Spot the not-Fed: A day at AvengerCon, the Army’s answer to hacker conferences

By admin 6 years ago

Participants in AvengerCon III, held at the McGill Training Center at Fort Meade, Maryland, on November 27 take part in a lock pick village put on by TOOOL (The Open Organisation of Lockpickers).

Enlarge / Participants in AvengerCon III, held at the McGill Training Center at Fort Meade, Maryland, on November 27 take part in a lock pick village put on by TOOOL (The Open Organisation of Lockpickers).

FORT MEADE, Maryland—Late last year, I was invited to a relatively new hacker event in Maryland. Chris Eagle, a well-known researcher in the field of malware analysis and author of The IDA Pro Book, keynoted it. There were a number of really good talks at all levels of expertise, a couple of “Capture the Flag” (CTF) hacking challenges, and all the other typical hallmarks of a well-run hacker conference.

But this event, AvengerCon III, proved to be distinct in a number of ways from the BSides conferences and other events I’ve attended. The first difference was that keynote: Eagle, a senior lecturer at the Navy Postgraduate School, shared some news about an upcoming release of an open reverse engineering tool by referring to its “unclassified cover name.” (The tool was Ghidra, a public reverse-engineering tool developed by the National Security Agency.) There were also a lot more people in camouflage than at most hacker events, and my CTF teammates were military intelligence agents. Perhaps the biggest giveaway that this wasn’t any old hacker event? AvengerCon III was being held on Fort Meade and hosted by the US Army’s 781st Military Intelligence Battalion (Cyber).

Part of the 780th Military Intelligence Brigade, the 781st was once known as the Army Network Warfare Battalion. It was the first Army unit formed to create a “cyberspace operations capability” within the Army—conducting offensive and defensive operations and intelligence collection in support of US forces around the world. So technically, AvengerCon is not a conference. It’s a “training event,” in Army parlance, intended to bring the hacker learning culture to the Army’s cyber warriors.

Hacker insurgency

  • Chris Eagle, a senior lecturer of Computer Science at the Naval Postgraduate School in Monterey, Calif., was the keynote speaker at the third annual AvengerCon, a hacker-style training event, at the McGill Training Center on November 27. Eagle talked about the importance of attending events such as Black Hat, DefCon, ShmooCon, not only for their training value, but to be presenters in order to share the attendees’ knowledge with the rest of the community.
  • Midshipmen from the US Naval Academy in Annapolis participated in a “Capture the Flag” event during AvengerCon III.
  • The “village” events at AvengerCon III included two “Capture the Flag” challenges: “Conquer the Flag” and “Howdy Neighbor IOT” (an Internet of Things CTF presented by the security firm Grimm).
  • Master Sgt. Amanda Draeger, non-commissioned officer-in-charge of the 780th Military Intelligence Brigade (Cyber), gave a presentation on “Anatomy of a Phish” at AvengerCon III. Draeger discussed the elements common to successful phishing campaigns of varying sophistication, based on real-world examples from the speaker’s experience in a heavily targeted Fortune 100 company.
  • Training sessions at AvengerCon III included a fuzzing workshop, a reverse-engineering workshop, a presentation by the Army Cyber Institute on how to create a “Capture the Flag” competition, and an Internet of Things hacking workshop.

AvengerCon was the brainchild of Capt. Skyler Onken and Capt. Steve Rogacki. Until recently, Onken was company commander for Alpha Company 781st Military Intelligence Battalion, a component of the 780th MI Brigade—nicknamed “the Avengers,” thus the event’s name. He has now moved on to the US Army Cyber School at Fort Gordon, Georgia. Rogacki is an officer from a unit at Fort Gordon, Georgia. The two came up with the idea for AvengerCon while attending DEF CON a few years ago. While sitting at a Johnny Rockets at the Flamingo Hotel in Las Vegas, Onken said, the two were reveling in the experience of DEF CON. “It’s such great experience just being a part of the [hacker] community, the things you learn, things you get to try, it gets you excited,” he recalled. “And we were like, ‘We wish that the soldiers could get that.'”

Onken is a rarity in the Army: he was in the security field before he joined the service. Before completing college, he worked at a California startup, first doing data warehousing then Web app testing. “After a while doing Web app pen-testing essentially and internal security assessments, I started doing some more strictly offensive security type pen-testing type of work as a contractor,” he told Ars. Hoping to “do something a little bit more impactful,” Onken ultimately went back to finish his degree—and got drawn into Army ROTC. He was commissioned in the Army in 2012 at the age of 25.

The Army had lured Onken in with talk about its need for cyber experts. “Ironically, I say my recruiter lied to me,” Onken said. Instead of sending him down the Cyber track, “[The Army] decided to send me to Fort Bragg to jump out of aircraft, and I had nothing to do with computers for two years.” It was only because leaders within the Army recognized his true skill set that Onken ended up switching from Airborne to Cyber. “Key people like [Major] General [Gary] Johnson, who’s at INSCOM [the Army’s Intelligence and Security Command] now, helped me get in touch with the brigade commander at the time at the 780th.” At the time, that was Brigadier General Buckner, now head of the Army’s Cyber Directorate at the Pentagon. “She’s actually the one who got me over here, and I’ve been cyber ever since.”

This is not how things normally work. Most of the soldiers who end up as the Army’s network operators and cyber warfare experts have never been exposed to the hacking world—they end up in the field because they scored high on aptitude tests and ended up in the training pipeline. That pipeline, however, is not designed to create people who are creative problem-solvers. “You can’t create a Chris Eagle by just sending someone to a lot of classes,” Onken explained.

Industrial revolution

Army training is structured based on methods developed in the industrial era, essentially mass-producing people with interchangeable skills. “You train a person to a standard by essentially instructing them, verifying that they can repeat the task, and then you aggregate it together to accomplish a goal,” Onken explained. “That worked in the industrial era… but for computer security, hacking, cyber and all that, you could have a thousand people, and if none of them are really problem solvers, you’re going to have less capacity than two guys that are really good problem solvers.”

The only way to create people with those skills, Onken believes, is with more “unstructured training” like hacker conventions, “where we give people the opportunity to find what interests them, pursue that, apply their talents in that way, and then their value will be demonstrated to the organization based upon their individual talent skills—rather than just trying to make everybody look the same.”

Unfortunately, it’s not easy to send soldiers to hacker conferences. The travel costs and bureaucracy associated with getting approval are a significant barrier even when events are relatively local. “So rather than trying to get the Army to send everyone to conferences,” Onken said, “we said, ‘We could run our own training event—we have enough subject matter experts, and we’ve got enough people who are passionate about it, that we can run our own.’ The focus really was to get the junior soldiers the opportunity to participate in the community.”

Similar Posts:

Related Posts: