|
|
|
| |
| UNCONFIRMED |
by Stop ICE Alerts Network JAN 31, 2026 On Jan 30, a server attack attempted to target stopice.net and queue false text alerts from our downstream carrier to our platform. The attack was quickly isolated and neutralized. Update We’ve traced the source of this attempted attack back to a personal server associated with two CBP officials here in Southern California. One of these individuals also has neo-nazi ties and was formerly stationed at Fort Sill military base when previously enlisted in the US Army before joining CBP in early 2025. These individuals nor their associates didn't do a very good job covering their tracks - We will be releasing more names and additional details related to these individuals shortly. Our intention is to inform the public about these individuals in the interest of public safety. Updated details are published here. Stopice.net servers have been under increased (but unsuccessful) attacks since publishing these sources. We've also published (and will continue publishing more) details related to persons who've sent multiple death threats during this period. It appears these unsuccessful attacks have attempted to take stopice.net offline in attempt to prevent this data from being shared. Leaked names and addresses of subscribers? No, stopice.net does not store this information, nor does it ever ask or request this information from users. Anyone claiming to have breached such information is spreading is attempting to spread rumors in attempt to gain social media fame and clout. Over 500 DDOS attempts in a single day (and counting), and stopice.net remains online and alerts are still going out to communities across the country. We have traced the source of the attack. Apparently, these “hackers” are aren’t too well versed in how to navigate even a basic attack, either that or they are just too sloppy. Or both. It was easy to throw them bait (garbage data, fake API keys, etc) which they immediately grabbed revealing plenty of information related to their location, networks, phone numbers, names, and so forth. Additionally, we are providing a list of IP’s and networks (including various VPN’s and servers) used by several attackers here, https://www.stopice.net/counterattack This is a public log that is updated daily. Feel free to use it for your own follow-up how you see fit, and your own traffic containment strategies. We will also be including phone numbers, names and profiles of those who’ve attempted to attack and flood our system, along with those who have attempted to send multiple death threats to the developer. We are also aware of several posts circulating online claiming others have written bots to submit fake reports to the alert system and plate tracker. We were well aware of this before the “attackers” publicly posted online about it once again looking for fame and clout. None of these attempts were successful. But they can keep trying. We appreciate the free pentesting ;) Was the developer “Doxxed?” No. Information about the developer, Sherman Austin has been widely public for some time. A simple 30 second google search will reveal this. However that didn’t stop self-proclaimed “hackers” along with a weird cult of MAGA twitter trolls from somehow claiming victory for “exposing” the founder and developer. Several claims of “DOXXING” the founder / developer of stopice.net were made online when in fact all these people did was repost public information hat has been on google for years, even decades. A temporary list of filenames were revealed, how did this happen? Before yesterday’s attack there was an automatic update on our web server back-end management tool (WHM). After this update, certain application-header settings were automatically overwritten which was found to be a little suspicious, but also suspected as a horrible discrepancy with WHM. These settings were not critical security components but a layer to prevent unwanted snooping on temporary garbage file names that get purged from the server each hour. It’s expected some of these file names were viewable but also very limited compared to the overall database of well over half a million users behind encryption. We are still looking into why these settings were removed, but this is where the short snowball in the attack started, which was quickly neutralized. What if someone gains access to my Stopice.net account? Can they see my location and personal information? No. Stopice.net does not store nor request any addresses, names or personal information from subscribers. Additionally, anyone who might happen to log into your account (including yourself) cannot view the number associated with that account. Stopice.net does not track users GPS locations, as explained on our site, StopICE calculates polar coordinate distances between zip codes verses exact locations. Stopice.net remains online & functional, and has not been “overrun.” Please be aware of false rumors being spread by MAGA trolls, and others looking for a “hot moment” to generate clicks and views through spreading misinformation. Yesterday’s attack was confirmed to originate from the same source last month that attempted to disrupt alerts (unsuccessfully) on Stopice.net moments before CBP agents arrived and raided a nearby Home Depot.
|
| |||
|
|
Stop ICE Alerts
UNCONFIRMED reports are intended to gather more information before being labeled CONFIRMED- which is why these comments exist as a crowd sourcing tool for
additional feedback.
