ICE-reporting service StopICE has blamed a US Customs and Border Protection (CBP) agent for attacking its app and website and sending users text messages warning them that their information had been “sent to the authorities.”
On Friday, users reported receiving text messages from a phone number linked to the anti-ICE alert app, telling them their “information has been compromised and sent to the authorities.”
The text message also said that the anti-ICE service’s developer, Sherman Austin, “is not to be trusted and is a terrible coder.” Meanwhile X users claimed the hackers sent users’ names and login information “to a bunch of government agencies.”
We have reached out to CPB for comment and will update this story if we hear back.
However, we were able to get in touch with Austin, and he told The Register that none of the attackers’ claims are true. “There are a lot of rumors circulating that were put out by racist pro-Trump accounts on social media,” he said in an email. “Specifically rumors about users names, addresses and locations being revealed when this information does not exist on the site.”
On Saturday, StopICE admins downplayed the breach, said it doesn’t store subscribers’ personal information, and added that it receives more than 500 distributed-denial-of-service (DDoS) attacks daily:
According to the alert, StopICE – which claims it has more than half a million subscribers – does not request or store users’ names and addresses, and anyone claiming to have stolen these details is “attempting to spread rumors in attempt to gain social media fame and clout.”
Admins also said that the app does not store GPS tracking details. It does, however, have an optional “location assist” feature for people who want to share their location.
The app’s maintainers said that they traced the source by throwing the attackers “bait,” such as phony data and fake API keys, which allegedly revealed the intruders’ locations, names, phone numbers, and network information, and StopICE has since provided a list of IP addresses and network details belonging to “several attackers.”
“We will also be including phone numbers, names and profiles of those who’ve attempted to attack and flood our system, along with those who have attempted to send multiple death threats to the developer,” the admins wrote.
The alert also reminded users to be careful about posting information on platforms including Meta and Google share users’ geolocation and other data to law enforcement upon request – or sometimes if they simply ask nicely – noted that end-to-end encrypted email providers and messaging apps such as Signal can help secure communications. ®