ISIS Finding Ways To Evade Detection On Facebook Using Fake Accounts

Screengrab / Facebook App / YouTube


ISIS exploited gaps in Facebook's moderation system, used tactics to avoid detection, and carried out attacks.

The Islamic State group (ISIS) is finding ways to evade detection on Facebook using fake accounts on the platform, according to a report by BBC News.

A study carried out by the Institute for Strategic Dialogue (ISD) tracked activity of 288 Facebook accounts that were linked to an ISIS network over the span of three months.

The users of the accounts were able to exploit gaps in Facebook’s moderation systems, allowing the group to generate a large amount of pageviews on their content.

The researchers from the ISD study say that they watched in real-time as leaders posted instructions for followers to take over comments sections with terrorist material.

ISIS supporters were also found to be plotting, preparing, and launching ‘raids’ on Facebook pages, some belonging to the US military and political leaders.

One of the attacks was against President Trump’s Facebook page, which was flooded with fake African American accounts. Another attack stormed the US Department of Defense and Air Force Academy’s page with messages and pictures of the September 11 attacks.

Another raid began on April 7, when Twitter accounts started sending out a link to a Facebook Watch party. The ISD researchers concluded that this was part of a co-coordinated attempt to ‘amass digital territory’ on Facebook.

The group also hijacked other Facebook accounts and posted tutorial videos to teach other members of the group how to do it.

One of the tactics used by one of the leaders of the attacks was to generate real North American phone numbers and search for a match in Facebook accounts. Once a match was found, a request for a reset code would be sent to the phone number, locking the original account holder out of the site and allowing the attackers to use the profile to spread content.

Other tactics included breaking up text and using unusual punctuation to avoid detection by key words, blurring the ISIS branding or adding Facebook video effects, mixing in material with content from real news outlets, or adding the branding of other news outlets on top of the ISIS content.

In one instance, a 49-minute ISIS Iraq video was uploaded with 30 seconds of the France 24 news channel at the forefront so as to avoid suspicion.

The researchers found that most of the content, about 70 percent, was taken down by Facebook within a three-month time span. However, the attackers were able to easily shift from one account to another, even mocking Facebook for their failure to understand how the group operated on the site.

The author of the study’s report, Moustafa Ayad, said, “The tactics we outline in our report are shifting as we speak. Without a clear understanding of these networks, and their behaviours, responses reliant on takedowns do little to quell ISIS-support expansion across our primary platforms."

Facebook said, “We had already removed more than 250 accounts referenced in ISD's report and are reviewing the remaining 30 accounts against our policies. We have no tolerance for terrorist propaganda on our platform and remove content and accounts that violate our policy as soon as we identify them."

The ISD report says still that Facebook needs to update its detection systems to better protect against repeat offending accounts.

Read the full report here.


U.S. & Global News