Prime in Prison

1 09 2011

Tateru Nino has managed to uncover an addendum to the court proceedings surrounding his violations of his court supervision. Since she headlined this a month ago, I have been searching for the document she refers to but I presume she has some access to materials that are not in the public domain as I cannot find it. I this include her commentary asis:

zFire Xue (AKA Michael Prime), creator and operator of RedZone, has been remanded to the custody of the US Marshals and is off for four months in prison. I bet you thought you’d heard the last of him already. This may very well be the last you hear of him. Prime entered a guilty plea for four counts of violating his probation following a prior conviction for fraud.

For the two years after his release, he’s not allowed to work anywhere where computers or computer programming are the primary business, not allowed near any online auction site, and not allowed to participate in Second Life, or any online virtual environment or online social network – at least, not without prior written approval from his assigned Probation Officer.

His computer will be monitored for files and activity during those two years, he can’t contribute to software projects, or write code for hire, and he’s not allowed to create or operate Web-sites. Also he gets to wear one of those nifty tracking devices as a part of the “Home Confinement Program.”

There’s plenty more restrictions as a part of his supervised release, but those are the interesting ones.

There was also a US$500 fine, but it was waived due to financial incapacity. There’s no sign of any of the money he made out of RedZone customers.


zFire Xue Arrested for Violations of Supervision Order

9 06 2011

Avril Korman blogged an interesting follow up to the RedZone affair a couple of weeks ago. I will quote from her article:

On April 20, 2011, a violation report (for anyone truly that interested, the case number is U.S. District Court, Western District of Washington, case number 01CR00310RSL- and this information is public- call them yourself if you want) was submitted alleging that zFire (Mike Prime) had violated his conditions of supervision by:

  1. Committing the criminal offense of Possession of Stolen Property 1st degree;
  2. Committing the criminal offense of Trafficking in Stolen Property 2nd degree;
  3. Associating with a convicted felon;
  4. Associating with a convicted felon; (note these are two separate charges, which would indicate two separate people/felons)
  5. Failing to allow the U.S. Probation Officer to inspect any personal computer owned or operated by the defendant;
  6. Failing to notify the USPO of all computer software owned or operated by the defendant;
  7. Beginning employment without prior approval of USPO and working for cash.

A warrant was issued for his arrest and on May 2, he surrendered to U.S. Marshals. He appeared before a U.S. Magistrate Judge and denied the allegations. An evidentiary hearing is currently scheduled for May 18, 2011. At this time, pending that evidentiary hearing, he remains in custody.

I think both counts 6 and 7 have some bearing on RedZone, but it is not clear to the extent that thse actually figured in the action by the authroities. I note Avril suggests only count 7 relates to his activities in Second Life, and she is in a better position to know.

In any case, it is an interesting epilogue to the RedZone affair. In the end the bad guy goes to jail.

Time To Move On?

17 03 2011

So where now for this blog?

zFire Xue is banned, as are his alts. RedZone is gone. As others point out, the privacy issue in Second Life has not gone away – but we now have much better tools to discover and fight future privacy invasions with Sione’s media patch. The point that this kind of data collection is neither legal nor moral has been made. Most importantly, this is a single issue blog. I called it “no2redzone”, and that issue has vanished down the plug hole of history. And good riddance.

I will continue to watch the privacy issue, and no doubt will contribute again in the future – but this blog is not really needed anymore.

Having said that, there are some loose ends that could be tied up – I may blog about some of these. In particular, I may write an article about how that database could have been so much better protected. I am still considering whether that would be worthwhile to my readers and how I should do that.

But other than a couple of follow up articles, I do not intend to keep up this site. I may archives some news posts but I will keep the general interest stuff available for a historical perspective. However in a couple of weeks I intend to turn comments off on the articles and leave things be.

Now having said that, I could not resist a couple of things. One correction: zFire claimed in his Alphaville Herald article that no one had proven he had a page tracking locations of IP addresses.

In fact I can reveal that the page that did this was hidden in his error404.php document. If logged in as zFire or his girlfriend, the 404 page showed a search box that allowed you to enter an Avatar name and it showed you the location associated with their IP address. Even though I was given access to this information, I did not bother report this as, amongst all the other revelations, that page seemed pretty lame. Just thought I would mention it now though.

The second thing, I just felt that as we are all missing Crackerjack, we should have a quote from him. This written by Crackerjack on 19 February:

my particular expertise is in network security and although i am not an expert in database programming i do work with programmers and know what an sql injection is and how it can be performed and they havent the expertise nor the methodology to do it

Once again many thanks to readers of this blog for your interest.

Latest News: RedZone is Gone. zFire Xue and Alts are Banned

16 03 2011

The End of RedZone

Soft Linden Nukes the RedZone Store As Crowds Party

It is done! RedZone has been banned. The shop has been nuked by Soft Linden. Devices are being systematically removed from inventories by Linden Lab. zFire Xue and his alts have been banned from Second Life.

Thanks to everyone who has written ARs, blogged, commented, posted, voted and in any way helped make this happen!

There will be some more news on this blog soon.

Breaking News: zFire Xue is a Convicted Criminal

14 03 2011

Ebay Fraudster Since 1997Never let it be said that zfRedZone is drama free. In a sensational development, someone has uncoverd evidence that everything we said about zFire Xue is true. I have said I will not use his full real name on this forum (although I have known it for quite some time). In the light of this news, I say stuff it!

Michael Stefan Prime has multiple criminal convictions, including convictions for ebay fraud. This is an article about Mike Prime – zFire Xue. A longer PDF court record is here, and a New York Times article is here. Note from the court record that he had a string of previous convictions for first and second degree theft, two counts of possession of stolen property in the second degree, and forgery – at the age of 19!!

Bronxelf released this link to the court records for this case in a sensational post on SLUniverse a short while ago. Theia Magic confirmed this was the information she passed on to Linden Lab on Friday, and that the Lab is therefore now aware of zFire’s criminal record.

As zFire’s usual response is to fib and deny, I will pre-empt questions as to whether this is the same Michael Prime by saying that the age and details in this report fit him perfectly (19 in 1999 – he is 30 now, which we know is correct), and I had already scoured the web some months ago and I am 99.9% confident that he is the only Mike Prime in the Seattle area in the region of 30 years old. Theia Magic has also spent the weekend confirming identity and turning up some interesting names to others we have seen before – including John Hamlin. Theia’s blog is linked on the right, so check there to see if she posts updates.

So there you have it. It is as we always knew it: The fight between us and RedZone was always about thousands of honest sim owners and content creators on the one side, and a small band of thieves and criminals on the other. And the criminals built a system called RedZone.

Now, in our view, Linden Lab must act.

Consider what we have here:

  1. Mike Prime set up a system that unreliably but with some success links alts by IP address. He does not care about false positives, as long as he finds a few real positives because:
  2. Most people who have lats use the same password or some variation on the same.
  3. Mike Prime has been harvesting password information from the 5,000+ users of his site by logging real passwords and failed attempts.

there is a very real risk that Mike Prime intends to use stolen accounts and stolen alt accounts for more petty theft and fraud.

URGENT: Please put aside all grudges and tell all users of RedZone, and anyone who ever registered at Mike Prime’s site to CHANGE THEIR PASSWORD IMMEDIATELY IN ALL PLACES THEY USE THAT PASSWORD!

Latest Neighbourhood Watch Updates

14 03 2011
zFire Xue is panned on his own gossip forum

zFire is a victim of his own nasty forum

I have always said the neighbourhood watch is one of the nastiest things on zFire’s site. Right now, however, I am enjoying it.

I expect zFire will delete these when he sees them. We are not meant to criticise him after all.

Does Anyone Still Trust zFire Xue?

12 03 2011

Since this time yesterday when zFire was hacked in response to his foolish challenge to test his (pathetic) security, it seems he has been hacked again – at least once. a whole bunch of SQL tables or maybe even the entire database was dropped in what looks like yet another SQL insertion attack. It is clear that zFire has been gemming up on avoiding SQL injection attacks. Keep reading zFire … you will get there eventually.

But not before it is all too late. Password outing functionality, and indeed the veracity of the video we carried this week has been confirmed by the hackers from last night who released their findings to the Alphaville Herald. It may be they attempted to contact us with the information first, for which I thank them but I think the Alphaville Herald is a good place for that report.

Yesterday’s hack was still annoyingly obvious – and today’s moreso. I can allay some fears however in that I understand that significant quantities of false data have been injected into that database by yet another person or persons who have demonstrated they understood the security vulnerability well enough to do this. This same source suggests that zFire was about to manually add the names of all members of the inworld GreenZone users group to the list of “known copybotters”[sic]. Attached is the evidence provided – snipped away are well over 1000 names take from the group membership.

Letter to zFire Xue from Merlin Swordthain

Letter to zFire Xue from Merlin Swordthain

Since today’s hack the forums appear to have had it although it looks like there was a recent database backup. If anyone else is thinking of cracking this database I should point out that its no great challenge but at this time the working database is zFire’s biggest albatross It shows he has been a very very bad boy so please do not be tempted to take it offline. False IP address reports will do no harm though.

To end on a lighter note, Theia was confused by this remark from new RedZone poster arooga:

by arooga » Fri Mar 11, 2011 1:48 am

I would like to have crackerjack’s babies for the way he got Theia Magic
Done Up Like A Kipper she was, hung by her own petard

Her comment to that was amusing bit this is even more amusing in the light of this:

Arooga is Crackerjack

Arooga is Crackerjack

[Edit: Someone challenged the image showing that Arooga is Crackerjack, saying anyone could have written that on the forum. I edited down the screenshot I was given and now include a bit more to show this was a message sent directly to zFire. The message and the screenshot predate Friday’s crack on the database.]

It seems Crackerjack, in an attempt to beef up his security by changing his email address, locked himself out of that account. He decided Arooga would be fun for alt games. Strange from someone who finds alt outing so important.

So Arooga wants to have Crackerjack’s babies? Nice to see him getting in touch with his feminine side.