ShareThis Page

PNC 'pummeled' during cyberattack last month, CEO says

| Thursday, Oct. 18, 2012, 11:58 a.m.

Hackers pummeled PNC Bank in a cyberattack last month that crippled access to its websites for two days, the bank's top executive said on Thursday.

CEO James Rohr gave the first detailed comments by the bank since the attack occurred three weeks ago, a description that contrasted with previous statements by spokesmen who downplayed the effect. He also echoed reports identifying Iran as the likely culprit.

“We had 38 straight hours of attacks on our systems, and we had the longest attack of all the banks. They just pummeled us,” Rohr said during an appearance on CNBC's morning “Squawk Box” program.

“What it did in our case is it dramatically slowed our processes. I have to thank Verizon, especially, and AT&T, who had to deal with all this and a number of other spots, plus our employees,” he said. “We were just barraged through every website, every portal we had. ... It was really a very difficult situation.”

Pittsburgh-based PNC Financial Services Group Inc. operates the nation's seventh largest bank, based on deposits. PNC Bank has 2,511 branches and 6,806 ATMs in Pennsylvania, Washington and 13 other states.

The bank has aggressively expanded its online banking services, saying that three out of four customers want to bank through multiple channels, including online, automated tellers and smartphones. Last year, PNC said is was adding an average 10,000 customers a week using its Virtual Wallet product that enables the use of PCs and mobile devices to do things such as check withdrawals and transfer money between accounts.

During the denial-of-service attacks on Sept. 26-27, PNC spokesmen downplayed the extent to which their sites were impacted. On Sept. 27, for example, the bank issued a statement that said: “Some PNC customers have been unable to access the Web site on the first attempt, while others have no difficulty. PNC is working to restore full access for everyone.”

No customer data or money were touched during the attacks, which are meant to overwhelm a website and prevent customers from gaining access.

Rohr was not available to comment to the Tribune-Review. He described on CNBC an escalation in traffic that is the hallmark of a denial-of-service attack.

“In January, for example, we were averaging about 250,000 pings a day. Then it went up to a billion a day ... on all of our various systems, trying to break in to our various systems. ... Coming from all over the world,” Rohr said. “Then we had this cyber-attack, I can't even tell you the size, but 58 gigabytes a second coming at us for 38 straight hours, peaking and dropping,” he said.

By comparison, a typical cable Internet modem sends data at a speed of about 25 megabytes a second, said Adam Meyers, director of intelligence for Internet security firm CrowdStrike in Irvine, Calif. At that rate, it would take more than 2,000 computers hitting PNC in coordinated fashion to generate data requests totaling 58 gigabytes a second, Meyers said.

“That's a pretty substantial amount of traffic,” he said.

Rohr said he considers cyberattacks to be among the top national security issues facing the United States.

“But if you have a cyberattack that totally disrupts our banking industry, or if you think about an attack that somehow disrupts our power grid, that could really disrupt this country,” he said. “Those are the two vulnerabilities I worry about.”

When asked about how much PNC was spending to fend off such attacks, Rohr said the bank spends “a lot more money on security than we ever did before,” and that the U.S. banking industry is spending billions of dollars on Internet security.

Many large U.S. banks, including Bank of America Corp., Wells Fargo & Co., U.S. Bancorp, JP Morgan Chase & Co., Capital One Financial Corp. and BB&T Corp. have been hit with the same type of attack as PNC in the past four weeks.

“The people, whoever it is, supposedly it's Iran, have said that they're going to just continue these attacks, and they're not going to tell you when they're coming after you,” he said.

Last week, former federal officials and cybersecurity experts said the government believes Iranian-based hackers were responsible for the attacks. Asked if he'd been told by government investigators who was behind the attack, Rohr responded: “The authorities are being very guarded.”

“If you watched the attack, it was coming from Russia, then it was coming from Egypt, then it was coming from Brazil,” he said. “It's just the way they orchestrated the sourcing. It had nothing to do with the origin.”

Alex Nixon is a staff writer for Trib Total Media. He can be reached at 412-320-7928 or

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.