Endpoint Security , Fraud Management & Cybercrime , Governance & Risk Management
Police Arrest Suspect in Pelosi Laptop TheftTipster Alleges Woman Planned to Pass Laptop to Russian Friend
What's in the zebra print bag?
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
That's what FBI investigators and amateur sleuths are wondering as footage of Riley June Williams of Harrisburg, Pennsylvania, is replayed and shared across social media.
No matter how well defended an organization, or in this case, an institution, purportedly is, a smash-and-grab job could pose information security challenges.
Riley, who carried the zebra print bag, entered the U.S. Capitol building on Jan. 6, the day rioters overwhelmed police in an incursion. A local CBS station and other news outlets report she was arrested early Tuesday in Pennsylvania.
A criminal complaint filed on Sunday in the U.S. District Court for the District of Columbia charged Williams with unlawfully entering the Capitol grounds along with violent entry and disorderly conduct. Williams was also wanted for questioning related to the theft of a laptop or hard drive from House Speaker Nancy Pelosi's office.
Included with the criminal complaint is an affidavit from FBI Special Agent Jonathan Lund, who writes that the FBI received several calls on its tip line after Jan. 6 from a person identified as Williams former "romantic partner." The person is identified in the affidavit as "W1."
Williams is seen in footage directing other protesters, and the FBI and her mother have confirmed her presence at the Capitol. Lund writes that the area to which she directed other protesters is near a staircase that leads to House Speaker Nancy Pelosi's office. The wealth of videos of the riot, taken by participants, is driving successful identifications of those sought (see: Capitol Riot Suspects Identify Themselves).
British broadcaster ITV publicly identified Williams about a day before the charges were filed, and Williams can be seen in this excerpt from ITV's footage.
This woman, Riley June Williams, was identified by ITV as the green shirt woman that directed the crowd to Pelosi's office. pic.twitter.com/X1lhQRZzx0— Scooter Pierce (@KarenBenShapiro) January 18, 2021
Post-riot, reports emerged that some of the participants had stolen electronic items, including a laptop used by Pelosi's office. Pelosi's chief of staff, Drew Hammill, tweeted this three days after the riot:
A laptop from a conference room was stolen. It was a laptop that was only used for presentations. https://t.co/S7YGPnLaWy— Drew Hammill (@Drew_Hammill) January 8, 2021
The theft of electronic equipment from legislators in the blitz against the Capitol immediately sounded an alarm for information security professionals. Sen. Jeff Merkley, D-Ore., who posted a video of the damage in his office, also said a laptop had been stolen from a table.
Williams' former partner, in the affidavit, stated that "Williams intended to send the computer device to a friend in Russia, who then planned to sell the device to SVR, Russia's foreign intelligence service." But the tipster said "the transfer of the computer device to Russia fell through for unknown reasons and Williams still has the computer device or destroyed it."
There are reasons to be skeptical here. A scorned former partner seeing an ex in a vulnerable position has an obvious opportunity for revenge. Plus, the description of a "friend in Russia" who would then sell the device to Russian intelligence seems somewhat of a half-baked plan.
But the theft of a laptop or hard drive from a lead legislator in the House - even if it was only used for presentations - is a shocking breach. It demands awareness of the risks of physical breaches.
A video posted by self-described indie journalist Raven Geary on Twitter shows Williams purportedly leaving the Capitol, again with the zebra-striped bag.
Well, I totally captured Riley June Williams fleeing the #CapitolRiot with Pelosi's laptop/hard drive. Huh. pic.twitter.com/v5a3x4ExhN— Raven Geary (@dudgedudy) January 18, 2021
In a subsequent tweet, Geary rightly backs off her initial assertion to say she doesn't know if there are any stolen items in the bag.
In the affidavit, Lund writes that he has spoken with Harrisburg, Pennsylvania, law enforcement agents who have interviewed Williams' parents. Williams' father, who lives in Camp Hill, Pennsylvania, told officers that he had driven with his daughter to the protest on Jan. 6. At the protest, the two parted. He said they met outside the Capitol later in the day and returned to Harrisburg.
ITV interviewed Williams' mother, Wendy, who said her daughter had taken an interest lately in President Donald Trump's politics along with far-right message boards.
Wendy Williams positively identifies her daughter. "I'm very unhappy. I'm sad that that happened to her - that she was actually inside. That's what the video shows, you know."
Lund writes that Wendy Williams told local officers that her daughter had told her she would be gone for a couple of weeks. He also writes that Williams has changed her phone number and deleted her accounts on Facebook, Instagram, Twitter, Reddit, Telegram and Parler (see: Parler Content Forcibly Archived by Researchers After Riot).
Now that Williams has been apprehended, we may eventually find out what was in the zebra print bag.
The taking of devices from the Capitol shows that no matter how well defended an organization, or in this case, an institution, purportedly is, a smash-and-grab job could pose information security challenges.