ISIS Tries to Outwit Social Networks

Jun 17, 2014 at 3:58 PM ET

Just as the Islamic State of Iraq and Syria (ISIS) is marching at pace through Iraq, it’s attempting to do the very same online. The extent of the group’s atrocities was introduced to the world via a blitz of horrifying pictures and videos on social networks, intended to shock and intimidate. Resistance on the ground has been paltry so far, but Twitter and Facebook are fighting hard to keep extremists out of their domains. ISIS is innovating quickly, however, and finding ways to outwit the world’s biggest social networks.

As of Saturday, Twitter had moved swiftly to suspend at least six ISIS accounts (the microblogging site remains officially tight-lipped on this), but ISIS is becoming more proactive and creative in overcoming these obstacles. One strategy has been a rapid proliferation of accounts—for every one that is shut down, another pops up. That tactic has been hampered, in Iraq at least, by the Iraqi government blocking Twitter, Facebook and YouTube to prevent their use for propaganda. According to Renesys, Iraq’s Ministry of Communications ordered those sites, along with Whatsapp, Viber and Skype (and all porn sites), to be blocked so that ISIS could not use them against the government.

That’s largely done by DNS blocking, where the government cuts off access to specific sites from large swathes of IP addresses. To circumvent that, ISIS and its sympathizers have been guiding people on how to use Tor, an encryption browser, to hide their IP addresses. It’s not a perfect fix, though. Platforms like Twitter, Facebook and Google don’t like it when users hide their location and will often recognize when their sites are being accessed through Tor, prompting identity verification questions and security barriers. ISIS accounts are pushing out information on how to navigate this technological maze so that their people can keep posting.

The above tweet provides instructions, as well as a list of sites allowing quick registration that easily open with masking software. The Facebook post below explains how to recover a closed account.

Twitter closing accounts of terror organizations is nothing new. Al Qaeda’s Twitter account @shomokhalislam was suspended in September 2013 shortly after the platform was heavily criticized for allowing itself to be used to perpetuate terrorist activities. Twitter also took similar measures with Al Shabaab’s account, shutting it down when the Somalian branch of Al Qaeda claimed responsibility for the attack on a Nairobi shopping mall that left 39 dead and 150 wounded. The Al Shabaab account sprang up time and again with new usernames, but was repeatedly shut down, apparently under one or both of these clauses in Twitter’s terms of service:

  • Violence and Threats: You may not publish or post direct, specific threats of violence against others.
  • Unlawful Use: You may not use our service for any unlawful purposes or in furtherance of illegal activities. International users agree to comply with all local laws regarding online conduct and acceptable content.

For as long as they are up and running, ISIS members and sympathizers tend to use a combination of bots and hashtags to insert their messages into ongoing conversations online. The bots publish the same messages over and over (again, against Twitter’s terms of service), tagged with Twitter’s trending hashtags to reach users all over the world.

Twitter has since shut down the bot account pictured above that Vocativ identified yesterday. You can see Arabic hashtags in the picture, as well as #worldcup2014, used so that anyone searching those hashtags for soccer-related content would, in theory, also find ISIS propaganda, including gruesome images of massacres in Iraq as seen in the post below. A photo search of the tag at the time of writing failed to show up any imagery from Iraq, however.

ISIS came up with yet another innovation: an Android app that allowed the organization to hijack an account and periodically use it to broadcast tweets. As reported by The Atlantic:

“Once you sign up, the app will post tweets to your account—the content of which is decided by someone in ISIS’s social-media operation. The tweets include links, hashtags, and images, and the same content is also tweeted by the accounts of everyone else who has signed up for the app, spaced out to avoid triggering Twitter’s spam-detection algorithms. Your Twitter account functions normally the rest of the time, allowing you to go about your business.”

The app appears to have been taken off the Google Play store—this link to the app, shared prolifically on Twitter, now goes to a dead end. The app still appears on this mirror site.

Noam Binshtok contributed deep web reporting to this article.