ShareThis Page

Hacking group says it has suspended cyberattacks on banks

| Tuesday, Jan. 29, 2013, 10:38 a.m.

A computer hacking group that crippled access to more than two dozen banking websites for four months claimed a victory on Tuesday when an anti-Muslim video was removed from YouTube.

But the al-Qassam Cyber Fighters group, which many Internet experts and government officials believe is a front for the Iranian government, likely would have given up its battle because many financial institutions, including Downtown-based PNC Bank, improved their defenses, said Dave Aitel, CEO of Immunity Inc., a Miami Internet security firm.

“The bigger banks are just going to put money on it, and the problem will go away,” Aitel said. “The question the Iranians are asking themselves is: ‘Can this kind of disruption make a difference?' ”

The Cyber Fighters began the distributed denial-of-service attacks in September, claiming in statements posted to an Internet message board that the assault would continue until a YouTube video mocking the Islamic Prophet Muhammad came down.

A link to the YouTube video, which the group said had received 17.1 million views, said that it was “removed by the user.”

“The al-Qassam cyber fighters lauds this positive measure of YouTube and on this basis suspends his operation and plans to give a time to Google and U.S. government to remove the other copies of film as well,” the group said on the message board, “During the suspension of Operation Ababil, no attack to banks would take place by al-Qassam cyber fighters.”

Neither YouTube officials nor Google Inc., which owns the video-sharing website, could be reached for comment.

Distributed denial-of-service attacks flood a website with traffic, which overwhelms the site and makes it inaccessible to legitimate users.

Since September, the assault hit more than two dozen banks, including PNC Bank , Citizens Bank , Fifth Third Bank and Huntington Bank in the Pittsburgh region.

Initially the attacks focused on many of the largest U.S. banks, such as Bank of America, Citibank, Wells Fargo, J.P. Morgan Chase, PNC, U.S. Bancorp, HSBC, Capital One and Ally Financial.

PNC's website became inaccessible for two consecutive days in September in the first round of attacks. CEO James Rohr told CNBC during an October interview that the attackers “pummeled” PNC. A second round of attacks started in early December and caused intermittent outages over several weeks at PNC.

In recent weeks, even as the Cyber Fighters claimed to continue attacks on PNC and other banks, website problems became less frequent.

PNC spokeswoman Marcey Zwiebel said PNC's website was functioning normally but declined to comment further.

As problems on national bank websites tapered, the Cyber Fighters started attacks on regional banks, such as Huntington Bank, Zions Bank, Regions Financial, Fifth Third, UMB Bank and Citizens Bank.

Citizens notified customers by email last week that it was experiencing problems.

“Our website has experienced temporary disruptions due to an unusually high volume of Internet traffic, similar to disruptions that recently have impacted other U.S. banks,” Citizens' said in an email on Friday. “This excessive traffic, commonly known as a distributed denial-of-service, prevents our customers from accessing our online and mobile banking services.”

Citizens spokeswoman Sylvia Bronner declined to comment.

Several banks, including PNC, had asked the government to intervene to stop the attacks, the Wall Street Journal reported. The Iranian government denied involvement in the attacks.

Aitel, the Internet security expert, said the attackers likely faced a dilemma: Keep starting fruitless attacks on large banks, which are spending about $1 million a month on more server capacity and other technology to successfully defend against them, or target smaller banks with fewer customers to inconvenience.

“That question got answered one way or another,” he said.

Alex Nixon is a staff writer for Trib Total Media. He can be reached at 412-320-7928 or

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.