools from the company’s offices. After Williams sold hacking tools to Operation Zero, some of them ended up being used by Russian government spies in Ukraine, and later by Chinese cybercriminals, according to former L3Harris employees who recognized the stolen code in a cybersecurity study published by Google after investigating a cyberattack in which those tools were used.

Williams also tried to frame one of his employees for theft.