DOJ Document Alleges Jeffrey Epstein Had a ‘Personal Hacker’ Selling Zero-Day Exploits
The U.S. Department of Justice released a document from the Epstein Files stating that a confidential FBI informant alleged in 2017 that Jeffrey Epstein had a “personal hacker.” The document does not reflect verified FBI findings and is heavily redacted, leaving the accuracy and reliability of the claims unclear; the FBI declined to comment and DOJ did not respond to media requests.
According to the informant’s allegations, the hacker was an Italian born in Calabria who specialized in finding vulnerabilities in iOS, BlackBerry devices, and the Firefox browser, and who developed and sold zero-day exploits and other offensive cyber tools to multiple governments, including the U.S. and the U.K. The informant also claimed the hacker sold a zero-day to Hezbollah in exchange for “a trunk of cash,” and the DOJ document includes additional unverified assertions about the individual’s business ties (including a company reportedly acquired by CrowdStrike and a subsequent VP role).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
DOJ releases Epstein Files document describing alleged hacker
On 2026-01-30, the U.S. Department of Justice released a document in the Epstein Files that disclosed the FBI informant's 2017 allegations about Epstein's alleged hacker. The broader release also included millions of additional pages, thousands of videos, and hundreds of thousands of images related to the Epstein files.
Informant tells FBI Epstein had a 'personal hacker'
In 2017, a confidential informant told the FBI that Jeffrey Epstein had a 'personal hacker.' The informant alleged the unidentified Italian hacker developed zero-day exploits and offensive cyber tools and sold them to governments and other buyers, but the claims were not presented as verified FBI findings.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
DOJ releases details alleged talented hacker working for Jeffrey Epstein : r/netsec
reddit.com
Open sourceDOJ releases details alleged talented hacker working for Jeffrey Epstein
securityaffairs.com
Open sourceInformant told FBI that Jeffrey Epstein had a ‘personal hacker’ | TechCrunch
techcrunch.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
DOJ ‘Epstein files’ highlight plaintext email exposure of sensitive government documents
A newly released trove of U.S. Department of Justice documents tied to Jeffrey Epstein indicates significant **operational security (OPSEC) failures** by prominent individuals, including apparent use of **unencrypted/plaintext email** to transmit sensitive government material. The documents suggest that Prince Andrew (King Charles III’s younger brother) and former UK cabinet minister **Peter Mandelson** separately emailed confidential government documents to Epstein, prompting concerns about potential leaks of state secrets and related law-enforcement scrutiny. Cybercrime expert **Alan Woodward** characterized the behavior as “poor OPSEC,” emphasizing that even if senders trust a recipient, the recipient and their devices may not be trustworthy—an acute risk when sensitive information is shared without encryption. The records also raise questions about why Epstein retained emails and stored them unencrypted; while leverage/blackmail is a possible motive, an FBI memo (July 2025) cited in the reporting states a systematic review found **no incriminating “client list”** and **no credible evidence** that Epstein blackmailed prominent individuals.
Mar 21, 2026
Foreign Hacker Breach of FBI New York Field Office Exposed Epstein Investigation Files
A **foreign, unidentified hacker** breached the FBI’s New York Field Office in 2023 and accessed files tied to the bureau’s investigation of **Jeffrey Epstein**, according to Reuters reporting based on a source familiar with the incident and Justice Department/court documents. The intrusion reportedly stemmed from a server at the **Child Exploitation Forensic Lab** that was inadvertently left vulnerable by an FBI special agent working the case; a court document described the actor as having “combed through” certain Epstein-related files. The FBI said it **contained the affected network**, assessed the incident as **isolated**, **restricted the actor’s access**, and **remediated** the exposed network, while noting the investigation remains ongoing. Additional reporting identified the agent as **Aaron Spivack** and cited a timeline indicating the break-in occurred on **February 12, 2023**; Reuters also reported the hacker allegedly did not realize they had accessed FBI systems until agents contacted them and requested a video call where they displayed their credentials.
Mar 21, 2026
Peter Williams Sells U.S. Cyber Exploits to Russian Broker
Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant and ex-employee of Australia's ASD, pleaded guilty to stealing and selling eight sensitive cyber-exploit components to a Russian 0day broker known as Operation Zero. The exploits, which were intended for exclusive use by the U.S. government and select allies, were sold over a three-year period from 2022 to 2025, netting Williams approximately $1.3 million. The Russian broker, Operation Zero, is known for reselling exploits to non-NATO buyers, including the Russian government. The U.S. Department of Justice did not specify which exploits were stolen, but reports indicate that L3Harris Trenchant had teams working on Google Chrome and iOS 0days, and the company was already investigating a possible leak of its tools prior to Williams' arrest. Williams was reportedly in charge of the internal investigation into the leaks and had fired a security researcher suspected of involvement, though the researcher denied access to the relevant vulnerabilities. The case highlights the significant insider threat posed by trusted individuals with access to sensitive cyber capabilities, and underscores the risks of advanced cyber weapons falling into the hands of adversarial nation-states. The incident has raised concerns about the security of exploit development programs and the potential for further leaks or misuse of advanced cyber tools by hostile actors.
Mar 21, 2026