DDoS Attack Takes Down ICE List Doxxing Site After Leak of DHS-Sourced Agent Data
ICE List, a website publishing personal details of U.S. Immigration and Customs Enforcement (ICE) officers and Border Patrol agents, was reported offline following a sustained distributed denial-of-service (DDoS) attack that the site’s administrator, Dominick Skinner, attributed to traffic largely originating from Russia and routed through proxies. Skinner said the attack’s use of proxy infrastructure made attribution difficult, but described it as unusually long-running and sophisticated; the site is reportedly hosted in the Netherlands, complicating potential U.S. takedown efforts.
Reporting indicated the disruption followed Skinner’s stated intent to release data on nearly 4,500 immigration personnel allegedly obtained from the U.S. Department of Homeland Security via a whistleblower. The exposed dataset was described as including names, phone numbers, email addresses, job titles, and other identifying information, prompting criticism from DHS that the site enables doxxing of federal personnel; Skinner reportedly said he planned to withhold some categories of names (e.g., nurses and childcare workers) while publishing most others.
Timeline
Jan 14, 2026
Administrator reports suspected Russian-origin traffic during outage
During the disruption, Skinner said many attacking IP addresses appeared to originate from Russia, though he noted they were routed through proxies and attribution remained uncertain. He described the volume and duration of the traffic as suggesting a sophisticated operation.
Jan 14, 2026
ICE List releases data on nearly 4,500 immigration workers
ICE List administrator Dominick Skinner said he published personal data on nearly 4,500 ICE and Border Patrol employees allegedly obtained from the U.S. Department of Homeland Security after the shooting of Renee Good. The dataset reportedly included names, phone numbers, email addresses, and job titles, with plans to publish most names while excluding nurses and childcare workers.
Jan 13, 2026
DDoS attack knocks ICE List offline
On Tuesday evening, the ICE List website was reportedly hit by a distributed denial-of-service attack that disrupted access to the site. Skinner said the attack followed media reporting about his plans to release personal information on thousands of employees.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
US Government Efforts to Identify Anti-ICE Activists and a StopICE Service Compromise
The US Department of Homeland Security has reportedly used **administrative subpoenas** to pressure tech companies to disclose identifying data about anonymous accounts and individuals critical of the Trump administration, including accounts sharing information about local **ICE immigration raids**. The reporting highlights that administrative subpoenas—unlike judicial subpoenas—do not require a judge’s approval and can seek metadata and account-identifying details (e.g., login times, devices, and associated email addresses), raising concerns about oversight and potential chilling effects on speech. Separately, the anti-ICE alert service **StopICE** reported its app and website were attacked, with users receiving texts claiming their information had been “compromised and sent to the authorities,” alongside disparaging messages about the developer. StopICE administrators and the developer disputed claims that sensitive personal data (names, addresses, GPS/location histories) was stolen, stating the service does not collect/store that information, while also noting the platform faces heavy hostile activity including frequent **DDoS** attempts; the service blamed a **US Customs and Border Protection (CBP)** agent for the attack, though that attribution was not independently confirmed in the reporting.
1 months ago
Leak of Personal and Work Details of ICE and Border Patrol Employees
Personal and work-related details of roughly **4,500** US **ICE** and **Border Patrol** employees were allegedly leaked online and shared with *ICE List*, a site describing itself as an “accountability” project. Reporting indicates the exposed data includes names, work email addresses, phone numbers, job roles, and some résumé-style information; early reviews cited in coverage suggest about **80%** of those listed may still be employed by **DHS**. Multiple accounts attribute the disclosure to a **DHS whistleblower** and describe it as a major exposure of federal staff data, with estimates including roughly **1,800–2,000** frontline agents and about **150** supervisors among those affected. The alleged leak followed intense public backlash after the fatal shooting of **Renee Nicole Good** in Minneapolis, in which **ICE agent Jonathan Ross** has been widely identified as the shooter. Separate reporting describes broader legal and political fallout around DHS/ICE operations and scrutiny of Ross’ conduct, including court testimony and disputes over subpoenas seeking identifying information about social media users posting about ICE activity; however, those items are adjacent context rather than direct reporting on the staff-data leak itself.
1 months ago
Hacktivists Claim DHS Breach and Leak ICE Contractor Records via DDoSecrets
A self-described hacktivist group calling itself **“Department of Peace”** claimed it breached **U.S. Department of Homeland Security (DHS)** systems and exfiltrated internal records tied to **Immigration and Customs Enforcement (ICE)** contracting. The group published the material via the transparency collective **Distributed Denial of Secrets (DDoSecrets)**, and reporting indicates the dataset contains **6,600+ contractor-related records** listing thousands of companies associated with federal immigration enforcement contracts, including major vendors such as **Microsoft**, **Oracle**, **Palantir**, **Raytheon**, and **Anduril**. The alleged source of the leaked records was described as DHS’s **Office of Industry Partnership**, a unit involved in procuring technology from the private sector. As of the reporting cited, **DHS had not publicly confirmed** the intrusion or validated the authenticity and provenance of the released data, leaving the breach claim unverified while the documents circulate publicly via the DDoSecrets-hosted release.
1 months ago