ISIS proves savvy in social media, cyber-domain

An image taken from an ISIS propaganda video in 2014.

The military has had its hands full combating ISIS on the battlefield in both Iraq and Syria, attempting to use air power to push the group back from territorial gains. Aside from the difficulties of engaging in another gritty urban combat environment, with the help of 60 nations participating in the U.S.-led coalition, ISIS has also proven themselves adept in the cyber realm – a scary prospect.

Individuals and groups who claim to either be working on behalf of ISIS or purport to be directly affiliated with the terrorist entity have mounted headline-grabbing attacks online, such as the hacking of Central Command’s Twitter feed, the hacking of small U.S. business webpages and, most recently, the posting of personal information of U.S. military personnel.

On top of these feats, ISIS has instituted an effective social media campaign that uses high-quality videos and messaging for both propaganda purposes and recruiting disaffected individuals to their cause. Much attention has recently shifted to ISIS’ online presence and cyber capabilities.

A report released this month by the Brookings Institution sought to add context to ISIS’s Twitter presence, tactics and use of social media as a whole, while offering recommendations for governments and the private sector to counter these efforts. The “ISIS Twitter Census,” thought to be the most exhaustive piece of research thus far on the topic, analyzed a sample of 20,000 Twitter accounts thought to be associated with ISIS during a period between Oct. 4 and Nov. 27, 2014, with some additional data sets collected in September 2014.  Despite estimates in the range of 90,000 users, the report only estimated around 46,000 active accounts at any given moment due to suspensions and various other metrics.       

According to the report, ISIS used various bots and apps to artificially build up its Twitter presence. Bots and apps of this kind are “small pieces of computer software or third-party services designed to promote content from a Twitter account automatically, without a human being manually sending tweets,” the report stated. They also, like popular dashboards such as Hootsuite, can schedule tweets to go out at a certain time. In fact, some bots and apps were capable of producing more than 1 million tweets per day and 1,000 tweets per minute.     

ISIS also favored Android mobile phones and devices over Apple’s iPhone to send mobile tweets. The breakdown from the report: “69 percent had downloaded a Twitter client from the Google Play store or Google.com. Another 30 percent used a client downloaded from the Apple iTunes store, and about 1 percent had downloaded a client from Blackberry.com.” ISIS actually went so far as to ban iPhones among its members in December 2014 due to security concerns, although Apple products are generally considered to be more secure globally than Android devices.

The report also discovered that Twitter accounts affiliated with ISIS did not tweet every day or even on a regular basis. Despite a high average of tweets among supporters, this statistic is somewhat warped due to a high volume of tweets during particular events in which ISIS or its supporters were heavily trying to push propaganda such as a recent video or audio message. Additionally, the number of followers by ISIS-affiliated accounts paled in comparison to those of celebrities and politicians, indicating that ISIS might not be as influential as some may have thought. For example, Secretary of State John Kerry has 400,000 Twitter followers while no overtly official ISIS account topped 50,000.

GPS-linked accounts, meaning individuals who decided to automatically geo-locate where they were sending tweets from their mobile devices, provided reliable coordinates for intelligence officials, the report discovered. Aside from governmental efforts to counter ISIS propaganda, the report also questioned the role of private social media companies such as Twitter in tightening their standards to combat similar groups.

“Social media platforms should consider whether they want to continue with some variation of their current approach, which tends to stomp out fires as they erupt, or whether they want to dismantle or degrade the social networks responsible for setting the fires,” the report said. “While we do not necessarily recommend that social media platforms take the network-wide approach, it should nonetheless be examined and considered in greater depth using social network analysis techniques such as those featured in this study.”

However, suspending each and every pro-ISIS account would “represent a staggering loss of intelligence.”

Other groups fighting in Iraq and Syria have also relied heavily on social media for recruits. According to another recent report, by the Washington Institute for Near East Policy, Facebook was the main tool used by Iranian proxies. “Nevertheless, while ISIS’s social media–based recruitment has been the topic of discussion and focus by Western intelli­gence and media, very little attention has been paid to these incredibly open and active recruitment techniques,” the paper stated. 

While the cyber domain is continuing to grow as a contested environment exploited by malicious actors, the military has turned to revolutionary tools to seek out such activity. Both Adm. Michael Rogers, commander of U.S. Cyber Command, and Dr. Arati Prabhakar, the director of the Defense Advanced Research Projects Agency, spoke recently about how Memex, the innovative search engine for the “dark web,” will increasingly be a useful tool in combatting cyber malice by groups such as ISIS. However, Rogers stated that U.S. Cyber Command is still not fully prepared for full-scale offensive capabilities in the virtual world. 

The military is also taking steps to protect members of the military and their families. DOD CIO Terry Halvorsen issued a memorandum recently warning about the threat of cyber-crime phishing and spear phishing in emails, in social media and phone calls – this in light of recent hacks.

Officials like to use the phrase “whole of government approach” to describe efforts to combat ISIS militarily, diplomatically and in the cyber domain. This phrase refers to a strategy that spans across several governmental agencies that all play a role in combating the group. One of the key players in combating ISIS’s online messaging is the State Department’s Center for Strategic Counterterrorism Communications, which has been described as “the world’s first government-sponsored enterprise not run by an intelligence agency to counter online jihadist propaganda.”