The Online Sleuths Who Helped the FBI Track Down January 6 Insurrectionists

It was early 2023, and an online sleuth I’ll call Josh was on the hunt once again. Josh worked for the corporate office of a global, publicly traded company in the south, but his real passion these days was solving crimes that happened two years earlier and hundreds of miles away on Jan. 6, at the U.S. Capitol. Josh’s home sleuthing setup wasn’t anything fancy: just him and his laptop, though he’d switched to a trackball mouse after he started developing symptoms of carpal tunnel “from working my day job all day and hunting insurrectionists by night.”  

The halfway mark of the investigation into the Capitol attack — the largest FBI investigation in American history — was fast approaching, and Josh’s community of online sleuths were at the center of it: vacuuming up video, scouring social media, finding fresh faces and new crimes. The FBI was closing in on 1,000 arrests of people who had entered the Capitol or engaged in violence or property destruction that day, and this collection of online investigators — “Sedition Hunters,” they’d branded themselves — had sparked hundreds of those arrests, and aided hundreds more. What’s more, they’d identified more than 700 Jan. 6 participants who had not yet been arrested.

Often, Sedition Hunters like Josh were building entire cases for the FBI from soup to nuts, but the bureau’s rules made it difficult for special agents to offer even basic updates on the status of investigations. The one-way street was frustrating. The best written feedback they could hope for was maybe one word: “received.” One FBI informant was thrilled just to get thumbs-up emojis from her FBI handler.

Josh had spent countless hours over the past two years working on this new hobby he found both addicting and rewarding, even if his “unbelievably patient wife” found it somewhat mystifying. “Dinner table conversations sounded a little more unusual at our house for sure,” Josh said. “Screennames and hashtags and references to specific J6 events.” His wife heard all about Josh’s fellow Sedition Hunters, many of whom became close friends, even if they mostly stuck to screennames.

Those new friends could still surprise him. Just a few months earlier, he’d learned that one of those friends he’d worked with closely — a sleuth who played a critical role in the community — had voted for Donald Trump. Twice. That came as a shock to Josh, who remembers the moment as well as he remembers where he was on Sept. 11, or on the day Michael Jackson died. “It was less of a record scratch moment and more of a record getting blown up by a tomahawk missile moment,” he said.

That’s part of what kept him at it, on top of the comradery and the knowledge that he was helping protect democracy and get justice for those affected by the attack: There was always a new discovery to make, another piece of the puzzle to find. Pull one string, and suddenly the answer to another question you had months ago just falls out of the sky. Maybe a newly unearthed video you discovered pans past a rioter at juuust the right moment, and suddenly you’ve got a perfect face shot of a masked-up assailant who took a sip of water at the wrong time. Maybe you’re trying to debunk yet another conspiracy theory from some nutty far-right website (Nope, that guy’s not antifa either!), and you stumble upon a previously undocumented assault on a member of the U.S. Capitol Police, who weren’t wearing body cameras. It was dopamine hit after dopamine hit after dopamine hit.

“It’s a thrill and feeling of fulfillment that is unmatched by anything else I’ve ever done,” Josh said.

More than two years into the sprawling investigation, new identifications weren’t stopping. Josh primarily focused on archiving videos and photos from Jan. 6, creating backups of open-source materials he found online and making them available to other researchers in a permanent database. “Finding needles in haystacks online,” he said, “that's what I’m really good at.” But on this day, he took a swing at making an ID.

After running a rioter’s photo through a facial recognition site — and then combing through what he described as “an avalanche of dicks” upon discovering images of the suspect on numerous explicit websites — he was able to identify a former gay porn actor who appeared to assault a police officer. That wasn’t even the first time the sleuths found a suspect thanks to a rioter’s previous work in pornography.

“The things I do for this country,” Josh jokingly messaged me when he got a match. “The number of dicks I’ve had to see in the name of preserving our democracy, someone should give me a goddamn medal.”

He shared his latest finding with his small crew of sleuth friends from across the country, laying out yet another identification that would eventually make its way to the FBI.

“WTF am I unlocking my computer to?” wrote the Trump-voting sleuth after Josh dropped a link to erotic photos in the group chat.

“patriotism bitch,” Josh replied.

Since a mob of Donald Trump supporters whipped up by his lies about the 2020 election stormed the U.S. Capitol on Jan. 6, I’ve immersed myself in the communities of online sleuths who are driving the FBI investigation. I learned the names of hundreds of Jan. 6 participants before their arrests, including the identities of over 100 individuals whose images are currently featured on the FBI’s Capitol Violence page, but who still haven’t been charged.

There was a funeral home owner who’d sprayed cops with a wasp and hornet spray. A celebrity photo collector who’d had his photo taken with Rihanna, Selena Gomez and Kim Kardashian. An ex-NFL player. A former race car driver. A neurosurgeon. A stand-up comic named Kevin Downey Jr., who’d been on “America’s Got Talent” a decade earlier. A Trump enthusiast who’d flashed a gun at the Capitol and then fatally stabbed a 19-year-old at a park a few months later. Yet another male model, yet another corrections officer, yet another police officer, yet another real estate agent. A fan of anthropomorphized animals, seen on the Senate floor on Jan. 6, who was identified because a sleuth did a deep dive into the world of furries and found the man’s name (and his pseudonym, or “fursona”) because the man hosted a furry Thanksgiving party at his “den.” A guy who’d previously been arrested for playing a musical instrument naked in public, and a guy who’d since been arrested for walking around his neighborhood without pants. A man associated with the Proud Boys who’d been at the Capitol with his son and was subsequently arrested — with the help of DNA — for the decades-old murder of a 17-year-old girl.

I spent months getting to know many of the sleuths, and met many of them in person. I’ve talked to Sedition Hunters all over the country about their techniques, their motivations and their biggest finds. I know some by their real names, others only by their handles and their investigative track records. We’ve bonded over child-rearing, attention deficit hyperactivity disorder (ADHD, a common diagnosis among sleuths, it turns out!), sports rivalries, bingeable shows and memes. Lots of memes.

Some sleuths kept at it a few weeks, others a few months. Others popped in-and-out, as their life and schedule allowed. Some were already plotting what was going to happen after Jan. 6, 2026, when the statute of limitations expired, and the justification for withholding the names of identified rioters from the public — namely, that making those names known would negatively impact the cases they hoped the feds were building — was no longer a concern.

I’ve covered the Justice Department for more than a decade, and I’d talked with FBI informants before. But none of them hold a candle to the impact the Sedition Hunters have had. Working out of their home offices, from their couches, kitchen tables, bedrooms, garages and — in one case — from the sleeper cab of their semitruck, this group of anonymous Americans has been working to hold the FBI’s feet to the fire to make sure these cases don’t get buried.

Jan. 6 was a pivot point for American democracy. It was also a pivot point for the FBI and law enforcement, which were caught flat-footed despite all the warning signs flashing online ahead of the Capitol attack, and who were left playing catch-up with open-source researchers moving at internet speed.

“They are these investigations,” one law enforcement official told me. “I am so incredibly grateful to the sleuths for everything they have done. But what an egg on the face of United States law enforcement.”

More than two decades ago, after the Sept. 11 attack, the FBI realized how outdated their technology was. They were “hamstrung,” as one report put it, on doing basic searches through the data they’d collected. The FBI director described the system as “cumbersome” and “difficult,” while a news story said the bureau’s computer systems were in the “high-tech equivalent of the Stone Age.” A New York Times headline declared the bureau had a “Computer System That Makes Data Secure, but Hard to Find.” It took a decade and $451 million, but the FBI finally deployed a new computer system in 2012, the year Barack Obama was reelected and the iPhone 5 debuted.

Even now, 22 years after Sept. 11 — enough time for an FBI special agent to have enrolled at Quantico in their mid-thirties and then left the bureau at the mandatory retirement age of 57 — the bureau’s technological capabilities are still frequently behind the curve.

On Jan. 6, the acting number two at the Justice Department found out the Capitol had been breached because he saw it on a television in the acting attorney general’s office. So Richard Donoghue headed across the street, to the FBI headquarters building, figuring they’d be on top of it. “They didn’t have a lot of information,” Donoghue said. “They had the screens showing people marching through the rotunda as well, but they didn’t have a lot of information as to exactly what was going on at the Capitol.”

The FBI’s deputy director, Donoghue learned, went over to the FBI’s Washington Field Office, so he joined him. But the command post there was the same scene: people watching television, shouting information. The duo soon decided to just head over to the Capitol themselves, to avoid the information lag.

Donell Harvin, who oversaw the National Capital Region Threat Intelligence Center, had a much different experience on Jan. 6. He saw the mob move toward the Capitol. He watched the tugging and pulling on the “loose and ragged” defenses the police had set up: bike racks. He watched things deteriorate quickly. He texted someone that the mob was going to breach the scaffolding; then they did. He watched them storm into the building. What was happening was “not being carried in live media because the media aren’t down range,” he said, but he had an advantage.

“I wasn’t watching on television like everybody else was,” Harvin said. “We have other means to look at some of these things, most of them as social media. People are live streaming them. So we have access to that. It’s OSINT.”

OSINT, or open-source intelligence, is a phrase self-described “gray haired grandma” Donna had to Google when she first started getting involved in online sleuthing efforts after Jan. 6. She watched the attack on two screens as well: on television and on her laptop, as she scrolled through X, the platform formerly known as Twitter. Donna got involved in the early sleuthing efforts, and she eventually had a contact at the FBI. She was surprised how far behind the FBI was.

“The thing that kept me going was how slow they were and how awful they were at catching up to us on Twitter,” Donna said. “They’re just slow. This many people committing crimes on the same day obviously just overwhelmed the system; it’s not designed to handle that.”

The FBI the sleuths came to know wasn’t living up to the Hollywood hype. “We’ve all watched too many movies,” one said. “Do we all just overestimate their capacity based on watching too much TV?” One sleuth who worked closely with the bureau on Jan. 6 cases described the FBI computer system as “fucking stupid” and said it makes it “very difficult for them to use and find stuff.” Multiple sleuths told me they had to format the reports they sent to the FBI to make sure they didn’t surpass the email file size limit, since the bureau wasn’t keen on using file-sharing programs. Once they got to the FBI, those reports had to be chopped down even more to be entered into their system, which could only accept files up to a few megabytes: Roughly the size of an eight-second iPhone video or a series of high-quality photos. Sometimes the FBI would dispatch special agents out on long drives, killing hours in the car just to pick up USB drives.

Up until a few years ago, FBI email addresses were formatted as @ic.fbi.gov, which stood for “internet café,” from the days of dial-up and AOL. Inside the FBI, it was a huge “pain in the ass,” one former FBI official told me, to move files from the “low side” (unclassified) to the “high side” (classified) and vice versa, which would require special permission and a thumb drive. Not long ago, some news websites and X would be blocked on the FBI’s internal system. Then there were the FBI-issued cell phones. “The phones were terrible,” the former official said. They were the same type of phones that were available to the public, but had been loaded up with software operating in the background that made them super slow. “They didn’t really work as intended.”

There were understandable reasons why the bureau needed to take extra precautions to make sure their network wasn’t penetrated. Bureau data was a huge target for outsiders, especially foreign adversaries. Even so, the FBI’s policies and outdated tech kept them cut off from what was happening online.

At the bureau, there was an attitude that agents were “only as good as your undercover sources,” said one law enforcement official. Old habits die hard, and FBI culture placed more value on an inside, covert human than open-source intelligence.

But the great thing about OSINT was the FBI didn’t have to put all their faith in the sleuths. The bureau could simply vet the information themselves, or use their law enforcement powers to verify that the suspects identified by the sleuths had used their cell phone in the Capitol, or booked a hotel or used a credit card in the D.C. region on Jan. 6.

Still, it took several months for the relationships between the FBI and online sleuths to formalize and prosper. In 2021, some online sleuths were impressed by the bureau and happy to do whatever they could to assist the investigation. By 2023, the power dynamic had shifted. Now the FBI was deeply indebted to the sleuths, frequently reaching out to the investigators and asking them to check their work, to build their case, to find all the evidence that the bureau’s own investigation had missed. The sleuths, on the other hand, were ramping up pressure on the FBI, wondering why cases were taking so long and calling on the bureau to arrest some of the suspects they’d identified more than two years ago.

To be fair, the bureau had reason to be skeptical of the work of anonymous online investigators in the wake of the Capitol attack. They’d been burned before. During the 2013 hunt for those behind the Boston Marathon bombing — an attack the FBI first learned about via tweet — Reddit exploded as a mass of amateur sleuths looked for the figures who they thought may have been responsible for the attack.

It was a disaster. Someone posted photos of two people they thought were bombers. They were not — but it was too late, and the New York Post splashed their image on the cover. (The paper eventually settled a lawsuit on undisclosed terms.)

The Boston Marathon bombing was a cautionary tale about how online sleuthing could get out of control easily. It also changed the trajectory of the FBI investigation, with the false rumors popping up online influencing law enforcement’s process. The decision to release photos of the actual suspects was made to limit the damage being done to innocent parties, to stop the “freelance sleuthing,” as the Washington Post put it.

Once the photos of the actual Boston Marathon bombing suspects were put out, an accurate tip from a family member did come in. Eventually the FBI caught up to Dzhokhar Tsarnaev, the brother who survived a shootout with police and hid in the back of a boat on a trailer in a backyard in Watertown, Mass. After Tsarnaev’s capture, law enforcement officials held a press conference in the parking lot of the Watertown mall.

Standing in the parking lot during the press conference that night was a Boston Police K-9 officer. An ABC News camera on the scene picked up a nice, clean face shot, and a screenshot from the video ended up on a website. Eight years later, that former K-9 officer would storm the U.S. Capitol building on Donald Trump’s behalf, wearing a Boston sports hat.

In the spring of 2022, online sleuths would send his name to the FBI after getting a facial recognition match. Twelve months later, there was movement. A decade after working the Boston Marathon bombing, retired Boston Police officer Joseph Fisher was arrested in March 2023, charged with attacking a Capitol Police officer with a chair.

This time, the sleuths had done it right.

From the book SEDITION HUNTERS: How January 6th Broke the Justice System by Ryan J. Reilly. Copyright © 2023 by Ryan J. Reilly. Reprinted by permission of Public Affairs, an imprint of Perseus Books, LLC, a subsidiary of Hachette Book Group, Inc., New York, NY, USA. All rights reserved.