Forensics , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Capitol Riot Suspects Identify Themselves

Livestreaming, Social Media Posts Lead to Arrests
Capitol Riot Suspects Identify Themselves
Capitol riot suspect Aaron Mostofsky (Source: New York Post, as cited in criminal complaint)

Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. So far, those self-identifying actions have helped law enforcement authorities identify some of the more than than 70 individuals charged.

See Also: 57 Tips to Secure Your Organization

The riot, which occurred as lawmakers were beginning to certify President-elect Joe Biden's Electoral College victory, led to the death of five individuals, including one Capitol police officer who authorities say was hit with a fire extinguisher. Dozens more individuals were injured, and lawmakers and their staff hid around the building to avoid the intruders, some of whom were carrying firearms and zip ties.

On Wednesday, the House of Representatives impeached President Donald Trump on a charge of inciting an insurrection. Senate leaders have yet to schedule a time to hear evidence in a trial, which likely won't occur until after Trump leaves office Jan. 20.

In the meantime, law enforcement agencies have appealed for information regarding the violence and have begun rounding up suspects. The U.S. Department of Justice now lists 44 federal cases tied to crimes allegedly committed at the U.S. Capitol on Jan. 6.

Plus, other individuals have been charged under local District of Columbia laws, bringing the total charged so far to 72, according to the Program on Extremism at The George Washington University.

FBI "most wanted" poster (click to enlarge)

"This investigation has the highest priority of the Department of Justice," Kenneth C. Kohl, the acting principal assistant U.S. attorney for the District of Columbia, told The Washington Post.

An off-duty law enforcement officer and members of the military, including a member of an Army psychological operations unit, have been identified as being suspects who participated in the Jan. 6 riot.

Two Capitol police officers have been suspended for their behavior during the riot, with one being accused of taking a selfie with rioters and another having donned a “Make America Great Again" cap. A dozen others are under investigation for inappropriate behavior.

The FBI continues to seek information - backed by a reward of up to $50,000 - about those who deployed two suspected pipe bombs - one placed at the city's National Republican Club and the other at the headquarters of the Democratic National Committee.

'Why Hide Your Face From the Cameras?'

One common theme to emerge from charging documents is the extent to which violent protesters self-documented their activities or gave media interviews while engaged in the violent breach of the Capitol.

"Based on prior experience, it was entirely rational to treat another Capitol invasion as a consequence-free event. Why hide your face from the cameras in this, the moment of glory?" says the operational security expert known as The Grugq.

Suspect: Aaron Mostofsky

Consider the criminal complaint filed with the arrest warrant issued against Aaron Mostofsky, who the New York Post - in an article about rioters who were protesting the 2020 election results - reports is the "son of a prominent Brooklyn judge." The complaint references that news article, which is based on a video interview conducted by the Post on Jan. 6 inside the Capitol with an individual who identified himself as "Aaron." He's seen wearing a U.S. Capitol Police officer's bulletproof vest - discernible via the "police" label - which he appears to claim that he found lying on the floor, while holding a riot shield with the U.S. Capitol police logo.

"The police vest is comprised of a carrier, body plates within the vest, and side ballistics, with a total value of $1,905," according to the criminal complaint, which is signed by FBI Special Agent Michael Attard. "The riot shield is valued at $256.65." So far, Mostofsky has been hit with four charges, including stealing government property, which is a felony, as well as knowingly entering a restricted building or grounds without authority, disorderly conduct and impeding official government functions.

The complaint cites a Twitter account - @aaron_mostofsky_official - with posts revealing Mostofsky was on a bus to Washington at 6:09 a.m. on Jan. 6 and later was inside the Capitol.

To coordinate meeting up with others at the Capitol, Mostofsky allegedly stated via a Twitter direct message: "If we find each other look for a guy looking like a caveman." The charging document adds: "He later states, in a likely reference to the presidential election: 'Even a caveman knows it was stolen.'"

In a Twitter direct message, the complaint states, Mostofsky also sent this picture of himself to another individual:

Pictured: Image sent by Aaron Mostofsky, of himself, to a Twitter contact via a direct message, as alleged in a criminal complaint

Based on a document published by the Congressional Research Service on Jan. 12 that analyzes the charges being filed against the insurrectionists, Mostofsky faces up to 12 years in prison if convicted of all of the charges filed against him.

Investigators have also made it clear that the list of charges unveiled against suspects could be expanded.

Other Motives?

Authorities are investigating whether the Capitol intrusion was, indeed, well-planned and included some with the goal of committing violent acts against members of Congress.

John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, which investigates digital threats to civil society, has been helping gather clues to suspects' identities, in part based on what they were wearing, and forwarding this information to the FBI. He notes that some individuals present at the rally appeared to be wearing ear-protection communications headsets, such as Peltors. Also used by special operations forces, these devices are designed to filter out gunfire noise while facilitating two-way communications.

Several individuals were also pictured wearing other expensive tactical gear of a type favored by military forces, carrying zip ties or boasting on video that they had been preparing for the breach.

Some lawmakers have noted that some participants made their way quickly to sensitive, nonpublic locations in the Capitol. As pictured in video recordings of the breach, some individuals appear to have arrived with maps to the building's vast interior. And electronic devices were stolen during the intrusion.

A review of GPS coordinates for 618 videos posted to the far-right social media network Parler by individuals who breached the Capitol shows that over the course of the approximately two-hour breach, insurrectionists had penetrated far into the Capitol building, Gizmodo reports.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.