(Research by Joe Stewart, SecureWorks)
In response to published reports [outdustry.com] about a hacking attack [appletell.com] against the iTunes gift card system, security researcher Joe Stewart has gone digging for answers and comes up with an eyebrow-raising theory.
Stewart believes this is the work of credit card thieves looking for a place to turn stolen data into raw cash:
I see two likely scenarios: either the Chinese hackers have managed to penetrate Apple’s internal network and/or iTunes gift card database and are directly stealing activated numbers before they can be used, or they are simply using stolen credit card numbers to purchase the cards.
Finding a way to “cash out” stolen credit card numbers is always a primary problem for credit card theives, also known as “carders”. Sometimes carders buy goods online and resell them, but it requires a real-world “drop” where the delivery of the physical items can be made without leading the police to their door. But transferring iTunes codes can be done electronically and anonymously, and since it is something with almost world-wide demand, there is never going to be a shortage of persons willing to buy the discounted codes without asking questions. And they can explain away the mystery of where the codes come from by simply saying “Oh, we hacked the algorithm. Yeah, that’s the ticket…”
There’s more to Stewart’s thinking in the full article [secureworks.com].
