Slashdot Mirror
iTunes Gift Card Key System Cracked, Exploited
moonbender writes "Fake but working iTunes gift cards are being sold on Chinese auction sites for a fraction of their value: 'The owner of the Taobao shop told us frankly that the gift card codes are created using key-generators. He also said that he paid money to use the hackers' service. Half a year ago, when they started the business, the price was around 320 RMB [about $47] for [a] $200 card, then more people went into this business and the price went all the way down to 18 RMB [about $2.60] per card, "but we make more money as the amount of customers is growing rapidly."' The people at Chinese market researcher Outdustry have apparently confirmed this by buying a coupon and transferring it into an iTunes account. Oops."
I actually didn't think this would be possible.
In Australia, when you buy mobile phone recharge (extra credit to make calls), you buy a coupon which is only activated after its brought from an authorized dealer. Once the code is used, that code is useless.
It does mean that each retailer has to have some connectivity to base office, but it stomps out generating new keys as much as you want.
>but it stomps out generating new keys as much as you want.
Sort of. As the previous poster was alluding to, if the card numbers are generated sequentially and stored on the card, all you need to do is know your number, add about 100, put that number on your card, and wait for it to be activated so you can use it. You don't have to access the main server: you just wait for your number to show up.
There was a neato scam running a while back where people would steal piles of seemingly useless blank gift cards, record the number off the card into a database, put them back in stores, wait a month, then try and use the number. If the card had been activated but not used (a gift card sitting in a present or a wallet somewhere) they bought what they could as fast as they could.
I assume companies now sell entirely blank cards, that are programmed at time of sale, rather than pre-enumerated cards merely being scanned for activation.
Nostalgia's not what it used to be.
Well, I personally know that InComm is an authorizer to companies that sell iTunes cards at retail, and that unactivated cards have no value. No algorithm is used for those cards, other than the non-sequential generator (to prevent my_card_number+1 fraud.)
But I also know that TFA claims that an algorithm is broken allowing for virtually unlimited generation of cards.
So either TFA is either wrong or deliberately lying (improbable, but not impossible) or both the algorithm and on-line methods are being used by iTunes (neither particularly odd nor improbable.)
It's not an XOR situation.
John
When it comes to international copyright it is no surprise to me that across borders people are far less inclined to respect copyright laws of another country.
It reminds me of something that I read once that stated that back in the 19th century before the US had established it's own home-grown authors and publishing industry, it was common place for Americans to simply copy and republish without consent the work of European authors and publishers. That was of course despite the constant complaints of European publishers and governments.
Of course eventually the US publishers had grown to a position where they themselves realized that they needed copyright in order to continue growing with the now booming local literature scene, hence the "true" birth of enforced US copyright.
(History repeating itself. Hmm, now how often does *that* ever happen - sarcasm)
Unfortunately I have no original sources to this 'tale', I would appreciate if anyone can either confirm or deny this with some evidence, as it is such a compelling story I would like to believe that it is true!
You can't identify the illegitimate cards. Each individual card isn't kept track of. The bar code on each of them is more like the answer to a math problem. If you know how to solve the problem, you get in, no questions asked. The only thing they can do is change the math problem and eventually get rid of the old one as a valid question to answer.
"Common sense will be the death of us all"
Isabella Bird, in her book The Englishwoman in America (1856) mention this copying causally, as something everyone knows.
If the Chinese government doesn't start some kind of law enforcement, China is going to be a giant Black Hole. Blacklisting IP blocks from Chinese ISPs is the best thing I've ever done in terms of spam and malware control.
They work right off the truck. No activation.
Support my political activism on Patreon.
It is a federal crime to open mail shipped through the United states postal service that has not been delivered to the addressee.
http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001702----000-.html
when the mail man messes up they don't open it (and there are exemptions somewhere to allow them to open it when required). If you receive something not meant for you then you should give it back to the post office, don't open it.
This comment is not just funny, it is silly and obviously from someone who knows nothing about China.
For one, the Chinese themselves come up with a lot of IP. This ranges from music productions to technical innovations (yes also that, believe it or not). And yes they are copied big time, even though the Chinese government does try to enforce the protection of this IP. And yes it does so much more vigilantly than the protection of foreign IP. Mind that many US and other overseas patents are not valid in China in the first place, patents after all are limited to the countries/areas where they have been applied for and issued.
If someone comes with a new product in China and has some success, everyone will jump on the bandwagon and make it as well. Even if there is no protected IP involved. If someone starts making plastic coffee cups for example, and makes a good buck out of it, dozens of other factories will spring up and do the same. They all copy one another.
If you come up with some innovation in China and you really want to keep it for yourself you will have to keep it a secret. Don't tell anyone how you do it. This is why many Chinese are very reluctant to show you their production lines, and often you won't get access there at all. Taking photos of machines is also something that many Chinese really don't like. At trade shows many booths also have a no-photo-taking policy because otherwise within a few days they will find their newly designed jewellery at half the price all over the place. At their neighbour's booth for example (not joking).
IP in China is as if there is effectively no IP. Everyone copies from everyone with impunity. There is little enforcement, and what enforcement takes place is largely showing off to the outside world, staged media events making it look like something is being done. China can as such be used as case study for what happens if IP would be abolished. And it is overall not a pretty picture.
Apple has yet to open EVEN ONE LINE of the OS X source
This turns out not to be the case.
See here.
Got any more uninformed bitching to do?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I don't know how it works in the US but certainly in the UK iTunes gift cards are activated at the checkout to prevent shoplifting.