Cyber-poaching: Hacking GPS collar data to track and kill endangered tigers

There are so many cybersecurity terms referring to social engineering and online scams — pharming, whaling, spearing, phishing, smishing, vishing — you may roll your eyes when you read about a new one. The same applies to tacking “cyber” onto words dealing with hacking and crime, but a new “first-of-its-kind of cybercrime” term has emerged that deals with endangered animals and hacking GPS location technology; it’s called cyber-poaching.

It is not uncommon for conservationists to put GPS collars on wildlife for tracking and monitoring purposes, but it is uncommon for poachers to resort to hacking in order to get their hands on the location of endangered Bengal tigers.

The Panna Tiger Reserve in India had attached an Iridium GPS Satellite Collar on a two-and-a-half-year-old male Bengal tiger identified as Panna-211. The tracking collar, which costs nearly $5,000, has satellite and ground-tracking capabilities with an “accuracy within 2.5 meters” (8.2 feet). It was fitted on the tiger in Feb. 2013, explained National Geographic, and “configured to provide GPS data every hour for the first three months and every four hours for the next five months (the collar lasts about eight months). In July, the battery expired and the satellite feedback in the collar stopped working.”

About the time the battery croaked, Dr. Krishnamurthy Ramesh, head of the monitoring program, received a notification that someone more than 620 miles away had attempted accessing his email account where the GPS tracking data was sent. The server allegedly prevented access, but if the “cyber-poachers” did obtain the encrypted GPS data, Ramesh said it can only be decoded with “specialized data-converter software and specific radio-collar product information.”

“Only three people have legal access to the location data of the tiger’s collar,” according to the Times of India that first reported the cyberpoaching incident in September. The hacking attempt sparked a debate about who should file the case, the wildlife conservationists that fitted the collar on the tiger, or the authorities responsible for securing the password to access the tiger’s location? Panna-211 was moved from Panna Tiger Reserve to Bori Satpura Tiger Reserve, which added another group of wildlife officials into the mix of where/who should file. There was also confusion about how to file; should the cyberpoaching case be filed as “hacking for criminal purpose” or for “a poaching attempt?” Apparently no one questioned why the encrypted GPS location data for an endangered tiger would be stored in someone’s inbox.

The World Wildlife Fund estimates that the wildlife-trafficking industry “is worth $7.8 to $10 billion per year.” The illegal wildlife trade is “booming,” especially since traffickers have shifted to online sales. For example, tech-savvy poachers and traffickers allegedly utilize “code words” to describe illegal items sold on eBay.

Since the possible cyberpoaching attempt, a team of wildlife officials at Satpura Tiger Reserve “stay within 1,600 feet (500 meters) of the tiger at all times to deter poachers.” Ramesh told National Geographic that there are also plans to ramp up security at Panna Tiger Reserve. “In January, the conservationists will deploy drones for surveillance and set up wireless sensors to detect human intrusions into the forest.”