Fake iTunes cards challenge Apple's iTunes business

Posted by Christian Zibreg

Chicago (IL) - Apparently fake iTunes gift cards are the next big thing in the underground cybercriminal
world. Earlier this week, Chinese hackers enabled
this new "business" by cracking the algorithm used to
generate the voucher codes printed on real prepaid iTunes Gift Cards. As a
result, a slurry of fake iTunes cards began popping up all over the web, enabling a consumer to buy a valid voucher code that could be redeemed at the iTunes Store
for music, movies and TV shows purchases. The $200 iTunes gift cards
are selling for as low as $2.60 -- if you are willing to shop on Asian
web sites using credit card processing firms most westerners have never
heard of.


What
would you do if you were offered a $200 iTunes gift card for just
$2.60? According to various online outlets, it's the current big thing
in the underground world of cybercriminals. Now the cracked iTunes gift cards join
the usual illegal offerings, like bundles of credit card numbers, original
software (like Office and Windows) and serial codes for programs which otherwise cost thousands of dollars, and all of them selling for couple of bucks.

It's
illegal, of course. And it's all part of a carefully assembled cybercriminal web
outfit that pours in the profits collected from similar activities, and ultimately into who-knows-what-type of other illegal or even terrorist activities. But still, the Chinese (and not only them)
are happily grabbing their credit cards for the promise of nearly
a 100-fold savings.

According to a blog entry at the Outdustry,
several
sites now offer the fake iTunes gift cards. None of them are selling the physical card that consumers get when you purchase it at brick-and-mortar Apple stores
or, more conveniently, via the company's online store. Instead, you
just get the code which is contained on the real iTunes gift card that's
generated using the hacking algorithm. What's surprising though is the fact
that one fake code buys you a $200 credit for your iTunes Store account, even though Apple only offers $15, $25 and $50 gift cards denominations.


FAKE ITUNES CARDS -- BIG IN CHINA
When Chinese hackers cracked the algorithm used to generate codes printed on real prepaid iTunes Gift Cards about six months ago, a whole new "business" began to flourish. Today, Chinese shopping sites are selling $200 voucher codes (that can be redeemed online at the iTunes Store) for as low as $2.60 each. Most buyers come from China and use the codes to purchase applications for their imported iPhones, although a growing number of users are buying them to get legal music, movies and TV shows from the store as well.


Big in China (because of the iPhone)

The biggest Chinese online shopping site (called Taobao) already sells hundreds of fake cards. The owner of the shop even confessed to paying hackers for the codes he sells. He told Outdustry that the price of fake iTunes codes has dropped substantially on the black market due to the growing demand. A $200 iTunes code sold for around 320 RMB ($45) when they started "the business" six months ago, but have recently dropped to as low as 18 RMB ($2.60) for the same $200 code. However, the seller's profits haven't dropped. On the contrary, he said to Outdustry, "We make more money as the amount of customers is growing rapidly". He wouldn't divulge how he gets the codes beyond just confirming that hackers are his source.

"The hackers are based in China, but I don't know if they do the same thing in eBay," he said. "Most of our customers use iTunes Store for music, then applications and films. iPod games are least popular." If
true, this also speaks volumes as to the kind of almost royal status the iPhone
enjoys in China, which is the one country where it is still available only on the gray market as Apple's negotiations with the nation's biggest carrier
have slowed to a halt (because the carrier refuses to let Apple operate
its App Store and collect all the profits).

Stealing made easy

Of
course, all of this is wrong and illegal, but consumers in China don't care
as long as they can enhance their imported iPhones with App Store
applications. Others simply want to get the latest music and movies for
a fraction of their actual price. However, purchasing fake iTunes
Cards does involve a bit of devious trickery. For example, when you buy a
fake iTunes card at Taobao, the seller simply sends you a voucher code that would have been printed on the real card. The code arrives via Taobao's
own instant messaging software, most likely in order to make collecting
evidence in a criminal investigation nearly impossible. You then simply
redeem a voucher code in the iTunes application and voila -- you
end up with a virtual $200 credit in your iTunes Store account, and all for only $2.60.

Great, right?

Well yes, if you exclude the fact
that you're cheating the system and funding criminals (or terrorists) who
are behind the schemes. And on top of that, isn't it ironic that
instead of pirating songs and movies themselves, you now get to sort of "pirate
money" in order to receive legal content? Almost like a form of iTunes laundering. Those who purchase fake iTunes
cards are able to be paid in real music and movies from the iTunes Store, even though they're still paying a small fee for the privilege -- something BitTorrents don't require. But on top of that, bear in mind that Apple will tackle this
problem and could even figure out a way to pinpoint the fake codes, meaning the company might
close iTunes Store accounts of those users who have redeemed pirated codes.

The Yahoo link?

Of course, Taobao avoids utilizing a well-known payment processor and instead relies of a PayPal knock-off called AliPay to get the job done. Eagle-eyed readers and conspiracy advocates might note that AliPay is part of the large Alibaba
Group -- in which Yahoo holds a large stake.

Apple has not yet publicly
commented on the fake iTunes cards, nor does the company appear to have
found a workaround that would prevent users from redeeming fake vouchers
codes. Of course, the company can change the algorithm used to generate
the codes, but this won't help the iTunes billing system tell the
difference between fake codes and real cards, which would then both have been generated on the
previous algorithm.

In other words, all purchases made thus far with
fake iTunes cards will still work. As a consequence, content owners
will bill Apple for lost revenue made on fake purchases. According to
analysts, Apple keeps up to 30 percent of each music, movie and TV show
purchased on the iTunes store to cover the cost of running the store,
while content owners and artists share the remaining 70% or larger cut.


THE REAL THING
Fake iTunes cards hurt Apple's iTunes business as content owners are still billing the company for purchases made using illegal voucher codes. Pictured above is a sample of a real iTunes gift card, the kind that can be purchased at brick-and-mortar and online Apple Stores.