Spot the not-Fed: A day at AvengerCon, the Army’s answer to hacker conferences

Enlarge / Participants in AvengerCon III, held at the McGill Training Center at Fort Meade, Maryland, on November 27 take part in a lock pick village put on by TOOOL (The Open Organisation of Lockpickers). (credit: US Army)

FORT MEADE, Maryland—Late last year, I was invited to a relatively new hacker event in Maryland. Chris Eagle, a well-known researcher in the field of malware analysis and author of The IDA Pro Book, keynoted it. There were a number of really good talks at all levels of expertise, a couple of “Capture the Flag” (CTF) hacking challenges, and all the other typical hallmarks of a well-run hacker conference.

But this event, AvengerCon III, proved to be distinct in a number of ways from the BSides conferences and other events I’ve attended. The first difference was that keynote: Eagle, a senior lecturer at the Navy Postgraduate School, shared some news about an upcoming release of an open reverse engineering tool by referring to its “unclassified cover name.” (The tool was Ghidra, a public reverse-engineering tool developed by the National Security Agency.) There were also a lot more people in camouflage than at most hacker events, and my CTF teammates were military intelligence agents. Perhaps the biggest giveaway that this wasn’t any old hacker event? AvengerCon III was being held on Fort Meade and hosted by the US Army’s 781st Military Intelligence Battalion (Cyber).

Part of the 780th Military Intelligence Brigade, the 781st was once known as the Army Network Warfare Battalion. It was the first Army unit formed to create a “cyberspace operations capability” within the Army—conducting offensive and defensive operations and intelligence collection in support of US forces around the world. So technically, AvengerCon is not a conference. It’s a “training event,” in Army parlance, intended to bring the hacker learning culture to the Army’s cyber warriors.