Tech
Inside the story of the US defense contractor who leaked hacking tools to Russia
A veteran cybersecurity executive who prosecutors said “betrayed” the United States will spend at least the next seven years behind bars, after pleading guilty to stealing and selling hacking and surveillance tools to a Russian firm.
Peter Williams, a former executive at U.S. defense contractor L3Harris, was sentenced on Tuesday to 87 months in prison for leaking his former company’s trade secrets in exchange for $1.3 million in crypto between 2022 and 2025. Williams sold the exploits to Operation Zero, which the U.S. government calls “one of the world’s most nefarious exploit brokers.”
The successful conviction of Williams follows one of the most high-profile leaks of sensitive Western-made hacking tools in recent years. Even now that the case is over, there are still unanswered questions.
Williams, a 39-year-old Australian citizen who resided in Washington, D.C., was the general manager of Trenchant, the division of L3Harris that develops hacking and surveillance tools for the U.S. government and its closest global intelligence partners. Prosecutors say Williams took advantage of having “full access” to the company’s secure networks to download the hacking tools onto a portable hard drive, and later to his computer. Williams contacted Operation Zero under a pseudonym though, so it’s unclear if Operation Zero ever knew Williams’ real identity.
Trenchant is a crew of hackers and bug hunters who dig deep into other popular software made by companies like Google and Apple, identify flaws in those millions of lines of code, then devise techniques to turn those flaws into workable exploits that can be used to reliably hack into those products. These tools are typically called zero-day exploits because they take advantage of software flaws unknown to its developer, which can be worth millions of dollars.
The U.S. Department of Justice alleged that the hacking tools Williams sold could have allowed whoever used them to “potentially access millions of computers and devices around the world.”
For the past few months, I have been talking to sources and reporting on Williams’ story before news broke that he had been arrested. But what I had heard was patchwork and at times conflicting. I had heard someone had been arrested, but given the secret nature of the work involved in exploit development, proving it would be challenging.
Contact Us
Do you have more information about this case, and the alleged leak of Trenchant hacking tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.
When I first heard of Williams, I wasn’t clear that I had even gotten his name right. At that point, his story was a rumor, moving through the hush-hush grapevine of zero-day exploit developers, sellers, and people with ties to the intelligence community.
I heard that maybe he was called John, or perhaps Duggan? Or all the different ways you can spell that in English.
Some of the first rumors I heard were contradictory. Apparently he stole zero-days from Trenchant, and maybe he sold them to Russia, or perhaps another enemy of the United States and its allies, like North Korea or China?
It took weeks just to confirm that there was indeed someone who even fit that description. (It turned out that Williams’ middle name is John, and Doogie is his nickname in hacker circles.)
Then, as the weeks of reporting rolled on, things started to become much clearer.
The Russian connection
As I first revealed in October, Trenchant fired an employee after Williams, who was still at the time head of Trenchant, accused the employee of stealing and leaking Chrome zero-days. The story was even more intriguing because the employee told me that after he was fired, Apple notified him that someone had targeted his personal iPhone.
What I learned was just the tip of the iceberg. I had heard more from my sources, but we were still piecing parts of the story together.
Soon after, prosecutors made their first formal accusation against a man named Peter Williams for stealing trade secrets, which first surfaced in the U.S. public court system. In that first court document, prosecutors confirmed that the buyer of these trade secrets was a buyer in Russia.
However, there was no explicit reference to L3Harris nor Trenchant, nor the fact that the trade secrets that Williams stole were zero-days. Crucially, we still couldn’t confirm for certain that it was the same Peter Williams, who we thought would have access to highly sensitive exploits as Trenchant’s boss, and not some terrible case of mistaken identity.
We still weren’t there.
On a hunch and with nothing to lose, we contacted the Department of Justice to ask if they would confirm that the person in the document was in fact Peter Williams, the former boss of L3Harris Trenchant. A spokesperson confirmed.
Finally, the story was out. A week later, Williams pleaded guilty.
When I first heard of his story, while I trusted my sources, I remained skeptical. Why would someone like Williams do what the rumors claimed? But he did, and did so for money, prosecutors allege, which Williams then used to buy a house, jewelry, and luxury watches.
It was a remarkable fall from grace for Williams, once seen as an accomplished and brilliant hacker, and especially for someone who previously worked at Australia’s top foreign spy agency and served in the country’s military.
What happened to the stolen exploits?
We still don’t know specifically which exploits and hacking tools Williams stole and sold. Trenchant estimated a loss of $35 million, per court documents. But Williams’ lawyers said the stolen tools were not classified as a government secret.
We can glean some insight based on the circumstances of the case.
Given that the Justice Department said the stolen tools could be used to hack “millions of computers and devices,” it’s likely the tools refer to zero-days in popular consumer software, such as Android devices, Apple’s iPhones and iPads, and web browsers.
There is some evidence pointing in their direction. During a hearing last year, prosecutors read out loud a post published on X by Operation Zero, according to independent cybersecurity reporter Kim Zetter, who attended the hearing.
“Due to high demand on the market, we’re increasing payouts for top-tier mobile exploits,” read the post, which specifically mentioned Android and iOS. “As always, the end user is a non-NATO country.”
Operation Zero offers millions of dollars for details of security vulnerabilities in Android devices and iPhones, messaging apps like Telegram, as well as other kinds of software, such as Microsoft Windows, and hardware vendors, such as several brands of servers and routers.
Operation Zero claims to work with the Russian government. At the time Williams sold the exploits to the Russian broker, Putin’s full-scale invasion of Ukraine was already underway.
On the same day that Williams was sentenced, the U.S. Treasury announced it had imposed sanctions against Operation Zero and its founder Sergey Zelenyuk, calling the company a national security threat. This was the government’s first confirmation that Williams had sold the exploits to Operation Zero.
In its statement, the Treasury said the broker “sold those stolen tools to at least one unauthorized user.” At this point we don’t know who this user is. The user could be a foreign intelligence service, or it could be a ransomware gang, given that the Treasury also sanctioned Oleg Vyacheslavovich Kucherov, an alleged member of the Trickbot gang, who also allegedly worked with Operation Zero.
In a court document, prosecutors said that L3Harris was able to figure out that “an unauthorized vendor was selling a component” of one of the stolen trade secrets “by comparing company-specific vendor data found on a stolen component that matched.”
Prosecutors also said that Williams “recognized code he wrote and sold” to Operation Zero “being utilized by a South Korean broker,” further suggesting that both L3Harris and prosecutors know which tools were stolen and sold to Operation Zero.
Another unanswered question is: Did anyone, either the U.S. government or L3Harris, alert Apple, Google, or whichever tech company’s products were affected by the zero-day flaws, now that the exploits had leaked?
Any company or developer would want to know that someone could have used (or could still use) a zero-day against their users and customers so that they can patch the flaws as soon as possible. And at this point, the zero-days are of no use for L3Harris and its government customers.
When I asked Apple and Google, neither company responded to my inquiries. L3Harris did not respond either.
Who hacked the scapegoat, and why?
Then there’s the mystery of the scapegoat, who was fired after Williams accused him of stealing and leaking code.
At sentencing, Justice Department prosecutors confirmed that the employee was fired, saying Williams “stood idly by while another employee of the company was essentially blamed for [his] own conduct.” In response, Williams’ attorney rebuffed prosecutors, claiming that the former employee “was fired for misconduct,” citing claims of dual-employment and improper handling of the company’s intellectual property.
According to a court document submitted by Williams’ lawyers, as part of the L3Harris internal investigation, the company placed the employee on leave, seized his devices, transferred them to the U.S., and “offered them to the FBI.”
When reached for comment, an unnamed FBI spokesperson said the bureau had nothing to add apart from the Justice Department’s press release.
After being fired, that employee, whom we identified with the alias Jay Gibson, received a notification from Apple that his personal iPhone was targeted “with a mercenary spyware attack.”
Apple sends these notifications to users it thinks were the target of attacks using tools like those made by NSO Group or Intellexa.
Who tried to hack Gibson? He received the notification on March 5, 2025, more than six months after the FBI investigation had begun. The FBI “regularly interacted with [Williams] in late 2024 through the summer of 2025,” according to a court document.
Given the nature of the leaked tools, it is plausible that the FBI, or perhaps even a U.S. intelligence agency, targeted Gibson as part of the investigation into Williams’ leaks. But we just don’t know, and there’s a chance that neither the public, nor Gibson, will ever find out.
Updated to clarify 22nd paragraph attributing the tools’ lack of classification to Williams’ lawyers.
Tech
Exclusive: Google deepens Thinking Machines Lab ties with new multi-billion-dollar deal
Former OpenAI executive Mira Murati’s startup, Thinking Machines Lab, has signed a new multi-billion-dollar agreement to expand its use of Google Cloud’s AI infrastructure, including systems powered by Nvidia’s latest GPUs, TechCrunch has exclusively learned.
The deal is valued in the single-digit billions, according to a source familiar with the matter, and includes access to Google’s latest AI systems built atop Nvidia’s new GB300 chips, alongside infrastructure services to support model training and deployment.
Google has been actively striking a number of cloud deals with AI developers as it aims to wrap together its AI computing offerings with other cloud services like storage, a Kubernetes engine, and Spanner, its database product. Earlier this month, Anthropic signed an agreement with Google and Broadcom for multiple gigawatts of tensor processing unit (TPUs) capacity (these are Google’s custom-designed AI chips for machine learning workloads).
But the competition is fierce. Just this week, Anthropic also signed a new agreement with Amazon to secure up to 5 gigawatts of capacity for training and deploying Claude.
Earlier this year, Thinking Machines partnered with Nvidia in a deal that included an investment from the chipmaker. But this is the first time the lab has struck a deal with a cloud services provider. The deal is not exclusive, so Thinking Machines may use multiple cloud providers over time, but it’s still a sign that Google is looking to lock in fast-growing frontier labs early.
Murati left her job as OpenAI’s chief technologist and founded Thinking Machines in February 2025. The company, which soon afterwards raised a $2 billion seed round at a $12 billion valuation, has remained highly secretive, but launched its first product in October. Dubbed Tinker, it’s a tool that automates the creation of custom frontier AI models.
Wednesday’s deal provided some insight into what Thinking Machines is developing. In a press release, Google noted that it can support the startup’s reinforcement learning workloads, which Tinker’s architecture relies on. Reinforcement learning is a training approach that has underpinned recent breakthroughs at labs, including DeepMind and OpenAI, and the scale of the Google Cloud deal reflects how computationally expensive that work can get.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Thinking Machines is among the first Google Cloud customers to access its GB300-powered systems, which offer a 2X improvement in training and serving speed compared to prior-generation GPUs, per Google.
“Google Cloud got us running at record speed with the reliability we demand,” Myle Ott, a founding researcher at Thinking Machines, said in a statement.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
The most interesting startups showcased at Google Cloud Next 2026
Google Cloud Next is taking place this week in Las Vegas, and one clear message has emerged: Google wants AI startups on its cloud. To that end, it made several startup-related announcements.
The most significant is that the tech giant has earmarked a new $750 million budget to help its Cloud partners sell more AI agents to enterprises. This funding is available to partners ranging from startups to the big consulting firms. It can be used for costs like Gemini proof-of-concept projects, Google forward-deployed engineers, cloud credits, and deployment rebates.
Google also highlighted a long list of startups that are using Google Cloud, either newly signed or expanding their footprint. Among them are a few standout names:
Lovable is expanding its use of Google Cloud by launching a new coding agent through Google’s enterprise app marketplace. Lovable is the fast-growing vibe coding startup and was on a $400 million ARR track as of February, it said.
Notion, Silicon Valley’s favorite AI-infused document productivity app, most recently valued at about $11 billion, is using Gemini models to power its text and image generation features.
Gamma, an AI-powered PowerPoint killer recently valued at a $2.1 billion valuation, is using Google’s state-of-the-art image model Nano Banana 2 and other Google Cloud features.
Inferact, the commercial inference startup from the creators of the popular open-source project vLLM, is accessing Nvidia’s GPUs through Google Cloud, in addition to using the tech giant’s AI stack.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
ComfyUI, the popular open-source tool for creating AI-generated images and multimedia, also offers access to Nano Banana 2 and is using other Cloud features.
Other startups that received the Google Cloud shout-out this year include:
ChorusView, which makes AI-powered smart tags that track the condition and movement of goods in real time.
Emergent AI, a vibe coding platform.
ExaCare AI, which makes AI software for post-acute medical care facilities.
Insilica, which creates AI-generated regulatory-compliant chemical safety reports.
Optii, which makes AI-enhanced hotel operations software.
Parallel AI, which builds web search and research APIs built for AI agents.
Proximal Health, which makes AI-powered software that automates the insurance claims adjudication process.
Reducto, which does AI-powered document parsing.
Stord, which handles e-commerce fulfillment and parcel operations.
Stylitics, which makes AI image generation software for retailers for tasks like outfit styling and product bundles.
Temporal, a developer cloud environment built to prevent failures.
Vapi, which makes dev tools for building conversational voice agents.
Vurvey Labs, which conducts synthetic market research via AI agents.
Wand, an in-game assistant for single-player PC games.
Watershed, which makes software that helps enterprises report on and manage sustainability programs.
ZenBusiness, an all-in-one back-office tool for small businesses that includes an AI chat assistant.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
Duolingo is now giving free users access to advanced learning content
Duolingo announced on Wednesday that its advanced language learning content is now available for free across nine languages: English, Spanish, French, German, Italian, Portuguese, Japanese, Korean, and Chinese. Users can access this content through the web, iOS, and Android devices.
This advanced content is at the B2 level on the Common European Framework of Reference for Languages (CEFR), which is the international standard for language skills that schools and employers recognize. B2 level content refers to learning materials without translations, complex scenarios, and specialized vocabulary.
The new offering will include features like “Advanced Stories,” which helps with reading comprehension, and DuoRadio, a podcast-like audio experience for listening comprehension.
Now that Duolingo users can tap into this advanced learning content for free, they can level up their skills, whether that’s practicing for job interviews, prepping for studying abroad, or tackling complex news articles, films, and books without relying on translations.
The company says this positions it as the only free app to offer advanced-level learning across these nine languages at no cost. While competitors like Babbel and Busuu offer advanced courses, they typically require paid subscriptions. For instance, Busuu has some CEFR-aligned courses up to the B2 level, but the free version is pretty limited and doesn’t offer lessons like grammar explanations, so users need to pay for full access.
Previously, Duolingo only provided free courses that capped at A2 or B1 levels, mainly focusing on basic communication skills.
The company is positioning this free advanced learning offering as an enticing opportunity for job seekers, framing language learning as a practical pathway to improving employability in an increasingly global workforce.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
This comes at a time when the job market remains highly competitive and overall growth has slowed. Research from the American Council on the Teaching of Foreign Languages shows that learning a second language can raise someone’s employability by as much as 50%.
“Reaching job-ready proficiency in a new language used to be out of reach for most people,” Bozena Pajak, head of learning science at Duolingo, said in a statement. “It took years of expensive classes or immersive experiences that not everyone could access.”
Duolingo’s decision to offer advanced learning for free is also a strategy to increase its free user base. In its Q4 earnings report, the company stated that it has 52.7 million daily active users, demonstrating 30% growth compared to the previous year. This number is higher than its paid subscriber base, which stands at 12.2 million. However, Duolingo’s shares fell after the company projected that the year-over-year bookings growth rate for Q2 2026 is expected to experience a slight decline.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
LAFC, Rapids have quick turnaround to brush off losses
Cardinals down Marlins behind Nathan Church's homer
