[jandrese]

Ultimately their system depends on reports from end user devices to determine how much a book was read, and that will always be vulnerable to manipulation.

The first order fix would be to simply having the Kindle use its internal timer to keep track of how long each book was read (with sanity checks on the server side to make sure a Kindle is not reporting more hours read than is possible) and use that as the metric to pay authors (by the hour).

The hackers will create thousands of virtual Kindles and have them report fake times, but that's a much higher hurdle than just flipping to the end of the book and hitting "sync". Amazon might also figure out ways to detect the fake "Kindles".

There are some other things Amazon can do to mitigate the problem. They can require a book to be published for at least a full month before paying out. This will give it time for normal people to detect the fraud and report it, albeit at the cost of making the indie authors starve for an extra month.

Amazon could also hire a real person who's job is to scour all newly published titles for frauds. How many titles are published every day? Is it more than a person could spot check?