Nicola Sotira is Director General of the Global Cyber Security Center of Poste Italiane and Information Security Manager in Poste Italiane. He is in the field of information security for over 20 years with experience in different international companies. In the previous experience, Nicola Sotira was sales Director UC&C & Security Practices in Westcon Group Italy and VP Sales Italy in Clavister AB. Professor at the Master in Network Security of La Sapienza University, Member of the Association for Computing Machinery. Promoter of technological innovation, was member of several startups in Italy and abroad.
It seems that history repeats itself and you never learn the lesson. It was the year 2010 when the Foursquare service invited its users to do the “check-in” in popular places and then transmit all these data publicly by mistake.
Are not you convinced yet? Try to open Google Maps and select from the menu «Timeline»; unless you have disabled Google access to your location data, you will see a clear map of your movements punctually referable also temporarily enabling the calendar view.
We must summise the data represents the entire business model for these companies and it is therefore difficult for them to find a reason to stop the collection.
You may wonder why we are still talking about this topic, why the umpteenth article on data sharing? Because recently all the newspapers have talked about Strava. This is an application for monitoring athletic
activity, Strava is able to manage and elaborate with great details the data of runners and cyclists. Everything starts, as always, from our smartphone, the Strava App is free and is available for iOS and Android, the application allows us to record the GPS track of our race or ride. The app tells us what were our times, the paths, the miles and we can make transform this solitary training in a viral challenge.
Some numbers? In December 2016, Strava announced that more than 300 million sports activities were loaded; of these activities 26.90% have been carried out in group collecting more than 1.3 billion Kudos (Kudos are the correspondents to the likes of Facebook).
What happened ? Strava in November 2016 published the maps that collected all the sports activities, which, referred to a total of 27 billion kilometers. The issue was that some of the App users work for military or intelligence agencies. At that point some security experts were able to connect the dots and create a relation between bases or locations of US military / intelligence operations.
All was accelerated by Nathan Ruser, a student studying international security at the Australian National University; he started to post on Twitter a series of images that pointed out Strava user activities potentially related to US military bases in Afghanistan, Turkish military patrols in Syria, and much more.
The Department of Defense is going to revise the IoT and wearable device policies and said it encourages all defense personnel to limit their public presence on the Internet and of course the guidance is even stricter when troops operate in sensitive locations. As we have written several
times the awareness in the use of these tools, plays a fundamental part and we need to work a lot more on the awareness to create a generation of users aware in the digital world. Many areas of improvement in this area that must see manufacturer, service companies and consumer associations work together. And last but not least, programs in schools that educate on cybersecurity