As if creating knock-offs of handbags, sunglasses, shoes and clothing isn’t enough, Chinese hackers have now created a brand new industry: fake iTunes gift card sales.
By cracking the algorithm which Apple uses for the generation of its voucher codes and then selling the codes online, hackers have been able to scam iTunes out of songs, applications and money.
Now, a plethora of the codes are appearing on the web, which can be redeemed for the purchase of movies, TV shows, games and applications at the iTunes Store in the USA.
The iTunes gift cards can be purchased online for prices as low as $2.60, and users are reporting that the codes are accepted by Apple and work fine.
Above: Apple doesn't actually sell a $3,000 gift card, but you can still buy one online at a fraction of the value.
Rather than paying for the code with a reasonably reputable payment service such as Paypal, you’ll instead likely be directed to AliPay, its Chinese distant cousin.
This new method of cybercrime is gigantic, and is much like the sale of bulk credit card numbers, software serial codes, and other illegal items being offered for sale.
There are many sites currently offering the fake iTunes cards, and though none of them physically sell the card you would see if you purchased it from Apple.com, or from an Apple store, customers do receive a code which will allow you $200 worth of iTunes credit. Apple only sells their gift cards from $15 to $50.
When a customer purchases a fake iTunes card from one of the virtual storefronts the seller sends out a voucher code, just like one which would be printed on a real card. Once the code is redeemed at iTunes the customers account is credited the amount due.
The owner of, Taobao, a Chinese shop which sells the cards spoke candidly with Outdustry, explaining that the gift cards are developed by using key-generators. He also stated that he had to pay for the use of the hackers’ service like any other industry.
The key-generator hackers are based in China, according to the shop owner. His business was opened about six month ago, at that time prices were at 320RBM ($45 USD) for a card with 200 USD ($2.60 USD) worth of iTunes credit, however, as more individuals got into the industry the price significantly declined. Currently it is at 18 RMB for a card. The shop owner claims that he still makes money because he now has more customers.
Unfortunately this is a huge financial burden for Apple to bear, losing up to $200 worth of product each time a stolen gift card code is utilised.
Some pundits are suggesting that there
is no crack and that the Chinese 'hackers' are simply using stolen
credit cards to buy and resell the vouchers. This could be true (and it
certainly does go on), but it may also be the case that Apple uses an
algorithm to generate the codes rather than using an actual database of
real codes because not all retailers have live network links to
Apple servers in order to sell the vouchers.
Many point of sale systems at major retailers with hundreds of stores
are based on very old mainframe systems, which do periodical batched
data transfer to head office. Modifying the POS system architecture to
interface with Apple directly in real time would be prohibitively
expensive.
Presumably Apple provides an algorithm that allows retailers to
generate the codes and then transfer the sales information back to
Apple later in batches. Despite that, Apple needs to honour vouchers
immediately after they are sold, rather than waiting for the retailer's
batch data to be returned.
Apple has yet to issue a statement or response regarding the fake gift cards, and at this time it would seem that they have not determined a method for preventing redemption of the voucher codes without invalidating all its genuinely issued codes as well.