A Spotlight On The Dark Web

CyberPeace Institute
Alexis ALLEY

Dark Web Monitoring Tool Review

The Dark Web

In the vast expanse of the internet lies a hidden realm known as the Dark Web. It is an intriguing and often misunderstood corner of the digital landscape. In this blog post, we will delve into what the Dark Web truly is and shed light on the specific risks and challenges faced by non-governmental organizations (NGOs). 

The Dark Web can be envisioned as a portion of the internet that requires specific software and configurations to access. It operates outside the realm of traditional search engines, utilizing encrypted networks and anonymous communication channels. While the Surface Web—what we commonly navigate—represents only a fraction of the internet, the Dark Web constitutes a small portion of the much larger Deep Web, including content not indexed by search engines.

Within the Dark Web, various illicit activities occur, ranging from illegal trade to the exchange of sensitive information. This anonymous environment appeals to cybercriminals, hackers, and individuals seeking to engage in illicit behavior away from the prying eyes of law enforcement. Consequently, NGOs, with their commitment to promoting human rights, social causes, and advocacy, can become targets within this hidden realm.

The threats that NGOs face in the Dark Web are multifaceted. Malicious actors may leverage the platform to plan and coordinate cyberattacks, launch disinformation campaigns, leak or sell sensitive data breached during a cyberattack or engage in activities that aim to undermine the missions of these organizations. 

Dark web monitoring is the practice of tracking activity on the dark web to identify potential threats to an organization. This may include monitoring for stolen data, compromised credentials, or any other sensitive information that may be available for sale on the dark web. The goal of dark web monitoring is to identify and mitigate potential risks before they become a problem for the organization.

Jack Lightfoot, a fellow CyberPeace Builder shares the most common compromise that he identifies during the monitoring process is “third party compromises from password re-use.” Let’s say you work for a large NGO and the third party video platform that you use to edit your videos gets compromised. 

“It’s not going to be hard for them [cybercriminals] to find your domain. It’s not going to be hard to find your email from this compromise too, that’s easy.”

 It is very common for people to re-use the same username and password for multiple accounts, Jack warns that the vulnerability of third party platforms can give cybercriminals an easy way to access the credentials needed to compromise the critical services of your NGO. To determine what information online is a potential threat requires the development of skills and expertise to “sift through the fog of data.”

Dark Web Monitoring

Organizations may use dark web monitoring services to detect security breaches, identify and mitigate potential cyber threats, and proactively monitor their brand reputation. Dark web monitoring typically involves the use of specialized software and tools that scan the dark web for specific keywords, patterns, and other indicators of potential risks. The results of the monitoring are then analyzed by cybersecurity experts, who can provide recommendations for how to address any identified risks.

There are several types of information that can put an organization at risk if they are compromised such as: Personally Identifiable Information (PII), Intellectual Property (IIP), Financial Information, Health Information, and Operational Information. 

Monitoring the dark web for compromised information can provide several advantages for organizations concerned about their cybersecurity. Early detection of data breaches can help organizations take action to mitigate the damage and protect their systems and data. Proactive threat intelligence can allow organizations to stay ahead of cybercriminals and protect their systems and data from attacks. Monitoring the dark web for stolen or compromised information can help organizations protect their sensitive data, comply with regulations, and improve their incident response capabilities. By identifying potential threats early, organizations can reduce downtime and other disruptions caused by cyber attacks, making it an important part of a comprehensive cybersecurity strategy for any organization.

Protecting your nonprofit

Non-profit organizations can benefit from conducting Dark Web Monitoring through the CyberPeace Builders program. Offering free cybersecurity support from expert volunteers can help nonprofits develop a comprehensive cybersecurity strategy. Using a specialized software tool called Kaduu, provided by one of our corporate partners, Builders can support nonprofits monitoring activities on the dark web that could pose potential threats to their organization. 

Supporting a nonprofit organization dedicated to violence prevention and peace promotion, CyberPeace Builder Marco says “[Kaduu] lays out the information easily showing the dark web mentions and social media mentions revealing the compromised credentials. With the old approach, I had to ask for a list of all the email addresses in their environment to get that information. Now, the software makes the process a lot easier for me and for the beneficiary as I can simply enter the organization domain.” 

Having already supported the nonprofit with Dark Web Monitoring, Marco was able to conduct a comparative analysis from his own Dark web monitoring process he has developed and perfected in comparison to the information provided by the Kaduu tool. “It matched my results exactly so looks like Kaduu is taking the right resources into account”. 

The nonprofit organization International Bridges to Justice successfully carried out a Dark Web Monitoring mission and reports, “We were really grateful to have an expert take the lead. Using an advanced tool designed to cross-reference with the dark-web, we were quickly told that there were no visible threats to our organisation.The results of the analysis were communicated and broken down in an easy to understand format that was highly reassuring for our team.”

It can be challenging to present the findings to beneficiaries in a way that is easily understandable and doesn’t cause unnecessary concern. Thanks to Kaduu, the CyberPeace Builders can provide a breakdown of the results that is both informative and reassuring, allowing non-profits to take necessary actions to protect their information from malicious actors. 

To ensure the safety of their information and protect their beneficiaries, nonprofits can register with CyberPeace Builders and utilize our free dark web monitoring services and other cybersecurity services. By partnering with CyberPeace Builders, nonprofits can take proactive steps to safeguard their data and stay ahead of potential cyber threats.

© Copyright 2023: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.