US Government Efforts to Identify Anti-ICE Activists and a StopICE Service Compromise
The US Department of Homeland Security has reportedly used administrative subpoenas to pressure tech companies to disclose identifying data about anonymous accounts and individuals critical of the Trump administration, including accounts sharing information about local ICE immigration raids. The reporting highlights that administrative subpoenas—unlike judicial subpoenas—do not require a judge’s approval and can seek metadata and account-identifying details (e.g., login times, devices, and associated email addresses), raising concerns about oversight and potential chilling effects on speech.
Separately, the anti-ICE alert service StopICE reported its app and website were attacked, with users receiving texts claiming their information had been “compromised and sent to the authorities,” alongside disparaging messages about the developer. StopICE administrators and the developer disputed claims that sensitive personal data (names, addresses, GPS/location histories) was stolen, stating the service does not collect/store that information, while also noting the platform faces heavy hostile activity including frequent DDoS attempts; the service blamed a US Customs and Border Protection (CBP) agent for the attack, though that attribution was not independently confirmed in the reporting.
Sources
Related Stories
U.S. Agencies Expand Efforts to Identify and Share Data on Immigration-Related Targets
Reporting indicates the U.S. Department of Homeland Security (DHS) has significantly increased its use of **administrative subpoenas**—which do not require judicial approval—to obtain identifying information for anonymous social media accounts that criticize **ICE** or post information about ICE agent locations. According to the New York Times (as cited by TechCrunch), DHS sent **hundreds** of subpoenas to major platforms including **Google, Meta, Reddit, and Discord**, and some companies reportedly complied in at least some cases; Google said it notifies users when possible and challenges subpoenas it views as **overbroad**. Separately, a court filing disclosed that the **IRS improperly overshared** immigrants’ personal data with DHS/ICE under an April 2025 IRS–DHS data-sharing arrangement intended to support certain non-tax criminal investigations under **IRC Section 6103** exceptions. After ICE requested **1.28 million** addresses, the IRS could verify **47,289** individuals, and for a subset (reported as **under 5%** of verified matches) the IRS mistakenly provided ICE with **additional address information** beyond what ICE had supplied, raising concerns that the interagency data-sharing deal increased exposure of sensitive taxpayer information.
1 months ago
StopICE App Breach and SMS Alert Abuse via Downstream Carrier API
**StopICE**, an app used to track U.S. Immigration and Customs Enforcement (ICE) activity, reported a security incident after users received SMS messages urging them to uninstall the app. StopICE administrators attributed the activity to a “personal server” allegedly associated with a **U.S. Customs and Border Protection (CBP) agent** and said the attacker abused a **downstream carrier API** to spam users rather than compromising StopICE’s core systems. Public claims on social media alleged that attackers accessed and shared user data with law enforcement, including names, credentials, phone numbers, and location data; StopICE disputed holding most of that data and said the only potentially impacted population was users who opted into a **“location assist”** feature that collected geolocation to provide neighborhood-level alerts. Separate reporting amplified allegations that **over 100,000 users’** information (including GPS coordinates) was accessed and transmitted to U.S. federal agencies (**FBI, ICE, HSI**), and criticized StopICE leadership for allegedly not notifying users promptly. The same reporting period also included claims of a related compromise affecting another ICE-tracking app, **Eyes Up**, where attackers alleged the backend database lacked authentication and that they accessed/altered stored videos; no confirmation from Eyes Up was cited. Overall, the incident highlights risks from third-party messaging/telecom integrations and the potential safety impact of exposing activist-related location data, even when only a subset of users enable location-based features.
1 months ago
DDoS Attack Takes Down ICE List Doxxing Site After Leak of DHS-Sourced Agent Data
**ICE List**, a website publishing personal details of U.S. Immigration and Customs Enforcement (ICE) officers and Border Patrol agents, was reported offline following a sustained **distributed denial-of-service (DDoS)** attack that the site’s administrator, Dominick Skinner, attributed to traffic largely originating from **Russia** and routed through proxies. Skinner said the attack’s use of proxy infrastructure made attribution difficult, but described it as unusually long-running and sophisticated; the site is reportedly hosted in the **Netherlands**, complicating potential U.S. takedown efforts. Reporting indicated the disruption followed Skinner’s stated intent to release data on nearly **4,500** immigration personnel allegedly obtained from the U.S. Department of Homeland Security via a whistleblower. The exposed dataset was described as including **names, phone numbers, email addresses, job titles**, and other identifying information, prompting criticism from DHS that the site enables **doxxing** of federal personnel; Skinner reportedly said he planned to withhold some categories of names (e.g., nurses and childcare workers) while publishing most others.
2 months ago