An Australian cybersecurity executive living in the United States has pleaded guilty to selling trade secrets to a Russian cyber broker. The nature of the trade secret software has not been made public but prosecutors said it was intended to be sold exclusively to the U.S. government and trusted allies. The cyber insider was paid $US1.3 million in cryptocurrency that he converted into real estate and luxury accessories.

1. Introduction

On October 29, 2025, the U.S. Attorney’s Office for the District of Columbia in Washington, D.C. announced in a press release that Peter Williams, an Australian national, pleaded guilty to two counts of theft of trade secrets before Judge Loren AliKhan in the United States District Court for the District of Columbia. (here) The Criminal Information, filed on October 14, 2025, alleged that Mr. Williams stole a total of eight trade secrets from two companies, identified as Company One and Company Two, with intent to sell them to a cyber-tools broker based in Russia. (here) The material, stolen over a three year period from defence contractor L3Harris Technologies, Inc., where Mr. Williams worked, consisted of protected cyber-exploit components. The charges carry a maximum of ten years imprisonment on each count.

2. A Murky Story Emerges

In a breaking story titled Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker, published by CyberScoop on October 29, 2025, Editor-in-Chief Greg Otto said court records revealed that Mr. Williams exploited his access at Trenchant, a subsidiary of L3Harris, to steal the eight exploits. (here) The software was designed for exclusive use by the U.S. government and trusted allies. The facts admitted by Mr. Williams and the government underpinning the plea agreement were contained in the Statement of Offense filed on October 29, 2025. In para. 13, it was admitted that a third company, identified as “Company Three”, is based in Russia and advertises itself as a “Russian zero-day purchase platform.” Company Three also advertises that its clients are “Russian private and government organizations.”

In another article published by Reuters the same day Ex-US cyber intel exec pleads guilty to selling spy tools to Russian broker, Raphael Satter reported that business records in Britain identified Mr. Williams as a former executive with L3Harris Trenchant. (here) However, Reuters was unable to identify the Russian broker. Lorenzo Franceschi-Bicchierai, a Senior Reporter at TechCrunch, had reported the previous week that four former Trenchant employees said the company was investigating “a leak of its hacking tools.” (here) And in a follow up piece for TechCrunch on October 29, 2025, Mr. Franceschi-Bicchierai said Mr. Williams “headed Trenchant, the division at L3Harris that develops spyware, exploits, and zero-days – security vulnerabilities in software that are unknown to its maker.” (here)

3. What is an exploit?

In previous posts to On The Wire I have discussed various developments in the mercenary spyware industry, particularly involving the notorious NSO Group. But I have not considered the meaning of “exploit” in the cybersecurity context. The prosecution of Mr. Williams thus presents an opportunity to discuss what an exploit is and what it is designed to do. I will give you three resources among many that are available online. There is no controversy about what an exploit is although the resources often use different language to say the same thing.

Writing for TechTarget, Brien Posey defined a computer exploit as “a program or piece of code developed to take advantage of a vulnerability in a computer or network system.” (here) Threat actors use exploits to access a targeted system for the purpose of introducing malware, usually with malicious intent. Bitdefender has defined an exploit as “a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in an application or a system to cause unintended or unanticipated behavior to occur.” (here) Basically, the target of an attack suffers from a design flaw that allows hackers to create the means to access it and use it in their interest. And Cisco defines exploit as “a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware.” (here)

In the article for Reuters, Mr. Satter was more specific about ulterior purposes when he said an exploit refers to a piece of code used to take advantage of a software vulnerability “typically for the purpose of espionage, theft, or sabotage.” It is important to emphasize that an exploit is not malware itself but a method used by a threat actor to deliver malware.

4. Government and the Private Sector

On October 31, 2025, Lawfare published a post by Tom Uren titled Peter Williams, Ex-ASD, Pleads Guilty to Selling Eight Exploits to Russia. (here) Mr. Uren said the Williams episode was “almost as serious as a leak directly from a Five Eyes agency” leading some activists to “question the role of commercial outfits in developing these types of exploits.” But, as Mr. Uren argued, governments need exploits to protect and advance their interests and “it’s just not realistic for them to bring all vulnerability research and exploit development in-house and share those capabilities across agencies.” Rather than clamping down on exploit development firms in the private sector, Mr. Uren expects governments will try to encourage more robust personal security. “Being a defense contractor, L3Harris is, in some sense, ‘inside the tent’ and will already have pretty strict security procedures in place,” he said.

5. Conclusion

According to the admitted facts in the Statement of Offense, Mr. Williams sold the trade secret software to Company Three without authorization from Company One or Company Two for “hundreds of thousands of dollars for each item.” He was paid in cryptocurrency and processed the proceeds through an anonymizing series of cryptocurrency transactions. The crypto assets were then liquidated into cash and the proceeds used to buy valuable items. Reporting for ABC, Riley Stuart said Mr. Williams had previously worked for the Australian Signals Directorate, Australia’s national intelligence agency responsibe for cybersecurity and foreign signals intelligence. He remains on house arrest pending the sentence hearing scheduled for January 27, 2026. (here) In the press release issued by her office, U.S. Attorney Jeanine Pirro said “[t]hese international cyber brokers are the next wave of international arms dealers and we continue to be vigilant about their activities.”