In the early 2000s, Internet file-sharing in the form of Napster and similar services put the brakes on the music industry’s profits. But legislation and alternative purchasing methods, such as the iTunes gift card, helped alleviate some of the monetary pain felt by bands and their labels by funneling legitimate money to the legitimate creators.
Here comes more pain. Chinese hackers recently unveiled another way to hit the record industry: Buy a $200 iTunes gift card for $3
Here’s a still from the online auction site taobao.com that shows multiple iTunes gift cards for sale. As of March 13, 1 USD is equal to 6.8 CNY, which is the currency used in China. CNY is also known as RMB.
Hackers in China are selling the gift cards for mega cheap because they discovered the algorithm Apple uses to generate the card’s numbers. According to multiple accounts, the fake numbers are created by a key generator, which are also used to create serial numbers for pirated software, and then are sold on online auction sites, such as Taobao.com, the Chinese equivalent of Ebay.
Outdustry, a blog covering the Chinese music industry, verified that the counterfeit card numbers work. A blogger for the Web site went to Taobao.com, purchased a $200 iTunes gift card from a seller who was online, and redeemed the card number via instant message. The blogger also talked to the seller via online chat. The seller flat out admitted the gift card numbers were created using a key generator, and that he or she had to pay money to use the generator. The seller also said the phony card numbers went on the market about a year ago, when a $200 iTunes card sold for about $46. But the prices have dropped due to the growing number of customers and an infinite amount of numbers to generate.
Since the card numbers appear to be no different than the genuine ones sold by Apple, it’s possible that the legitimate iTunes gift card you bought Jimmy for Christmas could have the same numbers as a fake one sold in China. That means someone else could be buying Michael Bolton tracks with the money you set aside for Pantera.
For the moment, Apple remains quiet about the issue; perhaps they are waiting until they find a solution to say something publicly. One solution is to change the card-generating algorithm, but that might destroy a bunch of existing cards for people who actually paid for them.
Another solution might be to discover a different way the gift cards are being hacked. Joe Stewart, director of malware research for the security service provider SecureWorks, says the actual hack is much simpler: The gift cards are purchased with stolen credit cards and then resold on auction sites.
For an iTunes gift card to work properly, it has to be activated at the point-of-sale terminal where it is purchased. If it isn’t activated, it won’t work. So simply using a key generator to create a code won’t allow you to download any music because you’ll get an error saying it isn’t activated yet. That’s why stealing a whole rack of gift cards from the supermarket won’t yield anything because they have to be activated to work.
Because of this, Stewart argues that thieves might be using stolen credit card numbers to buy the gift cards, then turn around and sell them at a reduced price. This could be possible because credit card crooks are always looking for undetectable ways to use the stolen numbers. A good way to do that is to purchase something online and resell it at a lower price online. Doing this requires no tangible exchange of goods and almost guarantees someone will buy it. Plus, everything is anonymous, so there is less chance of getting caught by a police sting.
However, as stated above, Outdustry claims to have bought the codes and used them to purchase music. So it’s also possible the Chinese hackers were able to pierce Apple’s network or iTunes gift card database to steal activated numbers. But since Apple refuses to comment, how the numbers are being stolen remains unknown.
One thing is for sure, though: As long as Michael Bolton albums exist, people will do anything to hear his sweet voice.
See related: Buying pirated music with credit cards is potentially risky, Everything you need to know about gift cards