It started with an email from Apple saying it was curious
that I had purchased the Order and Chaos app, an online game, from a computer
I didn’t normally use in the middle of the night. Was I all right?
No, I wasn’t. That wasn’t my purchase, so I rushed to my
computer to change my password, only to find my iTunes account had been taken
over by some kids in Kyoto, Japan and left in shambles. Whenever I logged in,
iTunes would dissolve into the Japanese version. Although my name and address
was the same on my account, my city and country were now Kyoto, Japan. And I
didn’t recognize the credit card.
They didn’t steal my money as they replaced my credit card
with a card that would work in Japan, which changed my country code in the
process. Nothing I did would move my iTunes account back into English. Because
the credit card number had come up as fraudulent – the billing address didn’t
match mine – Apple was insisting I settle that matter before I could make any
changes to my account. And I couldn’t. Every time I entered one of my credit
card numbers, it rejected it because it didn’t match my billing address, which
was now Koyoto, Japan. And I couldn’t fix my address until I
entered a valid credit card number. I was stuck in a loop.
How come it was so easy for my hackers?
Apple doesn’t make it easy to reach a human in iTunes
support. They have robot operators who sound very human -- the precursors of
Siri -- and many press 1 for this and press 2 for that choices that solve most
routine iTunes problems, but "My Account Was Hacked by Japanese Kids" was a choice in any menu. I futilely hit every button and verbally requested “A
human” at every menu, and finally, a voice came on saying there was a 5-minute
wait for a human. By then I was already two hours into my attempt to fix my
iTunes account, so this seemed like a blessing. As is often the case, the wait
time is exaggerated to discourage you from holding. A human came on almost
immediately after I agreed to wait.
I explained my dilemma and the young man with a Valley Girl
lilt to his voice asked for my computer serial number. Do I have to turn the
computer upside down to find it? And why do you want it? This isn't a computer hardware problem.
He insisted he needed it. We found where it was hidden, three clicks into the
About This Mac panel. He told me my 90 days of free telephone support had
expired.
Well, I know that. I’ve had this computer a couple of years,
and it isn’t a hardware problem! I don’t need support to explain something to
me! I need these damn Japanese kids out of my iTunes account! He agreed that
fraudulent activity was its own category and politely forwarded me on
to another young man with a Midwestern accent. We both agreed this was a
baffling crime since they had stolen nothing from me except my ability to use
my iTunes account since it was frozen over the issue of the unpaid app
purchase. “iTunes accounts are free,” he said, puzzled.
(My husband later suggested that maybe the credit card was stolen so they needed to weld it onto an account that couldn’t be traced to them. It was only a 600 yen purchase, which is about $7.74.)
It was a struggle to delete the
purchase and forgive the debt, thus enabling me to change my address back to
the United States and reenter my own credit card and reset my password. The
first half dozen tries failed, and finally my guy had to kick it upstairs to
another team of computer wizards. He would come back from hold and say, “Try it
now.” I would try it and say, “Still in Japan.” This went on for another two
hours. When we finally landed back in the United States, it rejected my
credit card. The account was now flagged for “unusual activity” due to all our
finagling. I was locked out. It took another 30 minutes to override that.
At the end, when the Apple guy should really have been tired
of dealing with me, he patiently sat through my long tirade about what I had
gone through to connect with him. I wanted an explanation of how this happened;
how did the hackers do it when it was so difficult to undo it? And what was the
point? He didn’t know and offered no theories. And so ended my 4.5 hours with
Apple support.
But I have to say, they were good. The robot support menu would
have solved most things. The first Valley Boy was good about recognizing a
special situation and letting me go through the phone support portal despite
being out of warranty, and the iTunes team really put in a morning’s work releasing
me from Japanese attack. They should have been at Pearl Harbor.
Naturally, I had to google Order and Chaos and see what was so special about this game. The logo is one of those big-eyed Japanese anime kids in medieval dress. Then I googled "Order and Chaos hackers" and found complaints going back to the beginning of the year of similar iTunes robberies for this game and a Texas Hold ‘Em poker game. What the hackers were stealing were credits. Apparently many people don’t feel safe leaving a credit card open on their iTunes account so they purchase gift cards and enter the credits. Someone with a list of iTunes user names and passwords could write a program sweeping through the accounts and downloading all the available credits with purchases for poker chips or extra powers and weapons for this Order and Chaos game. And then they could resell them as virtual goods.
Naturally, I had to google Order and Chaos and see what was so special about this game. The logo is one of those big-eyed Japanese anime kids in medieval dress. Then I googled "Order and Chaos hackers" and found complaints going back to the beginning of the year of similar iTunes robberies for this game and a Texas Hold ‘Em poker game. What the hackers were stealing were credits. Apparently many people don’t feel safe leaving a credit card open on their iTunes account so they purchase gift cards and enter the credits. Someone with a list of iTunes user names and passwords could write a program sweeping through the accounts and downloading all the available credits with purchases for poker chips or extra powers and weapons for this Order and Chaos game. And then they could resell them as virtual goods.
The credit card number that replaced mine was probably just
a bogus one to sweep my account into Japan since it only worked for yen purchases,
and the point was to steal credits, not actually use the card. At least
that’s my theory.
And the other weird thing was I had just read in Steve Jobs’
biography that his favorite place in the world was the Kyoto, Japan gardens,
and I had made a mental note to google it and see the pictures, only to wake up
and find my iTunes account had gone to Kyoto without me that same night. Odd?
Mystical.
No comments:
Post a Comment