It's still easier to use BitTorrent.

Brilliant business model there, Taobao. I used to feel bad that Amazon's MP3 Service only worked inside the United States but now it's pretty clear: I doubt Apple will have much luck prosecuting anyone in this case whereas it would have been different had it happened on American soil.

I'm sure the Chinese government will help protect Apple's ... hahahaha sorry, couldn't quite say that with a straight face. Seriously, we must look like ripe-for-the-picking rubes to places like China. They're sitting there with free copies of Vista, Adobe Suites and now cheap "legal" music. I guess it will forever remain a mystery to them why their nation isn't home to prosperous software & music industries while the status quo is free for the taking with no repurcussions.

I'd be interested to know what algorithm was being used for the keycards. Did Apple use a weak scheme, did someone leak the secret, or (most interestingly) has someone managed to crack a good encryption algorithm.

(Alas, I'd guess it's probably a weak scheme. As recently as two years ago I noticed a bike products retailer was actually using sequential codes for its gift cards)

You can already get basically anything you can get off Itunes from torrent files for free. You don't have to pay for a card. If you're going to pirate material, you might as well be sensible about it.

Possibility 2 would in no way be profitable - they are selling $200 gift certificates for 11 yuan. About $1.61.
200:1 money laundering scheme? I don't think so.

On the other hand, human stupidity implied in the possibility 1 is always a plausible solution to any case involving humans.

You just admitted to comitting a Federal crime, son, and a Felony at that. If I were you, I'd shut the hell up and never mention your this "freebie" to anybody.

It's probably safer too. Bittorrent is going to be a civil matter. Exploiting a hole in Apple's POS system to get free stuff probably qualifies as fraud and would bring criminal charges.

Random thought: Reminds me of the old days when you could create credit card "numbers" that weren't actually valid but passed the checksum test and use them to create AOL accounts. Kind of surprised that Apple wouldn't know better.

No kidding. The way this is explained makes it sound like if I pulled a stack of iTMS cards off the rack at walmart or whatever and walked out with them in my pocket, they'd all be valid and would work. I have a hard time believing that to be the case. There are hundreds of stores (both online and physical) that sell gift cards at other stores, I have a hard time believing that it doesn't generally work more like you describe, and I also have a hard time believing that Apple would have done it differently.

Unless maybe the people generating the card numbers has found a way to falsely activate them? Although if that were the case, I'd imagine that'd be a much easier fix.

If they're going to pirate, why do they bother paying $2 to a crook to get music with DRM which they could get for free from BitTorrent? The only advantage iTunes has over piracy is that it is legal - so what's the point of ripping them off with a fake gift card?

Even ethically, that way they'd at least not be supporting the criminal industry like the RIAA is (in this case accurately) claiming.

because apple servers are made to look pretty, not do calculation or real work

And torrents tend to be of much higher quality than iTunes tracks.

Yes, we have a word for that. The word is counterfeit.

I'll use it in a sentence for you:

"The RIAA attempts to convince the public that downloading music is the same as counterfeiting CD's."

Well, given that he _was_ Mark Freaking Twain, he got to choose where he was born!

Actually the hacked gift cards aren't close to free, they're negative income for Apple.

Apple still pays a share of the purchase price of each song to the record companies regardless of the payment method. Since they're not getting the income side with hacked gift cards, it's a net loss.

Furthermore, Apple (or the retailer, perhaps) takes an additional loss if a legitimate purchase winds up with the same card number and the user complains. I know I sure would.

This is a HUGE problem, I'm not sure what reasonable solution they're going to come up with. Knowing Apple they'll just beat up their fanbase a little more and cancel all the GC's or something. Ok, flamebait a bit but...i could see them doing that and just hoping their market domination in MP3 sales overcomes the bad juju.

How do you know the cards work? Has anyone bought one?

What if the whole thing is a scam whereby you send your couple of dollars over only to find out the cards really are fake. What will you do? Tell the police you got ripped off trying to buy a $200 card for a couple of dollars?

If there's enough idiots out there buying into this scam it could generate a tidy sum.

If Apple used sequential keys for gift cards, they deserve what just happened. That's pure incompetence.

... except the huge advances Apple has given KHTML in the form of WebKit.

Too bad the other 99% of the country doesn't think that.

Except that I am sure Apple has to hand over a certain amount of money to the record labels. So a $200 card, they may have to hand over $180, and they get nothing from the consumer.

So actually something is being stolen, from Apple to the Music companies. They don't miss out, they would be loving this. All of a sudden, they are getting millions from Apple due to China.

...and all the ZeroConf code, the IOKit, LaunchD, all the Firewire library code from Zayante, CoreFoundation, the GCC Objective-C implementation, a lot of additions to SQLite, not to mention all the work they're doing on LLVM (which will finally end the dark ages of GCC).

-jcr