An Isis supporter's Facebook account
Isis supporters hack Facebook accounts and create multiple new accounts to spread propagandaFacebook

Facebook might have protections in place to remove and prevent terrorists from spreading messages, images and videos on the social network, but Islamic State (Isis) has been employing a Whack-a-Mole approach, whereby for every account that Facebook removes, more immediately pop up. Inevitably there is the risk that some will get through.

As previously mentioned in our February investigation into arms dealers using Facebook to sell and trade weapons with users across the Middle East and Africa, Facebook is struggling to detect and remove every account relating to IS as users often hide pages and profiles by giving them Arabic titles.

You would think that it would be very hard to hack into a Facebook account, unless you were willing to play the long game and set up a phishing attack whereby internet users click on malicious links in emails and are tricked into entering their Facebook login details, but no, IS has found another way.

According to Ghost Security Group (GSG), a non-profit organisation of people who analyse information relating to Isis on social media platforms to track potential terrorist activities, Isis supporters are hijacking Facebook accounts by looking for accounts that have been set up using a defunct email address.

How Isis hacks Facebook accounts

"Many people use disposable email addresses to create these Facebook accounts. After a period of inactivity, the email provider assumes you are no longer using the account and free up the name to be given to someone else. So if I make rr@disposableemail.com and then don't use it for a long time, if someone else decides they want to use rr@disposablemail.com, they will say it's available," GSG's tech lead Raijin told IBTimes UK.

"Now if I had used that email to register a Facebook account, but now the email address belongs to someone else, if that person went to Facebook and said: 'I forgot my password and my email address is rr@disposableemail.com', Facebook will send that guy my password reset link. He clicks the link and he now is inside my FB account."

So what do Isis supporters want with someone else's Facebook account? Simple – every user on Facebook has their own personal network of friends, family, neighbours, school friends and colleagues, and they can only see content from those users on their newsfeeds, unlike Twitter, where Isis propaganda runs rampant.

If extremists want to stand a chance of converting more people to support their cause, then they somehow need to access these networks, and what better way to do it then appropriate someone else's Facebook account, change the profile picture and banner image to Isis imagery and post extremist content to share with the user's network.

Creating multiple Facebook accounts in minutes

Instructions on making Facebook accounts quickly
Isis supporters have put instructions on creating Facebook accounts without using a valid email address or phone number onto text-sharing websitesscreenshot by IBTimes UK

But that's still a pretty time-consuming task, and Raijin says that this method is only likely to be done by people who don't have a job, as many of these hackers have presented themselves as a "childish immature group of script kiddies".

IBTimes UK has been investigating Isis channels on the encrypted messenger app Telegram and we have observed Isis supporters teaching other users how to create multiple Facebook accounts quickly, so that they can help extremists' Facebook posts become more prominent on the social network by liking and commenting on the posts (Read: Isis tried to launch a social media propaganda 'attack' and it was a shambles).

In one of the Isis channels on Telegram, we saw supporters post a link to a page on the JustPaste.it text-sharing website, advising users to go to a website called 10 Minute Mail that issues users with a free temporary email address that self-destructs in 10 minutes. We assume that this website was set up for privacy and to aid IT professionals testing databases, but it has been appropriated for spam and propaganda purposes as well.

The 10-minute time frame is just long enough for users to register for accounts on websites, receive a confirmation email (which comes through on the website) and click on the link to confirm the account, and it means that even if Facebook closes down an Isis user's account, they can start a new one almost immediately and propagate it again with extremist content. This same technique is also used on Twitter.