FORT MEADE, Maryland — At the end of last year, I was invited to a new hacker event in Maryland. Chris Eagle, a well-known researcher in the field of malware analysis and author of IDA Pro Book, notice it. There were a number of very good internationals at all levels of expertise, a couple of “Capture the Flag” (CTF) hacking challenges, and all other typical hallmarks of a well-run hacker conference.
But this event, AvengerCon III, proved to be different in many ways from the BSides conventions and other events I have attended. The first difference is the key word: Eagle, a senior lecturer at the Navy Postgraduate School, shared some news about the upcoming release of the open reverse engineering tool by referring to an “undisclosed cover name.” (The tool is Hydra, a public modification tool developed by the National Security Agency.) There are also more people in camouflage than in most hacker events, and my CTF colleagues are military intelligence agents. Perhaps the biggest bonus is that this isn’t just an old hacker episode? AvengerCon III is held on Fort Meade and hosted by the US Army’s 781st Military Intelligence Battalion (Cyber).
Part of the 780th Military Intelligence Brigade, the 781st was once known as the Army Network Warfare Battalion. It is the first Army unit created to create a “cyberspace operations force” within the Army — conducting offensive and defensive operations and gathering intelligence in support of U.S. forces around the world. So technically, AvengerCon isn’t a convention. It’s a “training event,” in Army parlance, intended to bring hacker education to the Army’s cyber warriors.
AvengerCon is the son of Capt. Skyler Onken and Captain Steve Rogacki. Until recently, Onken was the company commander for Alpha Company 781st Military Intelligence Battalion, a component of the 780th MI Brigade—called “the Avengers,” hence the episode’s name. He now attends the US Cyber Academy at Fort Gordon, Georgia. Rogacki is an officer from a unit at Fort Gordon, Georgia. The two came up with the idea for AvengerCon while attending DEF CON a few years ago. While sitting at Johnny Rockets at the Flamingo Hotel in Las Vegas, Onken said, the two were enjoying the DEF CON experience. “It’s such a great experience being part of the (hacker) community, the things you learn, the things you get to try, it’s fun,” he recalled. “And we were like, ‘We wish the soldiers could accept that.'”
Onken is a rarity in the Army: he was in a safe place before that he joined the service. Before graduating college, he worked at a California startup, first doing database and then web application testing. “After a while doing serious web pen testing and internal security assessments, I started doing some type of testing type work as a contractor,” he told Ars. Hoping to “do something a little more involved,” Onken eventually went back to finish his degree—and was drawn into Army ROTC. He joined the Army in 2012 at the age of 25.
The Army has tricked Onken with talking about its need for cyber experts. “Incredibly, I said my employer lied to me,” Onken said. Instead of sending him down the Cyber track, “(The Army) decided to send me to Fort Bragg to fly out of a plane, and I had nothing to do with computers for two years.” Because leaders within the Army realized his true tactical plan, Onken ended up switching from Airborne to Cyber. “Special people want it (Major) General (Gary) Johnston who is now in INSCOM (Army Intelligence and Security Command), helped me contact the brigade commander at the time in the 780th.” At that time, Brigadier General Buckner, now head of the Army’s Cyber Directorate at the Pentagon “You’re actually the one who got me here, and I’ve been cyber ever since.”
This is not how things normally work. Most of the soldiers who end up as Army network operators and cyber warfare experts have never been exposed to the hacking world — they end up in the field because they score high on competency tests and complete the training pipeline. That pipeline, however, is not designed to create people who are creative problem-solvers. “You can’t create a Chris Eagle by sending someone to a lot of classes,” Onken explained.
Army training is organized based on the methods developed in the industrial era, especially the highly productive people with changeable skills. “You train people to a standard by giving them priority, making sure they can repeat the work, and then you combine it to achieve a goal,” Onken explained. “That works in corporate time… but for computer security, hacking, cyber and all that, you can have a thousand people, and if none of them are really problem solvers, you will have more power than two people who are problem solvers that’s really good.”
The only way to create people with those skills, Onken believes, is with more “unstructured learning” like hacker forums, “where people are given the opportunity to find what they’re interested in, pursue that, use their talents in that way, and then they. value will be demonstrated to the organization based on their individual talent skills—rather than just trying to make everyone look the same. “
Unfortunately, it’s not easy to send troops to hacker forums. Travel costs and bureaucracy associated with obtaining approval are a significant barrier especially when events are local. “So instead of trying to get the Army to send everyone to seminars,” Onken said, “we said, ‘We can do our own training event—we have enough subject matter experts, and we have people enough who are passionate about it, that we can make our own.’ The focus is really on getting the younger soldiers an opportunity to participate in the community.”