| Business

Larger text Larger text Smaller text Smaller text | Order Photo Reprints

PNC 'pummeled' during cyberattack last month, CEO says

David Malone, Leo Gerard and Jim Rohr during Forging the Future - American Ireland Fund Pittsburgh Gala at Heinz Field on Thursday, March 15, 2012. Mike Mancini Fanfare MM FF Ireland 02

Email Newsletters

Click here to sign up for one of our email newsletters.

On the Grid

From the shale fields to the cooling towers, Trib Total Media covers the energy industry in Western Pennsylvania and beyond. For the latest news and views on gas, coal, electricity and more, check out On the Grid today.

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

Thursday, Oct. 18, 2012, 11:58 a.m.

Hackers pummeled PNC Bank in a cyberattack last month that crippled access to its websites for two days, the bank's top executive said on Thursday.

CEO James Rohr gave the first detailed comments by the bank since the attack occurred three weeks ago, a description that contrasted with previous statements by spokesmen who downplayed the effect. He also echoed reports identifying Iran as the likely culprit.

“We had 38 straight hours of attacks on our systems, and we had the longest attack of all the banks. They just pummeled us,” Rohr said during an appearance on CNBC's morning “Squawk Box” program.

“What it did in our case is it dramatically slowed our processes. I have to thank Verizon, especially, and AT&T, who had to deal with all this and a number of other spots, plus our employees,” he said. “We were just barraged through every website, every portal we had. ... It was really a very difficult situation.”

Pittsburgh-based PNC Financial Services Group Inc. operates the nation's seventh largest bank, based on deposits. PNC Bank has 2,511 branches and 6,806 ATMs in Pennsylvania, Washington and 13 other states.

The bank has aggressively expanded its online banking services, saying that three out of four customers want to bank through multiple channels, including online, automated tellers and smartphones. Last year, PNC said is was adding an average 10,000 customers a week using its Virtual Wallet product that enables the use of PCs and mobile devices to do things such as check withdrawals and transfer money between accounts.

During the denial-of-service attacks on Sept. 26-27, PNC spokesmen downplayed the extent to which their sites were impacted. On Sept. 27, for example, the bank issued a statement that said: “Some PNC customers have been unable to access the Web site on the first attempt, while others have no difficulty. PNC is working to restore full access for everyone.”

No customer data or money were touched during the attacks, which are meant to overwhelm a website and prevent customers from gaining access.

Rohr was not available to comment to the Tribune-Review. He described on CNBC an escalation in traffic that is the hallmark of a denial-of-service attack.

“In January, for example, we were averaging about 250,000 pings a day. Then it went up to a billion a day ... on all of our various systems, trying to break in to our various systems. ... Coming from all over the world,” Rohr said. “Then we had this cyber-attack, I can't even tell you the size, but 58 gigabytes a second coming at us for 38 straight hours, peaking and dropping,” he said.

By comparison, a typical cable Internet modem sends data at a speed of about 25 megabytes a second, said Adam Meyers, director of intelligence for Internet security firm CrowdStrike in Irvine, Calif. At that rate, it would take more than 2,000 computers hitting PNC in coordinated fashion to generate data requests totaling 58 gigabytes a second, Meyers said.

“That's a pretty substantial amount of traffic,” he said.

Rohr said he considers cyberattacks to be among the top national security issues facing the United States.

“But if you have a cyberattack that totally disrupts our banking industry, or if you think about an attack that somehow disrupts our power grid, that could really disrupt this country,” he said. “Those are the two vulnerabilities I worry about.”

When asked about how much PNC was spending to fend off such attacks, Rohr said the bank spends “a lot more money on security than we ever did before,” and that the U.S. banking industry is spending billions of dollars on Internet security.

Many large U.S. banks, including Bank of America Corp., Wells Fargo & Co., U.S. Bancorp, JP Morgan Chase & Co., Capital One Financial Corp. and BB&T Corp. have been hit with the same type of attack as PNC in the past four weeks.

“The people, whoever it is, supposedly it's Iran, have said that they're going to just continue these attacks, and they're not going to tell you when they're coming after you,” he said.

Last week, former federal officials and cybersecurity experts said the government believes Iranian-based hackers were responsible for the attacks. Asked if he'd been told by government investigators who was behind the attack, Rohr responded: “The authorities are being very guarded.”

“If you watched the attack, it was coming from Russia, then it was coming from Egypt, then it was coming from Brazil,” he said. “It's just the way they orchestrated the sourcing. It had nothing to do with the origin.”

Alex Nixon is a staff writer for Trib Total Media. He can be reached at 412-320-7928 or

Add Alex Nixon to your Google+ circles.

Subscribe today! Click here for our subscription offers.




Show commenting policy

Most-Read Business Headlines

  1. Ambridge’s PittMoss takes off with help from TV show, Mt. Lebanon native Cuban
  2. U.S. Steel to debut oil, gas pipeline connector
  3. Israel’s Teva drops bid for Mylan, buys Allergan for $40.5B
  4. Plummeting natural gas prices slash revenue of Marcellus shale producers
  5. Alcoa among 13 firms in $140B carbon-footprint pledge
  6. Invasive beetle costs Pittsburgh-area power companies plenty
  7. Pitt to start Energy Law and Policy Institute
  8. Muni bond funds stressed
  9. Bayer sets sights beyond aspirin
  10. Federal safety regulators go into bulldog mode on how automakers handle recalls
  11. Wabtec moves to buy France-based transport company