StopICE tracking service hacked, admins blame CBP agent for sabotage

Anti-ICE alert app StopICE was hacked to send alarming texts to users, with admins accusing a Customs and Border Protection agent of orchestrating the attack.

The anti-ICE tracking service StopICE has accused a US Customs and Border Protection (CBP) agent of orchestrating a cyberattack that compromised its app and sent alarming text messages to users. The incident, which occurred on January 30, 2026, has raised concerns about the security of activist technology and the potential for government interference in digital protest tools.

The Attack and False Claims

On Friday, January 30, users of the StopICE app began receiving text messages from a phone number linked to the service. The messages claimed that users' "information has been compromised and sent to the authorities." Additionally, the texts attacked the app's developer, Sherman Austin, calling him "not to be trusted and is a terrible coder."

Meanwhile, posts on social media platform X claimed that hackers had sent users' names and login information to various government agencies. These claims quickly spread, causing alarm among the app's user base.

StopICE's Response

StopICE administrators quickly responded to the incident, downplaying the severity of the breach and refuting the attackers' claims. In a statement released on Saturday, the service emphasized that it does not store subscribers' personal information, including names and addresses.

"On Jan 30, a server attack attempted to target stopice.net and queue false text alerts from our downstream carrier to our platform," the statement read. "The attack was quickly isolated and neutralized. We've also traced the source of this attack back to a personal server associated with a CBP agent here in SoCal."

Tracing the Attack to a CBP Agent

The StopICE team claims to have identified the source of the attack, attributing it to a CBP agent based in Southern California. According to the service's administrators, the agent "did not do a good job covering his tracks, nor did his associates."

To trace the attackers, StopICE employed a strategy of providing "bait" in the form of phony data and fake API keys. This approach allegedly revealed the intruders' locations, names, phone numbers, and network information. The service has since compiled a list of IP addresses and network details belonging to "several attackers."

User Data and Security Measures

StopICE maintains that it does not request or store users' names and addresses. The service claims to have over half a million subscribers and emphasizes that anyone claiming to have stolen this information is "attempting to spread rumors in attempt to gain social media fame and clout."

The app does offer an optional "location assist" feature for users who wish to share their location, but it does not store GPS tracking details by default. StopICE administrators have reminded users to be cautious about sharing information on platforms that may cooperate with law enforcement, such as Meta and Google.

Broader Context and Implications

The attack on StopICE is part of a larger pattern of digital resistance against ICE surveillance and data collection practices. In recent years, tech employees have demanded that their companies take a stand against ICE, and ICE-tracking app developers have sued the Trump administration after their software was removed from app stores.

The incident highlights the ongoing tension between activist technology and government agencies, as well as the potential vulnerabilities of digital protest tools. It also raises questions about the role of law enforcement in monitoring and potentially disrupting activist networks.

Security Recommendations

In light of the attack, StopICE has advised its users to take additional security precautions. The service recommends using end-to-end encrypted email providers and messaging apps such as Signal to secure communications. These tools can help protect user privacy and make it more difficult for third parties to intercept or access sensitive information.

Looking Forward

As the investigation into the StopICE attack continues, questions remain about the extent of government involvement in digital activism and the security measures necessary to protect activist technology. The incident serves as a reminder of the ongoing challenges faced by those working to resist and document ICE activities, as well as the potential risks associated with using digital tools for activism.

The StopICE case also underscores the importance of robust cybersecurity practices for activist organizations and the need for continued vigilance in protecting user data and privacy in an increasingly connected world.