AMMAN, Jordan—Bitcoin grifters last week commandeered the Twitter accounts of Barack Obama, Jeff Bezos, Elon Musk and Joe Biden. Russian foreign intelligence operatives have been hacking American, Canadian and British coronavirus vaccine research, according to the UK National Cyber Security Centre. And, as if not to feel left out of this growth industry of cyberwarfare, the Islamic State has lately been stealing ordinary people’s accounts on Facebook—not just to post its usual jihadist propaganda but also to egg on American social unrest under false identities.
As outlined in a new in-depth report by the Institute for Strategic Dialogue (ISD), while the social media company has managed over the last two years to detect and delete 99 percent of terrorism-related posts, ISIS supporters have figured out ways to make themselves and their content part of that remaining 1 percent.
For starters, they have figured out how to finagle two-step verification using two apps that facilitate the interception of password reset texts, and they even shared video tutorials explaining how to use this technique to hijack real Facebook accounts. Once that’s done, they use the access to instruct the faithful on how to foment racial and civil unrest.
“We have no tolerance for terrorist propaganda on our platform and remove content and accounts that violate our policy as soon as we identify them,” a Facebook company spokesperson told The Daily Beast.
The basic messaging is much the same as that described by Robert Mueller in the indictments of Russian operatives who set out to influence the 2016 U.S. presidential election. But, at least in terms of content, the Kremlin’s ops were paragons of sophistication compared to what we’ve seen thus far from ISIS.
The terrorist group’s latest digital toolkit looks like a low-budget knock-off of the Russian Internet Research Agency’s well-documented social media war on America. But if their results thus far are risible, their intentions are not. Barack Obama once made the mistake of calling ISIS “a J.V. team.” Nobody should do that again.
Over the past three months, Institute for Strategic Dialogue researchers watched in real time as networks of ISIS supporters on Facebook “comment-bombed” the U.S. Department of Defense, the U.S. Air Academy, the U.S. Army, and even Donald Trump’s presidential page. ISIS supporters manufactured a social media outlet called Ruma, named after its longstanding propaganda rag Rumiyah, to organize online swarm attacks on their main enemies. (Rumiyah means ‘Rome’ in Arabic and the magazine is so called because once upon a time the jihadists imagined they’d sack the European capital and seat of world Christianity.)
Shit-posting is a far cry from sacking cities across the Middle East; nor is it nearly as dangerous as openly inciting and inspiring real-life atrocities worldwide through simple but effective how-to manuals.
Nonetheless, ISIS’s new gambit demonstrates just how responsive and adaptive it is when it comes to the propaganda and disinformation racket, which is now the purview of nearly every hostile foreign intelligence service.
In this case, first spoof a real person—which is to say camouflage communications to look like they’re coming from known and trusted sources—then flood the ecosystem with spurious content.
The crude way ISIS has prosecuted its new trolling jihad suggests it’s still in early days.
On June 6, for instance, a curious set of Facebook accounts with Western names like Aline, Rand, Sophie, and Matthew were featured in a 15-minute video titled, “There is No Saviour,” a montage of ISIS military victories, broken up by a five-minute segment dedicated to their incredibly small wins in a “cyber-attack” by “[caliphate] supporters against [the] Donald Trump page.”
The segment began with on-screen text that detailed a “raid” on a June 2 presidential Facebook post about deploying the National Guard to New York City, as the country was in the throes of nationwide protests in response to the police killing of George Floyd.
The video described how supporters could sow further division in the U.S. by masquerading as Black Americans and posting provocations such as “weapons not only for white we can shot [sic] too,” and “do not threat [sic] us with National Guard we are already Warriors,” hashtagged “The Black Army.” Supporters even changed their avatars to photographs of George Floyd.
The move was a B-movie reenactment reminiscent of Russia’s well-documented attempt to impersonate Black Lives Matter accounts in 2016.
No doubt “Rand,” “Aline” and “Matthew” heralding Salafi-jihadist victory while decrying systemic racism in America made it difficult for even the most credulous Trump supporter to believe this was anything other than a cybersecurity compromise: MAGA types on the president’s official Facebook page weren’t buying it. Neither were their many detractors. But of course that didn’t stop ISIS from celebrating the “raid” as a success, proving the platform which claims to remove 99 percent of terrorist content preemptively is still very much susceptible to penetration.
The presidential page attack was one in a series of digital ISIS raids. The first was on the Department of Defense and was organized by a pair of Ruma supporters who organized the swarming of the U.S. military Facebook pages. The goal was to “terrorize the Crusaders” by targeting the Pentagon’s social media presence. The comments section underneath these posts became virtual proving grounds, with different ISIS supporters sharing prefab posters and copied-and-pasted texts in both English and Arabic. One image featured thick plumes of smoke wafting from one towers of the World Trade Center on 9/11, as an airplane flew into the other. “We will do it again wait for the date” was the warning branded with a Ruma logo.
ISIS then recycled the same content to attack both the U.S. Air Force Academy and the U.S. Army Facebook pages in late June and early July. Supporters took particular umbrage at the U.S. assassination of former leader Abu Bakr al-Baghdadi in October 2019 and posted a series of images of black-clad fighters, emblazoned with stenciled text reading “IF YOU KILLED AL-BAGHDADI THEN HIS SOLIDERS DIDN’T DIE AND THEY WILL REVENG [sic].”
So much for the Michael Bay-level production value of ISIS's propaganda in its heyday; now the army of terror is hawking what look like home movies shot on BetaMax. (The U.S. Air Force Academy seems less amused than alarmed: it blocked and referred the accounts to its internal Office of Special Investigations.)
ISIS now controls at least five standalone websites on the open web, including a “jihadist-Netflix” (no affiliation with the actual Netflix) which runs promotional videos for its URL on both Twitter and Facebook. None of these sites has been removed. One is a 24/7 streaming radio service that broadcasts playlists from ISIS’s al-Bayan radio station, which was bombed off the airwaves in 2016 by coalition forces but has now found a second life online as a video platform.
ISIS’s fellow travelers also control four websites in Bangla, just for supporters in South Asia. It has a news aggregator website, which is the top hit out of 17 million when users search for “Muslim news” in Arabic on Google. In May, the ISIS-supporter “Caliphate Cyber Shield” released a video detailing its hacking exploits, breaking into the U.S. Police Association’s website as well as the African Union’s online monitoring and evaluation tool, and subsequently deleting administrators and other users from the platform. It is similarly rebuilding its capabilities on social media, through the use of mobile applications that exploit two-step verification and allow ISIS supporters to commandeer existing user profiles.
So far, the readable yield of such efforts seems more akin to angsty 4Chan users than to a once formidable transnational insurgency. The loss of its centre of gravity in Raqqa and Mosul has meant a decentralization of proselytization and recruitment efforts and with it an inevitable drop in sophistication.
It’s been hacking for years, after all, mainly for the purpose of announcing itself as a formidable threat. “We were here and we can get you anywhere” seemed to be the mainstay of its cyber-espionage campaigns when it had a physical presence superimposed across two Middle Eastern countries.
Now, as its far-flung flunkies abscond back into the shadows, it’s taken to trying to persuade through plausible deniability. “Meghan from Ohio” simultaneously calling to defund the police and kill all apostates may seem too stupid to take seriously, but if the last few years have demonstrated anything it’s that it doesn’t take much external interference for America to destroy itself from within. And it’d be a mistake to dismiss these early forays into sock-puppetry because the tradecraft is so transparent. ISIS will learn and get better—and America better be ready.