The Law needs Your Help to Identify the Capitol Rioters: Here’s What You Can Do (OSINT Tips)
A massive online crowdsourcing campaign is underway to identify the rioters that stormed the U.S. Capitol on 6 January 2021. Some do it to show-and-shame, others to exercise their digital investigation skills. But it’s safe to say that everyone wants to see the perpetrators brought to justice. And law enforcement agencies like the FBI are asking for your help!
Here’s how you can contribute:
Collect Evidence
From where? Social media platforms like Twitter, Facebook, Youtube, Instagram, Reddit, and the Chans.
How? Use advanced search for media material from January 6-7. Some services allow you to narrow down your search to media content only. Use geo-filters (Capitol or Washington, D.C) if possible. Play with keyword combinations or hashtags (#MAGA, #Capitol, storm the Capitol, red wave, etc.). Scan the content and save images or videos related to the insurrection.
Important: Download, don’t screenshot whenever possible. Look for high-resolution material. However, don’t expect to find metadata, as social media channels remove EXIF and other backend data from files during upload.
Keep in mind: you might expose yourself to graphic footage and extremist content. There are videos showing a rioter being shot and fatally injured during the attack. Many photos are captured rioters brandishing far-right (white supremacy, neo-Nazi) and conspiracy symbols that might cause distress to the viewer.
Save & Share Evidence
Why? Paradoxically, most footage from the Capitol riots was produced by the rioters themselves. As they slowly realize that they’ve created evidence against themselves, they have started to delete selfies and video streams connected to the insurrection. Social media platforms like Facebook are also removing media material from the riot to counter extremist propaganda.
It’s essential to preserve as much data as possible. If you find something of interest, save it on your PC or upload it on a service or file-sharing platform. Users crowdsource all publicly available media material of the event in various clouds and on file-sharing platforms that are open to all. An essential community archive is this one on Mega.nz.
Other crowdsourcing efforts are Intelligence_X (press Tree View), Reddit, and Bellingcat.
Access these platforms to analyze the evidence (Step 2) – beware of graphic material.
Analyze Evidence
There are several analysis techniques you can apply. Let’s say you find a photo that seems to be from the Capitol. What do you do?
1. Authenticate: The first thing you want to do! Run the photo through a reverse image search (RIS) engine (Google Images, Bing Visual Search, Yandex, etc.) to ensure that it’s not recycled from some past event – this happens very often. If it’s a video, extract the thumbnail or keyframes and run those through RIS.
2. Visual analysis: your eyes are your instruments.
Look at the suspects – do you recognize them? Know someone who might? Most rioters have been identified by former classmates or childhood friends.
Look for artifacts or identifiers: tattoos, clothes, accessories, etc. It can be anything from a Viking tattoo to a Nazi hoodie or stars-and-stripes backpack.
A photo tip is to crop out the faces of suspects and run them through RIS engines. The Russian service Yandex is uniquely good at facial recognition, but it mostly works with material from the ex-Soviet space. Nevertheless, it’s worth a shot.
A common procedure is to extract the video frames (use VLC or specialized software) and conduct frame-by-frame analysis. Be patient and diligent with every frame to minimize the risk of overlooking clues.
The objective here is to generate leads.
3. Follow leads: This might take you out of visual analysis mode and into the shoes of an old-fashioned investigator. Let’s say you think one of the suspects is connected to a group called “Wokeonez Rebellion.” Follow this lead. Find out who they are. What do they stand for? This will allow you to profile the suspect and contextualize the evidence (see next step).
4. Piece the puzzle: Contextualize the evidence. Connect the dots. This phase aims to get the basic facts right: when, who, and why.
Example: Who was the woman that was shot in the Capitol? Was she peacefully leaving the Capitol or attempting to storm the House room when she was shot? Who shot her?
Disseminate Evidence
The natural end of any intelligence collection model.
Do you think you have something of value? It’s time to put it out here. We recommend submitting it to the relevant authorities. Remember, D.C. Metro Police and the FBI are seeking help to identify the rioters and collect evidence. Submit your findings to the FBI using this portal.
Just make sure you’re not submitting the same viral video as 500 others. Information overload (“white noise) is a real problem and will only slow down the investigation.
If you wish to initiate a targeted-investigation, check out this Twitter thread from the FBI showcasing individuals of interest.
#FBIWFO is seeking the public’s assistance in identifying those who made unlawful entry into U.S. Capitol Building on Jan. 6. If you witnessed unlawful violent actions contact the #FBI at 1-800-CALL-FBI or submit photos/videos at https://t.co/NNj84wkNJP. https://t.co/iSeA3UMeyz pic.twitter.com/TW7fma4QDE
— FBI Washington Field (@FBIWFO) January 8, 2021
*If you want to learn more about visual investigation techniques and other OSINT tools and methods, make sure to check out the Knowmad OSINT course.
by Vlad Sutea
OSINT Instructor
