Over the last few days hackers and trolls have targeted a slew of ICE spotting apps and their users in an apparent attempt to intimidate and stop them from reporting sightings of ICE. These hackers sent threatening text messages to users of StopICE, claiming their personal data has been sent to the authorities; attempted to wipe uploads on Eyes Up, which aims to document ICE abuses; and even sent push notifications to DEICER app users claiming their data has also been sent to various government agencies.
There is little evidence that hackers have actually provided data to the government. But it shows that apps like these, many of which Apple and Google have already kicked from their respective app stores, in some cases after direct government pressure, can be targeted by hackers or those looking to harass their users.
“Yes there is a targeted spike in attacks targeting similar [sites],” Sherman Austin, the developer of StopICE, told 404 Media in an email.
On Sunday, users of DEICER received a push notification from the app that said, “Your information has been compromised and sent to the FBI, HSI, and ICE. RC is a terrible coder,” according to a screenshot of the notification shared with 404 Media by a user of the app.
Rafael “RC” Concepcion is the developer of DEICER. RC told 404 Media in an email the hackers appeared to gain access to a function that was used to notify individuals, and the hackers used that to send messages to DEICER users. RC said it seems the broadcasts were “to intimidate.” RC said, “the only emails that were affected were mine and some users’ that had logged into a community pin feature, so it was minimal.”
The DEICER user who shared that screenshot with 404 Media was, coincidentally, the administrator of another app in this area. Mark is the creator of Eyes Up, an app that Apple removed around the same time it removed ICE spotting apps last year. Rather than report sightings of ICE officials, Eyes Up is a tool for people to preserve TikToks, Instagram reels, and other evidence of ICE abuses. Eyes Up told 404 Media in a statement that a “malicious person” tried to gain access to the app’s systems on Saturday. “We believe their goal was to delete our archive of videos that documents illegal and inhumane actions taken by ICE. Because we do not collect any user data, there was no risk to anyone who has used the app or website,” the statement said.
Over the weekend, a Reddit user started a thread with the title “HELP?? i just received this text from the phone number associated with STOPICE.NET.” They posted a screenshot of three text messages they claimed to have received, which each said, “Your information has been compromised and sent to the authorities. Sherman Austin is not to be trusted and is a terrible coder.”
Austin told 404 Media an automatic update to their backend management tool was part of the issue. “There are false rumors spread by the ‘attackers’ claiming to obtain full names and addresses of users as a result. StopICE doesn’t store this information nor does it ask for it. Additionally, StopICE doesn’t utilize GPS details from users for geolocation functions, but instead calculates polar coordinate distances between zip codes to determine the general areas where alerts are sent and received,” he said.
A message posted on StopICE’s site mirrored the one sent to DEICER users, reading, “We were not kidding. We sent your names, logins, passwords, and locations to a bunch of government agencies.”
Several accounts on X have claimed some connection to the attacks. In posts they have claimed access to a large set of ICE spotting app user data, but have not provided evidence of those claims and did not respond when asked by 404 Media to provide a sample for verification purposes.