While not the first instance of an individual using violence as a means to project their own political agenda, this one was absolutely one of the most expansive, targeting more than a dozen individuals across the United States. The FBI, working judiciously and maximizing the capabilities of their labs, were quickly able to identify Cesar Altieri Sayoc as the individual who, “attempted to transport and receive, in interstate and foreign commerce, an explosive with the knowledge and intent that it would be used to kill, injure, and intimidate individuals, and unlawfully to damage and destroy buildings, vehicles, and other real and personal property.”  A five count criminal complaint to this effect was crafted by the Department of Justice for the Federal Court in the Southern District of New York.

The clue which broke open the investigation for the FBI was Sayoc’s fingerprint on one of the envelopes, and Sayoc’s DNA found on a component of two separate devices which mailed to different targets.

Social Media Clues

After the fact review indicates early warning of Sayoc’s extremism were available on social networks. Additionally, his Twitter account had misspellings of names identical to that found on and within the mailed devices.

On October 26, Rochelle Ritchie highlighted to Twitter Sayoc’s extremism and threats directed toward her following her appearance on Fox News. Why Ritchie did not also contact her local law enforcement nor the FBI is unknown.

Privacy laws dictate that account content is accessible via a warrant in order to protect the rights of citizens and persons within the United States. Despite that belief U.S. law enforcement is already vacuuming all the social networks and sucking every posting or comment into their databases for analysis. The reality is the level of social network monitoring is minimal, and account dissection requires a warrant.

Perhaps if Ritchie had also taken her complaint to the FBI and local law enforcement, it would have been sufficient to allow a warrant for review of his social network accounts to have occurred prior to Sayoc mailing the packages containing explosive devices, given the incident occurred two weeks prior to the packages being received by Sayoc’s targets. Furthermore, nearly identical threats were made to both former Vice President Biden and Congresswoman Waters in prior months.

Social Network Monitoring?

Does your organization or company monitor social networks for individuals or entities which are posting information which may be indicative of intent to harm your employees or company assets (buildings, vehicles, aircraft, etc.)?

How many and which social networks are being monitored by corporate security? In the case of Sayoc, his Twitter account clearly detailed his extremist views and contained threats to individuals in media and politics (Ritchie – October 2018, Biden – September 2018, Waters – June 2018)

Does your entity have a protocol for bringing extremist or threatening social network activities to the attention of the facility security officer, the corporate or government entity’s security office, and to law enforcement?

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com