Slashdot Mirror

← Back to Stories (view on slashdot.org)

iTunes Gift Card Key System Cracked, Exploited

Posted by kdawson on from the poisoning-the-currency dept.

moonbender writes "Fake but working iTunes gift cards are being sold on Chinese auction sites for a fraction of their value: 'The owner of the Taobao shop told us frankly that the gift card codes are created using key-generators. He also said that he paid money to use the hackers' service. Half a year ago, when they started the business, the price was around 320 RMB [about $47] for [a] $200 card, then more people went into this business and the price went all the way down to 18 RMB [about $2.60] per card, "but we make more money as the amount of customers is growing rapidly."' The people at Chinese market researcher Outdustry have apparently confirmed this by buying a coupon and transferring it into an iTunes account. Oops."

17 of 388 comments (clear)

  1. BitTorrent by MrEricSir · · Score: 5, Insightful

    It's still easier to use BitTorrent.

    --
    There's no -1 for "I don't get it."
    1. Re:BitTorrent by aliquis · · Score: 5, Funny

      No, even more is on bittorrent and the like ...

    2. Re:BitTorrent by Shakrai · · Score: 5, Insightful

      It's still easier to use BitTorrent.

      It's probably safer too. Bittorrent is going to be a civil matter. Exploiting a hole in Apple's POS system to get free stuff probably qualifies as fraud and would bring criminal charges.

      Random thought: Reminds me of the old days when you could create credit card "numbers" that weren't actually valid but passed the checksum test and use them to create AOL accounts. Kind of surprised that Apple wouldn't know better.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:BitTorrent by bkgood · · Score: 5, Insightful

      companies like Apple who take massive amounts of GPL code to build their empires and give NOTHING in return.

      ... except the huge advances Apple has given KHTML in the form of WebKit.

  2. And You Wonder Why Amazon MP3 Only Works in the US by eldavojohn · · Score: 5, Insightful

    "but we make more money as the amount of customers is growing rapidly."

    Brilliant business model there, Taobao. I used to feel bad that Amazon's MP3 Service only worked inside the United States but now it's pretty clear: I doubt Apple will have much luck prosecuting anyone in this case whereas it would have been different had it happened on American soil.

    I'm sure the Chinese government will help protect Apple's ... hahahaha sorry, couldn't quite say that with a straight face. Seriously, we must look like ripe-for-the-picking rubes to places like China. They're sitting there with free copies of Vista, Adobe Suites and now cheap "legal" music. I guess it will forever remain a mystery to them why their nation isn't home to prosperous software & music industries while the status quo is free for the taking with no repurcussions.

    --
    My work here is dung.
  3. Occam's razor by YesIAmAScript · · Score: 5, Interesting

    Possibility 1:
    Apple doesn't use a database for cards, they use a hash even though that would be stupid.
    That hash and algorithm for arranging the data before the hash was cracked even though all the verification is done on the server and thus there is no code out there to reverse-engineer.
    Someone is generating and selling cards using that hash.

    Possibility 2:
    Someone is simply buying the largest email iTMS gift certificate allowed (I checked) with fake or stolen credit card numbers.

    Possibility 1 is possible but unlikely.
    Possibility 2 is very common, very easy and very likely.

    Occam's Razor says people likely people are jumping to an unwarranted conclusion here.

    --
    http://lkml.org/lkml/2005/8/20/95
    1. Re:Occam's razor by Anonymous Coward · · Score: 5, Insightful

      I once received a gift certificate in a Christmas card that was delivered accidentally to my address, and I was able to go ahead and use it.

      You just admitted to comitting a Federal crime, son, and a Felony at that. If I were you, I'd shut the hell up and never mention your this "freebie" to anybody.

    2. Re:Occam's razor by plover · · Score: 5, Informative

      Well, I personally know that InComm is an authorizer to companies that sell iTunes cards at retail, and that unactivated cards have no value. No algorithm is used for those cards, other than the non-sequential generator (to prevent my_card_number+1 fraud.)

      But I also know that TFA claims that an algorithm is broken allowing for virtually unlimited generation of cards.

      So either TFA is either wrong or deliberately lying (improbable, but not impossible) or both the algorithm and on-line methods are being used by iTunes (neither particularly odd nor improbable.)

      It's not an XOR situation.

      --
      John
    3. Re:Occam's razor by schmiddy · · Score: 5, Funny

      You just admitted to comitting a Federal crime, son, and a Felony at that.

      Mail fraud? Pssh. That's small potatoes. Back in my wilder days, I once kept the NYPD busy with various bomb threats, including a real bomb set off in a subway station near the NY Fed.

      While the police were on a wild goose chase, my team of vaguely Germanic-sounding villains drove a dozen stolen dump trucks into the basement of the bullion repository in the basement of the Federal Reserve, loaded them up, and drove away with over $100 Billion worth of gold. How's that for admitting a felony online?

      --
      http://cltracker.net -- powerful craigslist multi-city search
  4. Invalidated by Norsefire · · Score: 5, Insightful

    The other side to this is that when a legitimate customer buys a card that's code has already been found using a keygen their card won't work, I hope Apple has a refund system. The joys of security through obscurity in action.

  5. Heh by Jon.Laslow · · Score: 5, Funny

    No, kicking Apple in the nuts would be buying a fake iTunes card using MyFox on a jailbroken, unlocked iPhone 3G using a different carrier than the one the phone was sold from/for.

    1. Re:Heh by Em+Emalb · · Score: 5, Funny

      Nah, that would be feeding them to pigs after cutting them up with a chainsaw after paper cutting them to death after making them watch Mike Tyson eat their children. :-D

      --
      Sent from your iPad.
    2. Re:Heh by Mordok-DestroyerOfWo · · Score: 5, Funny

      I can't find the +1 "Dear Lord please don't let me have nightmares about that tonight!" mod.

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
  6. Re:And You Wonder Why Amazon MP3 Only Works in the by Anonymous Coward · · Score: 5, Insightful

    Personally, I think that will become the downfall of our county.

    Our main products that we're making here are things that can be easily recreated at no cost. Sure, we've got laws that attempt to stop it, but many places don't.

    We've shipped most of our jobs making actual products overseas. And we wonder why China is becoming so powerful? They're making physical goods, and freely recreating our virtual goods.

  7. Re:And You Wonder Why Amazon MP3 Only Works in the by tacarat · · Score: 5, Informative

    You can't identify the illegitimate cards. Each individual card isn't kept track of. The bar code on each of them is more like the answer to a math problem. If you know how to solve the problem, you get in, no questions asked. The only thing they can do is change the math problem and eventually get rid of the old one as a valid question to answer.

    --
    "Common sense will be the death of us all"
  8. Re:And You Wonder Why Amazon MP3 Only Works in the by porges · · Score: 5, Interesting

    Gilbert and Sullivan had a big problem with this; people would come to their London openings, write down as much of the words and music as they could, take the boat to America, and put on knock-off productions. For this reason, The Pirates (!) of Penzance premiered in New York, not London.

  9. Re:And You Wonder Why Amazon MP3 Only Works in the by guydmann · · Score: 5, Interesting

    I agree that would be funny. But the real comedy here is that nothing is actually being stolen here. What is really happening is that a new unit of currency is being counterfeited. But that currency is backed by value in digital media, which in and of itself is ephemeral and can be obtained by other means for free. What a bizarre situation.