Despite the fact most of the “hackers” attending the conference were all members of the military, it was difficult to discern who was a uniformed member of the service and who wasn’t.
Attendees dressed in jeans, sneakers, t-shirts and sweatshirts — “hacker casual” as one organizer called it — and were free to roam the halls. They popped into talks covering “post-quantum cryptography,” “common code patterns in exploit development” and “hacking in the industrial age.” Others experimented with different systems in hacking “villages,” participated in capture the flag-type cyber events or tried their hand at picking locks.
This, believe it or not, is what professional development for the military’s cyber force looks like.
AvengerCon, hosted at DreamPort in Columbia, Maryland Oct. 17-18, began four years ago as an event from Alpha company within the 780th Military Intelligence Brigade as a way to benefit the hacker community. Given the importance of cyber in future military operations, the Department of Defense believes it has to adopt some of the cyber world’s mentality to be successful.
“I hope that we can, almost codify the idea of being a hacker in the military,” Capt, Skyler Onken, member of the 780th MI Brigade and AvengerCon co-founder, told Fifth Domain at the event. “Some people have this false dichotomy that the military is too rigid, hacking requires being a really destructive rebellious and I don’t see those things as mutually exclusive. I see AvengerCon in terms of professionally developing helping to get people to think, ‘No, you need to be both because that’s what it means to be good.’”
Capt. Andreas Kellas, a member of the 780th MI Brigade and organizer of this year’s event, told Fifth Domain that the Army does other types of professional leader development “off site” trips to places like Gettysburg, saying that AvengerCon isn’t totally different from these professional development opportunities, but this is just the cyber community’s version.
While attendees and presenters on the active duty cyber force told Fifth Domain there aren’t necessarily specific applicable operational lessons they are pulling from AvengerCon to their day job as a military cyberwarrior, most said the event and collaboration with fellow cyber nerds helps them learn how to approach problems differently.
In cyberspace, unlike many traditional military disciplines, practitioners must think outside of traditional norms and cannot exclusively follow field manual checklists.
“To be able to come out here and listen to some of the speeches by some of these people who are leaders in their field or maybe just have a different perspective … if somebody else throws something else out there, it might trigger an idea or spark a thought pattern or a thought process that makes you think ‘why did I never look at this problem set that way before?’” 1st Sgt Joel Aguilar, a member of the 782nd MI Battalion, 780th MI Brigade and third time AvengerCon attendee, told Fifth Domain. “It might open new avenues of approach for you to tackle whatever problems you’re working on.”
A radio frequency village provided a basic course on how to use an open source tool for ingesting RF signals to a computer and then acting on that data. Since the equipment and tools are cost prohibitive, the point of the village is to allow attendees a chance to expose soldiers to the gear without having to spend $250 first.
A voting village allowed attendees to open up voter registration to touchscreen voting machines to see the firmware, hardware and software as a means of educating the larger community on their security and as a way to help create and enforce security standards.
An industrial control systems village allowed attendees to plug in and “hack” into these controls in a zero-risk environment. These systems are often much different from IT networks and a crucial piece of the nation’s critical infrastructure.
One presentation given by an Army and Marine cyber operators broke down the failed Russian operation to hack the Organization for the Prohibition of Chemical Weapons in 2018. The presentation walked through step by step what the Russians did, what equipment and tradecraft they used and what they should have done to mitigate how each step led to them getting caught.
One instructor told Fifth Domain that in presenting to a military audience, the goal was not only to demonstrate poor tradecraft, but as a case study to demonstrate adversary tactics and procedures and ways to counter them.
The “hacker casual” dress code for the event was “absolutely by design,” Onken said. This change allowed a more relaxed and informal environment for attendees to collaborate and discuss without necessarily being concerned about rank.
“It definitely allows for me to see most people as peers and not know their rank so we don’t have to be super formal,” 1st Lt. Jinny Yan, a developer within the 782nd MI Battalion in the 780th MI Brigade, told Fifth Domain. “A lot of the stuff we do is academic talk, it doesn’t matter who you are, necessarily, you can contribute to the conversation. That’s kind of nice to take that off and focus on what we’re here for, which is having intellectual conversation.”
As the event continues to grow, Onken said he hopes it motivates the attendees to say “I should be applying that information to my job in how I do it. I had this idea, why don’t I delve into that, spend some of my own time and maybe next year I can present.”
Moreover, he hopes more military cyber organizations spread out around the country start their own “cons.”
“Nothing says you can’t start your own con … that would be another good way just like every unit has their own culture and they run their own professional development, it would be great to see disparate units run their own cons,” he said. “The nation needs people that can understand military operations, work within those constructs but then be that disruptive thinker, be that innovator, be that rebel that can get the job done. If we create a culture of that where that’s the expectation of our cyber professionals then I will consider AvengerCon a massive success.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.