The developer who sabotaged two of his own open source code libraries, causing disruption for thousands of apps that used them, has a colorful past that includes adopting a QAnon theory involving Aaron Swartz, the notorious hacktivist and programmer who committed suicide in 2013.
What really happened with Aaron Swartz?
Squires provided no reason for the move, but in a Read me Accompanying last week’s malicious update, it included the words “What really happened with Aaron Swartz?” “
Swartz tragically took his own life after facing federal hacking charges that could have put him in jail for 50 years. The charges – for alleged crimes of hacking and wire fraud – stemmed from Swartz connecting to a Massachusetts Institute of Technology network and removing millions of academic papers that were behind a payment wall. After being kicked out of the MIT Wi-Fi system, he walked into a closet on the MIT network and plugged a laptop computer directly into the campus network.
Along with including the cryptic Swartz reference in the readme file, Squires also tweeted these same words and included a link to This thread claiming that Swartz was murdered after discovering child pornography on MIT’s servers. This message now deleted, included in the thread, said:
No, it is not Aaron Swartz who should be tried, but this high institution of salaried learning, MIT, which is responsible for the heinous crimes that led to his death. The risks taken by Swartz, which threatened MIT, can only be understood through the issue of child pornography orchestrated and produced by its acclaimed teachers and distributed to their rich and powerful sponsors. MIT cyber pimps cater to a client base that includes the top echelon of the State Department, large corporations, intelligence agencies, the military, and the White House.
Every element of the Swartz Affair indicates that he died in a heroic attempt to expose the perversion that has corrupted the hearts and minds of the world’s elite, a heinous and often deadly vice that traumatizes innocent children and threatens every family on this planet.
There is also evidence that Squires may have been charged two years ago with reckless endangerment after allegedly starting a fire at his apartment in Queens, New York. According to Press articles, then 37-year-old man, Marak Squires, was arrested after being taken to hospital after authorities observed him acting erratically as they responded to the blaze.
The articles said that Squires was a software developer and an early investor in bitcoin. A month after the fire, Squires reported on Twitter having “lost all my things in an apartment fire” and asked for financial assistance.
I lost all of my belongings in an apartment fire and am barely homeless. I have lost access to most of my accounts. All the precious metal is missing. If someone could bless [email protected] with some money, it would help me not to freeze on the street. MDR.
– shine (@marak) 25 october 2020
Squires did not respond to a message seeking comment on this post.
Throwing a key in the supply chain
Last week’s sabotage raises concerns about the security of the software supply chain that is critical to a large number of organizations, including Fortune 500 companies. Both libraries sabotaged …Faker.js and Colors.js—Created problems for people using Amazon Cloud Development Kit. Large corporations, critics have long said, take advantage of open source ecosystems without adequately paying developers for their time. In turn, the developers responsible for the software are unfairly put to the test.
Indeed, Squires said in 2020 that he no longer support large companies with a job he does for free. “Take this opportunity to send me a six-figure annual contract or split the project up and have someone else work on it,” he wrote.
The ability of a single developer to shut down such a large application base points to a fundamental weakness in the current structure of free and open source software. Add to that the havoc wreaked by overlooked security vulnerabilities in widely used open source applications – think of last month’s Log4j fiasco or the devastating Heartbleed zerodays targeting OpenSSL systems in 2014 – and you have a recipe for potential disaster.
- Dev corrupts “colors” and “fakes” of NPM libraries by breaking thousands of applications
- How to Cancel a Payment on PayPal
- Zoom security issues: Everything that’s gone wrong (so far)
- 14 Ethical Hacking Courses to Become a Security Expert
- 15 Best Charting Libraries to Build Beautiful Application Dashboards