Forgot your password?
typodupeerror
Media (Apple) Media The Almighty Buck

iTunes Gift Card Key System Cracked, Exploited 388

Posted by kdawson
from the poisoning-the-currency dept.
moonbender writes "Fake but working iTunes gift cards are being sold on Chinese auction sites for a fraction of their value: 'The owner of the Taobao shop told us frankly that the gift card codes are created using key-generators. He also said that he paid money to use the hackers' service. Half a year ago, when they started the business, the price was around 320 RMB [about $47] for [a] $200 card, then more people went into this business and the price went all the way down to 18 RMB [about $2.60] per card, "but we make more money as the amount of customers is growing rapidly."' The people at Chinese market researcher Outdustry have apparently confirmed this by buying a coupon and transferring it into an iTunes account. Oops."
This discussion has been archived. No new comments can be posted.

iTunes Gift Card Key System Cracked, Exploited

Comments Filter:
  • BitTorrent (Score:5, Insightful)

    by MrEricSir (398214) on Tuesday March 10, 2009 @06:00PM (#27141693) Homepage

    It's still easier to use BitTorrent.

  • "but we make more money as the amount of customers is growing rapidly."

    Brilliant business model there, Taobao. I used to feel bad that Amazon's MP3 Service only worked inside the United States but now it's pretty clear: I doubt Apple will have much luck prosecuting anyone in this case whereas it would have been different had it happened on American soil.

    I'm sure the Chinese government will help protect Apple's ... hahahaha sorry, couldn't quite say that with a straight face. Seriously, we must look like ripe-for-the-picking rubes to places like China. They're sitting there with free copies of Vista, Adobe Suites and now cheap "legal" music. I guess it will forever remain a mystery to them why their nation isn't home to prosperous software & music industries while the status quo is free for the taking with no repurcussions.

  • Ouch. (Score:5, Insightful)

    by russotto (537200) on Tuesday March 10, 2009 @06:02PM (#27141737) Journal

    I'd be interested to know what algorithm was being used for the keycards. Did Apple use a weak scheme, did someone leak the secret, or (most interestingly) has someone managed to crack a good encryption algorithm.

    (Alas, I'd guess it's probably a weak scheme. As recently as two years ago I noticed a bike products retailer was actually using sequential codes for its gift cards)

  • Invalidated (Score:5, Insightful)

    by Norsefire (1494323) * on Tuesday March 10, 2009 @06:06PM (#27141769) Journal
    The other side to this is that when a legitimate customer buys a card that's code has already been found using a keygen their card won't work, I hope Apple has a refund system. The joys of security through obscurity in action.
  • Who Cares? (Score:0, Insightful)

    by Anonymous Coward on Tuesday March 10, 2009 @06:11PM (#27141883)

    You can already get basically anything you can get off Itunes from torrent files for free. You don't have to pay for a card. If you're going to pirate material, you might as well be sensible about it.

  • Re:Occam's razor (Score:5, Insightful)

    by Locke2005 (849178) on Tuesday March 10, 2009 @06:23PM (#27142011)
    They HAVE to keep a database for the cards anyway, to keep track of every code that has already been used (can't have you using the same gift card twice now, can they?) How much harder could it be to keep track of every code that has actually been sold? But even then, there is a window of opportunity: if someone can guess your code between the time it is activated and the time you use it, then they've got your gift certificate and you don't. (This really IS stealing.) My advice to anyone who gets a gift certificate would be to use it as soon as possible. Personally, I feel gift certificates are stupid anyway -- why give somebody the equivalent of cash that can only be used at one store and which becomes worthless if that store declares bankruptcy, when you could just as easily give them cash, or a money order, or a check, or any number of other instruments that could be redeemed anywhere. I once received a gift certificate in a Christmas card that was delivered accidentally to my address, and I was able to go ahead and use it. Couldn't have done that with a check or money order, could I?
  • Re:Occam's razor (Score:1, Insightful)

    by denzacar (181829) on Tuesday March 10, 2009 @06:26PM (#27142059) Journal

    Possibility 2 would in no way be profitable - they are selling $200 gift certificates for 11 yuan. About $1.61.
    200:1 money laundering scheme? I don't think so.

    On the other hand, human stupidity implied in the possibility 1 is always a plausible solution to any case involving humans.

  • by Anonymous Coward on Tuesday March 10, 2009 @06:27PM (#27142069)
    Personally, I think that will become the downfall of our county.

    Our main products that we're making here are things that can be easily recreated at no cost. Sure, we've got laws that attempt to stop it, but many places don't.

    We've shipped most of our jobs making actual products overseas. And we wonder why China is becoming so powerful? They're making physical goods, and freely recreating our virtual goods.
  • Re:Occam's razor (Score:5, Insightful)

    by Anonymous Coward on Tuesday March 10, 2009 @06:30PM (#27142107)

    I once received a gift certificate in a Christmas card that was delivered accidentally to my address, and I was able to go ahead and use it.

    You just admitted to comitting a Federal crime, son, and a Felony at that. If I were you, I'd shut the hell up and never mention your this "freebie" to anybody.

  • Re:BitTorrent (Score:5, Insightful)

    by Shakrai (717556) on Tuesday March 10, 2009 @06:31PM (#27142131) Journal

    It's still easier to use BitTorrent.

    It's probably safer too. Bittorrent is going to be a civil matter. Exploiting a hole in Apple's POS system to get free stuff probably qualifies as fraud and would bring criminal charges.

    Random thought: Reminds me of the old days when you could create credit card "numbers" that weren't actually valid but passed the checksum test and use them to create AOL accounts. Kind of surprised that Apple wouldn't know better.

  • Re:Ouch. (Score:3, Insightful)

    by cowscows (103644) on Tuesday March 10, 2009 @06:33PM (#27142169) Journal

    No kidding. The way this is explained makes it sound like if I pulled a stack of iTMS cards off the rack at walmart or whatever and walked out with them in my pocket, they'd all be valid and would work. I have a hard time believing that to be the case. There are hundreds of stores (both online and physical) that sell gift cards at other stores, I have a hard time believing that it doesn't generally work more like you describe, and I also have a hard time believing that Apple would have done it differently.

    Unless maybe the people generating the card numbers has found a way to falsely activate them? Although if that were the case, I'd imagine that'd be a much easier fix.

  • What's the point? (Score:4, Insightful)

    by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Tuesday March 10, 2009 @06:39PM (#27142229) Homepage

    If they're going to pirate, why do they bother paying $2 to a crook to get music with DRM which they could get for free from BitTorrent? The only advantage iTunes has over piracy is that it is legal - so what's the point of ripping them off with a fake gift card?

    Even ethically, that way they'd at least not be supporting the criminal industry like the RIAA is (in this case accurately) claiming.

  • Why prosecute? If you can identify the illegitimate cards, you can revoke the license to all the downloaded music. Isn't this what DRM is for?
  • Re:Heh (Score:4, Insightful)

    by Henriok (6762) on Tuesday March 10, 2009 @06:50PM (#27142367)
    Apple would probably still make money since you a) bought an iPhone and b) solidified Apple's hold on music distribution online. Apple probably just laughed all the way to the bank, the same way Microsoft, Adobe and Autodesk are laughing all the way to the bank when their software gets distributed mer or less for free in thesemarkets. Some markets are unreachable with western prices, so if you still want to be present on them, adjust your price. Close to free, is good enough.
  • DRM free itunes. (Score:2, Insightful)

    by Capt.DrumkenBum (1173011) on Tuesday March 10, 2009 @07:02PM (#27142481)
    I believe itunes is DRM free as of Jan 6/09
    http://apple.slashdot.org/article.pl?sid=09/01/06/1840225 [slashdot.org]
  • Re:hmmm (Score:0, Insightful)

    by Anonymous Coward on Tuesday March 10, 2009 @07:33PM (#27142849)

    because apple servers are made to look pretty, not do calculation or real work

  • Re:BitTorrent (Score:4, Insightful)

    by Colonel Korn (1258968) on Tuesday March 10, 2009 @07:36PM (#27142865)

    And torrents tend to be of much higher quality than iTunes tracks.

  • Re:Occam's razor (Score:3, Insightful)

    by Lehk228 (705449) on Tuesday March 10, 2009 @07:54PM (#27143071) Journal
    200:1 when it's not your 200 is plenty profitable
  • Too wordy (Score:2, Insightful)

    by Anonymous Coward on Tuesday March 10, 2009 @08:03PM (#27143179)

    "Fake but working iTunes gift cards

    Yes, we have a word for that. The word is counterfeit.

    I'll use it in a sentence for you:

    "The RIAA attempts to convince the public that downloading music is the same as counterfeiting CD's."

  • Re:Occam's razor (Score:5, Insightful)

    by porcupine8 (816071) on Tuesday March 10, 2009 @08:19PM (#27143383) Journal
    why give somebody the equivalent of cash that can only be used at one store and which becomes worthless if that store declares bankruptcy, when you could just as easily give them cash, or a money order, or a check, or any number of other instruments that could be redeemed anywhere.

    Maybe because they'd prefer to get a gift card? When I get cash, I feel like I need to put it in savings, use it responsibly, etc etc. A gift card to a restaurant or store I like to buy fun stuff in is permission to have fun with it. If you're giving them a gift with the intention of them having fun, a gift card says that clearly. Of course, not everyone feels the same way I do, but part of the point of giving one gift over another is knowing which one the receiver would like most to receive, rather than just which one you'd rather give...
  • Well, given that he _was_ Mark Freaking Twain, he got to choose where he was born!

  • Re:Occam's razor (Score:3, Insightful)

    by WhatAmIDoingHere (742870) <sexwithanimals@gmail.com> on Tuesday March 10, 2009 @08:29PM (#27143495) Homepage
    You write "return to sender" on it and send it back out the next day.
  • Re:Heh (Score:4, Insightful)

    by torkus (1133985) on Tuesday March 10, 2009 @08:55PM (#27143801)

    Actually the hacked gift cards aren't close to free, they're negative income for Apple.

    Apple still pays a share of the purchase price of each song to the record companies regardless of the payment method. Since they're not getting the income side with hacked gift cards, it's a net loss.

    Furthermore, Apple (or the retailer, perhaps) takes an additional loss if a legitimate purchase winds up with the same card number and the user complains. I know I sure would.

    This is a HUGE problem, I'm not sure what reasonable solution they're going to come up with. Knowing Apple they'll just beat up their fanbase a little more and cancel all the GC's or something. Ok, flamebait a bit but...i could see them doing that and just hoping their market domination in MP3 sales overcomes the bad juju.

  • by Anonymous Coward on Tuesday March 10, 2009 @08:57PM (#27143831)

    How do you know the cards work? Has anyone bought one?

    What if the whole thing is a scam whereby you send your couple of dollars over only to find out the cards really are fake. What will you do? Tell the police you got ripped off trying to buy a $200 card for a couple of dollars?

    If there's enough idiots out there buying into this scam it could generate a tidy sum.

  • Re:BitTorrent (Score:3, Insightful)

    by omeomi (675045) on Tuesday March 10, 2009 @09:26PM (#27144167) Homepage
    Why do you think Apple users don't use virus scanners or real firewalls?

    Because, for the most part, nobody is really writing viruses for OSX, so protecting against them is largely a waste of time? Then again, if you don't download shady software on Windows, you're not going to have a problem with viruses, either...
  • Re:Ouch. (Score:2, Insightful)

    by TheSpoom (715771) * <slashdot@@@uberm00...net> on Tuesday March 10, 2009 @09:28PM (#27144185) Homepage Journal

    If Apple used sequential keys for gift cards, they deserve what just happened. That's pure incompetence.

  • by WillyDavidK (977353) on Tuesday March 10, 2009 @10:48PM (#27144919)
    No, there is no currency exchange going on, the 'gift card' tells iTunes to exempt you from paying for the tracks as you have already presumably payed apple for the gift card. Apple is still paying the artist 70% of the cost of the music being downloaded, and they are paying in real currency.
  • Re:BitTorrent (Score:5, Insightful)

    by bkgood (986474) on Tuesday March 10, 2009 @11:16PM (#27145181)

    companies like Apple who take massive amounts of GPL code to build their empires and give NOTHING in return.

    ... except the huge advances Apple has given KHTML in the form of WebKit.

  • Re:Occam's razor (Score:2, Insightful)

    by Anonymous Coward on Tuesday March 10, 2009 @11:38PM (#27145411)

    When I get cash, I feel like I need to put it in savings

    Too bad the other 99% of the country doesn't think that.

  • Re:BitTorrent (Score:4, Insightful)

    by bitrex (859228) on Wednesday March 11, 2009 @01:35AM (#27146351)
    It took the Chinese only about 3 decades to become what U.S. government and corporations have been having wet dreams about for nearly a century - that is a largely autocratic and oligarchic corporate system that can count on socialist support from the federal government when it needs it, which is all the time. In the meantime the economists or the People's Worker's Party or whomever will dispense the priestly blessings of the socialist revolution or laissez-faire capitalism or whatever is in vogue at the time to the citizens, leaving the government and corporate entities to pursue the obvious and efficient solution for economic and national power. Capitalism vs. communism with regard to China is a false dichotomy. The US is probably on the way to whatever China is now, it's just taken us a lot longer to get there because we've had to spend an enormous amount of effort at keeping up the illusion of a representative democracy, while China has been autocratic pretty much all along.
  • by mgblst (80109) on Wednesday March 11, 2009 @01:43AM (#27146389) Homepage

    Except that I am sure Apple has to hand over a certain amount of money to the record labels. So a $200 card, they may have to hand over $180, and they get nothing from the consumer.

    So actually something is being stolen, from Apple to the Music companies. They don't miss out, they would be loving this. All of a sudden, they are getting millions from Apple due to China.

  • Re:BitTorrent (Score:5, Insightful)

    by jcr (53032) <.jcr. .at. .mac.com.> on Wednesday March 11, 2009 @06:32AM (#27148011) Journal

    ...and all the ZeroConf code, the IOKit, LaunchD, all the Firewire library code from Zayante, CoreFoundation, the GCC Objective-C implementation, a lot of additions to SQLite, not to mention all the work they're doing on LLVM (which will finally end the dark ages of GCC).

    -jcr

  • Re:BitTorrent (Score:3, Insightful)

    by omeomi (675045) on Wednesday March 11, 2009 @11:36AM (#27151259) Homepage
    The old 'viruses only target popular platforms' meme relies on the assumption that every platform is exactly secure as every other platform, and that is provably false.

    Actually, I didn't say anything about viruses only targeting popular platforms. I said "for the most part, nobody is really writing viruses for OSX", which is true. There are far more viruses being written for Windows. I didn't attempt to explain the reason for that, though. It could be that Windows s more popular, or it could be, as you suggest, that OSX is more secure, and thus virus writers gravitate to the less secure platform. I don't know (or care). I would have to think that it's a mixture of the two, to be honest. There's more software in general for more popular platforms, so it's no huge surprise that there would also be more viruses.

Money will say more in one moment than the most eloquent lover can in years.

Working...