ShadowDragon: Inside the Social Media Surveillance Software That Can Watch Your Every Move

A Michigan State Police contract, obtained by The Intercept, sheds new light on the growing use of little-known surveillance software that helps law enforcement agencies and corporations watch people’s social media and other website activity.

The software, put out by a Wyoming company called ShadowDragon, allows police to suck in data from social media and other internet sources, including Amazon, dating apps, and the dark web, so they can identify persons of interest and map out their networks during investigations. By providing powerful searches of more than 120 different online platforms and a decade’s worth of archives, the company claims to speed up profiling work from months to minutes. ShadowDragon even claims its software can automatically adjust its monitoring and help predict violence and unrest. Michigan police acquired the software through a contract with another obscure online policing company named Kaseware for an “MSP Enterprise Criminal Intelligence System.”

The inner workings of the product are generally not known to the public. The contract, and materials published by the companies online, allow a deeper explanation of how this surveillance works, provided below.

ShadowDragon has kept a low profile but has law enforcement customers well beyond Michigan. It was purchased twice by the U.S. Immigration and Customs Enforcement agency in the last two years, documents show, and was reportedly acquired by the Massachusetts State Police and other police departments within the state.

Michigan officials appear to be keeping their contract and the identities of ShadowDragon and Microsoft from the public. The Michigan.gov website does not make the contract available; it instead offers an email address at which to request the document “due to the sensitive nature of this contract.” And the contract it eventually provides has been heavily redacted: The copy given to David Goldberg, a professor at Wayne State University in Detroit had all mentions of ShadowDragon software and Microsoft Azure blacked out. What’s more, Goldberg had to file a Freedom of Information Act request to obtain the contract. When the state website did offer the contract, it was unredacted, and I downloaded it before it was withdrawn.

Last year, The Intercept published several articles detailing how a social media analytics firm called Dataminr relayed tweets about the George Floyd and Black Lives Matter protests to police. The same year, I detailed at The Intercept how Kaseware’s partner Microsoft helps police surveil and patrol communities through its own offerings and a network of partnerships.

This new revelation about the Michigan contract raises questions about what digital surveillance capabilities other police departments and law enforcement agencies in the U.S. might be quietly acquiring. And it comes at a time when previously known government social media surveillance is under fire from civil rights and liberties advocates like MediaJustice and the American Civil Liberties Union. It also raises the specter of further abuses in Michigan, where the FBI has been profiling Muslim communities and so-called Black Identity Extremists. In 2015, it was revealed that for years, the state police agency was using cell site simulators to spy on mobile phones without disclosing it to the public.

“They endanger Black and marginalized communities.”

“Social media surveillance technologies, such as the software acquired by Michigan State Police, are often introduced under the false premise that they are public safety and accountability tools. In reality, they endanger Black and marginalized communities,” Arisha Hatch, vice president and chief of campaigns at civil rights nonprofit Color of Change, wrote in an email.

Michigan State Police spokesperson Shanon Banner said in an email that “the investigative tools available to us as part of this contract are only used in conjunction with criminal investigations, following all state and federal laws.” The founder of ShadowDragon, Daniel Clemens, wrote that the company provides only information that is publicly available and does not “build products with predictive capabilities.”

A Shadowy Industry

Kaseware and ShadowDragon are part of a shadowy industry of software firms that exploit what they call “open source intelligence,” or OSINT: the trails of information that people leave on the internet. Clients include intelligence agencies, government, police, corporations, and even schools.

Kaseware, which is partnered to ShadowDragon and Microsoft, provides a platform for activities that support OSINT and other elements of digital policing, like data storage, management, and analysis. Its capabilities range from storing evidence to predictive policing. By contrast, the two ShadowDragon products acquired by the Michigan State Police are more narrowly tailored for the surveillance of people using social media, apps, and websites on the internet. They run on the Kaseware platform.

To understand how Kaseware and ShadowDragon work together, let us consider each in turn, starting with ShadowDragon.


social-net

Screenshot: The Intercept

ShadowDragon: Social Media Surveillance

The Michigan State Police purchased two of ShadowDragon’s OSINT intelligence tools to run on the Kaseware platform: SocialNet and OIMonitor.

SocialNet was invented by cybersecurity consulting firm Packet Ninjas in 2009. Clemens, Packet Ninja’s founder and CEO, went on to start ShadowDragon as a sister company in 2016, licensing the cyber intelligence and investigative tools developed by Packet Ninjas over the prior decade.

At the time of SocialNet’s creation, investigators were left to search social media networks for clues manually. If a person made a public post on Twitter or Facebook, for example, an investigator was free to look online, but they had to personally log onto and search one social network at a time, post by post, for people who might be suspects and for their friends and other associates.

“What used to take us two months in a background check or an investigation is now taking between five to 15 minutes.”

Alerted to this problem by a friend from Pretoria, South Africa-based Paterva, makers of the Maltego OSINT platform, Clemens decided to build SocialNet. As he put it in an interview, “the idea [behind SocialNet] was, let’s throw a net out into all of the social media platforms, the social media universe, and see what we get back.” Clemens has claimed in a company video that “when the FBI started using [SocialNet], they did an evaluation” and concluded “what used to take us two months in a background check or an investigation is now taking between five to 15 minutes.”

Today, SocialNet says it pulls data from more than 120 social media networks, websites, and platforms, as well as from the dark web, data dumps, and RSS feeds. A full list of sources isn’t available, but a company promotional video and listing at the Maltego website gives an indication of which websites fall into their surveillance net:

AOL Lifestream | Amazon | Ameba | Aodle | BabyCenter | BitChute | BlackPlanet | Blogger | Busted! Mugshots | Buzznet | Cocolog | Companies House | Crunchbase | Dailymotion | DeviantArt | Ebay | Etsy | Facebook | Flickr | Foursquare | Gab | GitHub | Goo | Google | Google+ | Gravatar | Hatena | Huffington Post | ICQ | IMVU | ImageShack | Imgur | Instagram | Instructables | Jugem | Kik |LinkedIn | LiveJournal | Livedoor | Mail.ru | Menuism | MeWe | MySpace | Naijapals | Netlog | OK Cupid | Okru | Olipro Company | Pandora | Pastebin | PayPal | PGP | Photobucket | Pinterest | Plurk | POF | PornHub | QQ | Reddit | ReverbNation | Seesaa | Skype | SoundCloud | SourceForge | Spotify | Sprashivai | Steam | Sudani | Telegram | Tinder | TripAdvisor | Tumblr | Uplike | Vimeo | Vine | Virus Total | VK | Voat | Weibo | Xing | Yahoo | Yelp | YouTube | Zillow