Interesting... A few of the words in this story seem a little bit contradictory to me. "random number generator" and "sophisticated scam" just don't seem to belong together in a sentence, but it's the last phrase there that really makes me wonder. What sort of insanely poor security practice would allow an attacker to break into an account without knowing an account holder's name or address but only generating random numbers. This almost reminds me of the applications that were being circulated in the late 90's to generate fake credit card numbers. This was an insecurity in the processing systems (as these numbers were not validated in real-time) rather than the card number but it still was a simple "hack".
UNDERWORLD fraudsters are using random number generators to tap into the bank accounts of Irish customers.
For the first time ever account holders have been left almost powerless to protect their bank accounts from conmen.
The Irish Sunday Mirror has spoken to a number of people whose accounts have been hacked by the criminals using the sophisticated scam.
The gangs generate the numbers of accounts using random trawling techniques and then attempt to buy goods online without having to use the cardholder's name or address.
I simply can't seem to make myself understand how I could break into an Irish bank customer's account (or buy something on his/her behalf) just by using a random number generator.
Without much more to go on I investigated the Bank of Ireland's security model and found this nugget.
The bank is protected by a firewall, which forms a barrier between the outside Internet and the internal bank networkA firewall? Well hamburgers, that solves all my security problems!
So - if anyone from Ireland has any idea how generating random numbers equates to bank fraud... please shed some light?