Attacked by the Japanese, Order & Chaos

It started with an email from Apple saying it was curious that I had purchased the Order and Chaos app, an online game, from a computer I didn’t normally use in the middle of the night. Was I all right?

No, I wasn’t. That wasn’t my purchase, so I rushed to my computer to change my password, only to find my iTunes account had been taken over by some kids in Kyoto, Japan and left in shambles. Whenever I logged in, iTunes would dissolve into the Japanese version. Although my name and address was the same on my account, my city and country were now Kyoto, Japan. And I didn’t recognize the credit card.

They didn’t steal my money as they replaced my credit card with a card that would work in Japan, which changed my country code in the process. Nothing I did would move my iTunes account back into English. Because the credit card number had come up as fraudulent – the billing address didn’t match mine – Apple was insisting I settle that matter before I could make any changes to my account. And I couldn’t. Every time I entered one of my credit card numbers, it rejected it because it didn’t match my billing address, which was now Koyoto, Japan. And I couldn’t fix my address until I entered a valid credit card number. I was stuck in a loop.

How come it was so easy for my hackers?

Apple doesn’t make it easy to reach a human in iTunes support. They have robot operators who sound very human -- the precursors of Siri -- and many press 1 for this and press 2 for that choices that solve most routine iTunes problems, but "My Account Was Hacked by Japanese Kids" was a choice in any menu. I futilely hit every button and verbally requested “A human” at every menu, and finally, a voice came on saying there was a 5-minute wait for a human. By then I was already two hours into my attempt to fix my iTunes account, so this seemed like a blessing. As is often the case, the wait time is exaggerated to discourage you from holding. A human came on almost immediately after I agreed to wait.

I explained my dilemma and the young man with a Valley Girl lilt to his voice asked for my computer serial number. Do I have to turn the computer upside down to find it? And why do you want it? This isn't a computer hardware problem. He insisted he needed it. We found where it was hidden, three clicks into the About This Mac panel. He told me my 90 days of free telephone support had expired.

Well, I know that. I’ve had this computer a couple of years, and it isn’t a hardware problem! I don’t need support to explain something to me! I need these damn Japanese kids out of my iTunes account! He agreed that fraudulent activity was its own category and politely forwarded me on to another young man with a Midwestern accent. We both agreed this was a baffling crime since they had stolen nothing from me except my ability to use my iTunes account since it was frozen over the issue of the unpaid app purchase. “iTunes accounts are free,” he said, puzzled.

(My husband later suggested that maybe the credit card was stolen so they needed to weld it onto an account that couldn’t be traced to them. It was only a 600 yen purchase, which is about $7.74.)

It was a struggle to delete the purchase and forgive the debt, thus enabling me to change my address back to the United States and reenter my own credit card and reset my password. The first half dozen tries failed, and finally my guy had to kick it upstairs to another team of computer wizards. He would come back from hold and say, “Try it now.” I would try it and say, “Still in Japan.” This went on for another two hours. When we finally landed back in the United States, it rejected my credit card. The account was now flagged for “unusual activity” due to all our finagling. I was locked out. It took another 30 minutes to override that.

At the end, when the Apple guy should really have been tired of dealing with me, he patiently sat through my long tirade about what I had gone through to connect with him. I wanted an explanation of how this happened; how did the hackers do it when it was so difficult to undo it? And what was the point? He didn’t know and offered no theories. And so ended my 4.5 hours with Apple support.

But I have to say, they were good. The robot support menu would have solved most things. The first Valley Boy was good about recognizing a special situation and letting me go through the phone support portal despite being out of warranty, and the iTunes team really put in a morning’s work releasing me from Japanese attack. They should have been at Pearl Harbor.

Naturally, I had to google Order and Chaos and see what was so special about this game. The logo is one of those big-eyed Japanese anime kids in medieval dress. Then I googled "Order and Chaos hackers" and found complaints going back to the beginning of the year of similar iTunes robberies for this game and a Texas Hold ‘Em poker game. What the hackers were stealing were credits. Apparently many people don’t feel safe leaving a credit card open on their iTunes account so they purchase gift cards and enter the credits. Someone with a list of iTunes user names and passwords could write a program sweeping through the accounts and downloading all the available credits with purchases for poker chips or extra powers and weapons for this Order and Chaos game. And then they could resell them as virtual goods.

The credit card number that replaced mine was probably just a bogus one to sweep my account into Japan since it only worked for yen purchases, and the point was to steal credits, not actually use the card. At least that’s my theory.

And the other weird thing was I had just read in Steve Jobs’ biography that his favorite place in the world was the Kyoto, Japan gardens, and I had made a mental note to google it and see the pictures, only to wake up and find my iTunes account had gone to Kyoto without me that same night. Odd? Mystical.