Last Thursday, the main member-facing Patelco website was downfor around five hours, said Patelco CEO Ken Burns in an interviewTuesday.

“It appears to have been DDoS,” said Burns, referring to thetechnique of bringing a web host down by flooding it withmeaningless information and pointless requests.

As for who launched the attack, the $3.8 billion Patelco(headquartered in Pleasanton, Calif.) on Tuesday was claimed as avictim in a long list of victimized financial institutions postedto the web by the Izzad-Din al-Qassam Cyber Fighters, the group that has been behind thecurrent wave of DDoS attacks.

Patelco is the second credit union named as a victim, Also lastThursday, the $1.5 billion University Federal Credit Union in Austin, Texas, suffered anoutage that a spokesperson said lasted two and one half hours.

• ALSO READ: DDoS Attacks Get Real for Credit Unions
• ALSO READ: Texas Credit Union Hit by DDoS Attackers
• ALSO READ: How One Corporate Credit Union DefendsItself

No other credit unions are known to have been targeted in thecurrent round of attacks, which are widely believed to originatefrom Iran.

In the attack on Patelco, Burns stressed there was no compromiseof member data, that the essential impact was that members who wereattempting to go through the home page to online banking found theycould not or, in some cases, they could but it took many minutesfor the hand off.

In the aftermath of the attack, Burns said he was happy with howthe Patelco IT staff had quickly responded to the attack. But headded that Patelco had now entered into an agreement with athird-party vendor that specializes in DDoS mitigation to providethe institution and its members more security going forward.

In offering details of the attack, Burns said “it started around10 a.m. PT.” Within a few hours Patelco's IT staff hadpinpointed the servers the attackers were exploiting and ITredirected much of the incoming traffic.

But in a proof of the sophistication of the attack, theattackers quickly realized what Patelco IT had done and theymanaged to track down where the traffic had been redirected. Theyaimed their data barrage there, again crippling Patelco'sservers.

The attacks then ended around 5 p.m. PT, said Burns, who added, “We have not seen other attacks since.”

Meanwhile, the Cyber Fighters have now announced a “suspension” of DDoSattacks on U.S. financial institutions. Exactly what this means andfor how long will a suspension last is not known. The group'swebsite postings said it was suspending the attacks because YouTubehad taken down the most heavily viewed version of a video the groupsaid was insulting to Islam.

The posting said, “This is a clear indication of progress andestablishment of logic instead of obstinacy. This positive move isa humanitarian effort and in line with paying respect to divinereligions which has made billions of people love them; and it's abecoming and proper action. All of us — al-Qassam group, U.S.government, and even YouTube and Google's managers — carrying onsuch a wise action have contributed to this victory andprogress.

“The al-Qassam cyber fighters lauds this positive measure ofYouTube and on this basis suspends his operation and plans to givea time to Google and U.S. government to remove the other copies offilm as well. During the suspension of Operation Ababil, no attackto U.S. banks would take place by al-Qassam cyber fighters.”