2021 Capitol Attack: How the FBI Used Technology to Identify the Protesters
This post will focus solely on the technical aspects of the federal investigations following the US Capitol attack in 2021. This content does not discuss the event itself, nor any related political discourse. Please ensure all comments are appropriate and respectful.
The Aftermath of the Events at the Capitol
The US Department of Justice (DOJ) reported that the Federal Bureau of Investigation (FBI) has arrested more than 725 people in connection to the events of January 6th, 2021. The FBI launched its investigations by first analyzing the video surveillance data captured by the cameras inside the Capitol building during the attacks. But how exactly was US law enforcement able to identify and ultimately arrest all of these people based on a few seconds of video footage? The answer is primarily through the use of publicly available technology such as social media platforms and open-source intelligence (OSINT). The below case studies illustrate how the FBI utilized these simple tools to track down the participants in the events at the Capitol in 2021.
Will Vogel: It All Started with a Snapchat Video
As protesters entered the Capitol, a Snapchat user named Will Vogel Music recorded 2 videos within the building. When the videos were posted on Snapchat, several users contacted the authorities and identified Will Vogel Music as William Vogel, a resident of Pawling, NY. Based on this information, the FBI searched the individual on Facebook and found his account under the name Will Vogel.
Next, the FBI issued a search warrant to Facebook for more details on Will Vogel’s account. Facebook provided Will Vogel’s email address and phone number, and also confirmed that his phone was a Samsung SMG955UI. Now that they had Will Vogel’s phone number and email address, the FBI used public people search websites to confirm that this contact information was linked to a Will Vogel in New York.
As a final means of confirming that Will Vogel participated in the events at the US Capitol, the FBI performed a vehicle check. Records with the Department of Motor Vehicles (DMV) showed that Will Vogel had a car with New York plates. The FBI entered this data into a License Plate Recognition (LPR) system, a monitoring tool consisting of cameras and computer software to read and store license plate information. The LRP system found Will Vogel’s car was located near the Capitol building on January 6th, 2021.
Using all of this technical evidence, the FBI charged Will Vogel with illegal and violent entry of the Capitol Grounds and disorderly conduct.
Philip “Flip” Vogel: News Interviews & Hand Tattoos
Philip Vogel (who does not appear to be related to the above-cited Will Vogel) initially came to the FBI’s attention through the video surveillance at the Capitol, which showed him and a woman named Debra Maimone stealing a police bag and removing its contents. Identifying Debra Maimone was relatively easy for the FBI, as she had posted a video of herself inside the Capitol on the social media website Parlor. However, investigators had to get more creative to identify Philip Vogel.
Using public Internet search engines, the FBI discovered that Debra Maimone owned a business and that a man named Philip Vogel was listed as its President. A quick search on Facebook found an account under the name “Flip Vogel” that appeared to be a match to Philip Vogel. However, the FBI still needed more concrete evidence.
Once more utilizing open source searches, the FBI found a local news video interview dated October 2020 with Philip “Flip” Vogel after he was rescued from a fishing accident. Not only were law enforcement officers able to match his voice in the video interview to the audio in the footage from January 6th, but they were also able to match his hand tattoos in both videos.
On January 7th, 2021 (the day after the events at the Capitol), Philip Vogel posted a picture of himself holding a large fish with the caption: “Got this monster in the Potomac.” The Potomac references the Potomac River, which runs through Washington, DC. Additionally, the FBI matched the hat and scarf worn by Philip Vogel in this Facebook post to those shown in the footage from the Capitol attacks. Philip Vogel was arrested and charged with theft of property, entry of restricted buildings, and violent entry and disorderly conduct on Capitol Grounds.
David Quintavalle: An Important Lesson in the Dangers of Doxxing
David Quintavalle’s story is not like the others. On January 6th, 2021, the retired firefighter was grocery shopping and celebrating his wife’s birthday in Chicago. However, that did not prevent him from becoming a suspect in the attacks at the Capitol.
David Quintavalle was initially mistaken for another individual who had struck police officers with a fire extinguisher during the events of January 6th. After seeing the video footage of the violence, users on Reddit set out to investigate who was responsible and misidentified David Quintavalle as the perpetrator. Users began to dox him, or in other words, publish personal identifying information on the public Internet.
Using Google, public webpages, and social media, David Quintavalle’s phone number and address were publicized. People began to harass him, calling him a murderer and threatening him in front of his family. Eventually, the FBI questioned David Quintavalle and quickly cleared him following evidence that he had been in Chicago.
Soon afterwards, law enforcement officers identified and arrested the actual perpetrator, Robert Sanford.
Final Thoughts
These case studies serve to affirm an important trend: that technology has increasingly become so integral to our daily lives that one photograph or a few seconds of video footage could be enough to trace back to a particular person. Of course, this is extremely useful for law enforcement purposes in identifying people who break the law. But also consider the case of David Quintavalle - he was completely innocent of any crimes committed at the Capitol, yet he still suffered consequences as the result of having personal information on the public Internet.
Although tools such as social media and public websites can be used by FBI analysts for legitimate purposes, unfortunately these same tools can be used by any person with access to the Internet. This means that users, who might have good intentions yet lack sufficient technical training, can access other users’ data and potentially cause real-world harm. What happened to David Quintavalle demonstrates the growing problem of these so-called “Internet investigators” and may make us reconsider our own personal stances when it comes to online privacy.
Interested in learning more about the FBI’s investigations following the events at the Capitol? Listen to this episode of Michael Bazzell’s podcast, “The Privacy, Security, & OSINT Show.”