Cyber Incident Victim: Pro-ISIS Facebook Clone
Date:
Mar 2015
Location:
United States of America
Summary
A pro-ISIS social media platform mimicking Facebook was rapidly terminated after launch, with conflicting claims attributing its removal to activist interventions and operational security measures by its operators. The site, built using a DIY platform and hosted in the US while falsely registered to ISIS-controlled territory, promoted extremist content under the guise of community engagement, denying formal ties to the terrorist group despite echoing its propaganda themes. This incident occurred amid increasing restrictions on jihadist materials by mainstream platforms, reflecting ongoing tensions between extremist online activities and counter-efforts, including prior cyber intrusions attributed to ISIS sympathizers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A pro-ISIS social media platform named "5elafa book" (Khelafabook), meaning "CaliphateBook," launched on a Sunday in March 2015, presenting itself as a Facebook clone designed to facilitate communication among supporters of the Islamic State. The site featured a login interface resembling Facebook’s design and promoted itself with taglines encouraging users to "stay ahead of the world," monitor trends, and connect with relevant individuals. Initial reports indicated the platform was built using Socialkit, a DIY social media toolkit, and was hosted by US-based provider GoDaddy, though registration data falsely listed Mosul—an ISIS-controlled Iraqi city—as its home address and Egypt as its country of origin. Within approximately 24 hours of going live, the site was forced offline, and an associated Twitter account was simultaneously suspended. Certain hacktivists identifying with the Anonymous collective publicly claimed responsibility for the takedown on social media, though no technical details of their involvement were disclosed. The operators of 5elafa book subsequently displayed a shutdown notice on the site, describing the action as temporary and necessary to protect member data and safety.
The site’s operators explicitly denied formal affiliation with the Islamic State in their public statement but framed the platform’s purpose as countering perceptions that ISIS supporters "only carry guns and live in caves." Despite this disavowal, the message contained content mirroring ISIS propaganda, including glorification of martyrdom and assertions of intent to establish global rule under Islam. The creation of 5elafa book appeared motivated by increased moderation of pro-ISIS content on mainstream platforms like Facebook and Twitter, compelling supporters to seek alternative channels. This incident followed earlier demonstrations of cyber capabilities by ISIS-aligned actors, including the January 2015 breach of US Central Command’s YouTube and Twitter accounts by a group calling itself "CyberCaliphate," which involved defacements and leaks of sensitive documents. No technical details regarding 5elafa book’s user base, data collection practices, or specific security vulnerabilities were disclosed in available reports following its takedown. The incident underscored ongoing tensions between extremist groups’ efforts to exploit social media and coordinated responses by platform providers and activist hackers.