HR Management & Compliance

Trojans, RATs, and The Onion Router

Yesterday’s Advisor talked about hackers and your organization’s vulnerabilities. Today, more from Certified Ethical Hacker Daniel Nelson.

Nelson, an Armstrong Teasdale partner who is also a Certified Information Privacy Professional, shared his tips at the ECN (Employers Counsel Network) Annual Conference, held recently in Seattle. (ECN is the network of attorneys from all 50 states who write BLR’s state compliance newsletters.) Reporting provided in part by Celeste Blackburn, BLR Editor.

RATs and Trojans

A Remote Admin (or Access) Terminal (RAT) is a Trojan Horse tool that allows a hacker to control your computer and possibly even admin functions that you don’t have access to. Trojan generators are readily available on the “dark net,” says Nelson. Trojans can be delivered with an infected e-mail attachment, “drive by” download from an infected website, being bundled with software, or infected peripherals.

There are different variants, says Nelson, but they have a common purpose: To give the hacker remote access to your system. “And I mean access,” says Nelson. A Trojan can:

  • Surf the Internet.
  • Download files.
  • Copy/move/delete files.
  • Remotely turn on your camera (without the light coming on).
  • Play the piano.
  • Log keystrokes.

Often, says Nelson, the Trojan will have better access to your computer than you do.

TOR: The Onion Router

TOR (Onion Router, referencing all the layers you have to peel back to find the originator) is an anonymizer using proxies. Every TOR user is a proxy for another user. So, you can have something bounce from the hacker’s computer through several countries—many with governments that don’t have any rules about (or care to help with) tracking cyber criminals. Thus, it’s virtually impossible to figure out where the virus/Trojan/worm/malware originated.

Phishing is an impersonal blast e-mail counting on the fact that a few in several thousand will believe a Nigerian prince needs help moving his money out of the country. Spearphishing uses personal information (vacation plans, promotions, company events, hobbies) that is usually easy to find on social media. Ego Spearphishing is sending out e-mails such as “You’ve been invited to participate in ‘Most Awesome Gardeners.’”


Looking to use software to ease your payroll headaches? Start on Wednesday, June 17, 2015, with a free interactive webcast from Kronos, How to End Service Bureau Fees, Reduce Costs, and Control Your Own Payroll Process. Learn More


Physical Entry Is Not Very Hard

Hackers may also gain access to your servers by physically coming onto your property. Common methods include getting a hard hat and vest from a hardware store and acting like an electrician or someone with the phone company, as well as “piggybacking” or “tailgating,” which includes blending with a group of smokers on a break and walking in when one of them scans their badge.

Not an IT Problem

Cybersecurity isn’t an IT problem. It’s an “everybody else” problem. It’s a constant battle of awareness and training and involving every employee.

Even if you have an IT department, you might not have a cybersecurity specialist. It’s like expecting a union attorney to advise on benefits. Also, the people who build your security systems shouldn’t be the people who test and review them.

Easy Access Through Vendors

Target got hacked because a small vendor (that announced its contract with Target in a press release) was breached. Hackers used the small vendor’s access to the Target system to get to the point-of-sale section that housed the data they wanted. As a result, vendors for bigger corporations will come under increasing scrutiny.

The Compliance Trap: Compliance with laws like HIPAA creates a false sense of security. Just because you can check the box on laws that relate to security in your industry, don’t assume you are secure.

Final Tip: If there is an update for your operating system, install it.

All of this hacker info may feel a little scary—but remember, software and technology isn’t just for cybercriminals, and it can greatly help your business. Take payroll, for example—technology is making it easier than ever.

Outsourcing payroll processing is perceived to be easier, cost less, more accurate, and require fewer resources (payroll and IT staff)—which is far from reality. New in-house technologies are changing the payroll game, but you may not be aware of your options. How to get there? Fortunately, there’s timely help in the form of a new webcast—How to End Service Bureau Fees, Reduce Costs, and Control Your Own Payroll Process.

In just 60 minutes, you’ll learn everything you need to know about the advent of newer cloud technologies and how they can help organizations easily manage the entire payroll process in-house, including tax filing, garnishments, check printing and more.

Register today for this free (thanks to sponsor Kronos) interactive webcast.


The right payroll system can be faster, more accurate, and easy on your bottom line. Join us for a free interactive webcast, How to End Service Bureau Fees, Reduce Costs, and Control Your Own Payroll Process. Register Now


When organizations outsource payroll they are generally only outsourcing a part of the payroll process.

Attend this webinar and find out how cloud-based technologies can minimize errors, make short work of gathering employee time and capturing it into payroll accurately, and much, more!

Register now for this webcast.

Wednesday, June 17, 2015
2:00 p.m. (Eastern)
1:00 p.m. (Central)
12:00 p.m. (Mountain)
11:00 a.m. (Pacific)

Join us on Wednesday, June 17 for the free, in-depth How to End Service Bureau Fees, Reduce Costs, and Control Your Own Payroll Process webcast.

Find out more

Leave a Reply

Your email address will not be published. Required fields are marked *