- Home
- Matthew M. Aid
The Secret Sentry Page 4
The Secret Sentry Read online
Page 4
Also in early 1949, personnel were pulled from unproductive Soviet cryptanalytic projects and put to work instead on translating and analyzing the ever-mounting volume of Soviet plaintext teletype intercepts, which overnight had become AFSA’s most important intelligence source. There were dire consequences resulting from the shift to plaintext, however. The reassignment of those working on Soviet cryptanalytic problems to plaintext processing badly hurt the American cryptanalytic effort to solve Soviet ciphers and indirectly contributed to the departure of a number of highly talented cryptanalysts. By 1952, there were only ten to fifteen qualified cryptanalysts left at AFSA, down from forty to fifty at the height of World War II.65
One Soviet-related cryptanalytic effort after another ground to a halt for lack of attention or resources. For instance, the Anglo-American COMINT organizations largely gave up on their efforts to solve encrypted Soviet diplomatic and military attaché traffic. These cipher systems, almost all of which were encrypted with unbreakable one-time pad ciphers, had defied the best efforts of the American and British cryptanalysts since 1945. As of August 1948, the principal Soviet diplomatic cipher systems had not been solved, and available information indicates that they never were.66The ciphers used on the Ministry of State Security (MGB) high-level internal security communications networks also consistently stymied the American and British cryptanalysts.67
With their access to Soviet high-level cipher systems irretrievably lost, SIGINT production on the USSR fell precipitously, and notable successes became few and far between. But it was during this bleak period that the most important retrospective breaks into the Venona ciphers were made. Between December 1948 and June 1950, Meredith Gardner decrypted portions of dozens of Soviet intelligence messages, which helped the Federal Bureau of Investigation identify Judith Coplon, Klaus Fuchs, Donald MacLean, David Green-glass, Julius Rosenberg, and the physicist Theodore Alvin Hall, among others, as having spied for the Soviet Union during World War II.68However, Venona, as noted earlier, sadly turned out to be an intelligence asset that could not be used. While it is certainly true that the Venona decrypts allowed the FBI and its counterparts in En gland and Australia to identify a large number of Soviet spies during the late 1940s and the 1950s, they did not produce many criminal indictments and convictions. Declassified FBI documents show that only 15 of the 206 Soviet agents identified in the Venona decrypts were ever prosecuted, in large part because the secrecy of these decrypts prevented them from being used in an American court of law.69
As a result, most of the “big fish” who spied for the Russians got away. For example, although her complicity in spying for the Soviet Union was proved by Venona decrypts, all of Coplon’s criminal convictions were overturned on appeal because of mistakes made by the FBI and also because the SIGINT materials could not be used in court. Forty individuals identified in Venona as having spied for Russia fled before they could be prosecuted, including MacLean, Guy Burgess, and Kim Philby. But most of the agents who spied for Russia were never indicted because it might have revealed U.S. success in breaking Russian codes. For example, when in 1956 the FBI proposed prosecuting former White House aide Lauchlin Currie for espionage based on information developed from Venona, NSA’s director, Lieutenant General Ralph Canine, strongly objected, telling the Justice Department that anything that might reveal NSA’s success in breaking Russian codes would be “highly inadvisable.”70
For the same reason, even the man whose treachery probably led to the Black Friday disaster, William Weisband, could be convicted only of contempt of court in 1950 for refusing to testify before a federal grand jury after the director of AFSA, Rear Admiral Earl Stone, refused to sanction a criminal indictment for espionage. Weisband worked for the rest of his life as an insurance salesman in northern Virginia and died of a heart attack in May 1967 at the age of fifty-nine.71
The State of American COMINT in June 1950
As of June 1950, AFSA and the three military cryptologic organizations were in a lamentable state. They were short of money, personnel, and equipment. Neither AFSA nor Britain’s GCHQ were reading any Soviet or Chinese high-level code or cipher systems.72AFSA was deriving intelligence from low-level plaintext intercepts, and even that effort was not doing very well. As a result, high-quality intelligence about what was going on inside the USSR was minimal. A CIA history reveals that COMINT was only producing high-quality intelligence about Soviet foreign trade, internal consumer goods policies, gold production, petroleum shipments, shipbuilding activities, military and civilian aircraft production, and civil defense.73Not surprisingly, intelligence consumers were concerned that AFSA was not carrying out its mission, and a consensus began to emerge within the U.S. intelligence community that radical changes were probably needed in order to get it back on track.74
But perhaps the most prescient judgment on the state of American COMINT in 1950 comes from an NSA historian, who writes, “American cryptology was really just a hollow shell of its former self by 1950 . . . With slim budgets, lack of people, and lack of legal authorities, [AFSA] appeared set up for failure should a conflict break out.”75And that is exactly what happened on June 25, 1950, in a country that Secretary of State Dean Acheson in a colossal gaffe had neglected to include in the U.S. “Asian defense perimeter”— Korea.76
CHAPTER 2
The Storm Breaks
SIGINT and the Korean War: 1950–1951
The hammer shatters glass, but forges steel.
—RUSSIAN PROVERB
The Shattered Frontier
At four A.M. on the morning of Sunday, June 25, 1950, over seven hundred Russian-made artillery pieces and mortars of the North Korean army opened fire on the defensive positions of the South Korean army deployed along the 38th parallel, which since the end of World War II had served as the demarcation line between communist North Korea and the fledgling democracy of South Korea. The impact of thousands of artillery shells landing in just thirty minutes shattered the morale of the green Republic of Korea (ROK) forces. Two hours later, over one hundred thousand combat-tested North Korean troops backed by more than 180 Russian-made T-34 medium tanks and self-propelled artillery guns surged across the 38th parallel. Within a matter of hours, the North Koreans had routed all but a few of the undermanned and poorly equipped South Korean army units along the border. The Korean War had begun.1
Why hadn’t AFSA or any of the three service cryptologic agencies provided advance warning? The answer revealed by newly declassified documents is that there had been no COMINT coverage whatsoever of North Korea prior to the invasion. An NSA historical monograph admits that “the North Korean target was ignored.”2The reason was that virtually all of AFSA’s meager collection resources were focused on its customers’ primary target, the Soviet Union. Virtually all other target countries were being ignored or given short shrift by AFSA. The result, according to Colonel Morton Rubin, a former Army G-2 official, was that: “North Korea got lost in the shuffle and nobody told us that they were interested in what was going on north of the 38th parallel.” 3
This meant AFSA’s capabilities against North Korea were nonexistent. Nobody at AFSA was working on North Korean codes and ciphers. The AFSA Korean Section existed only on paper; the two civilians on its nominal staff were actually assigned to the Chinese Section and tasked with working on the codes and ciphers of both North and South Korea only in their limited spare time. Neither one had any degree of expertise on the North Korean military. In addition, the AFSA Korean Section possessed no Korean dictionaries or Korean-language reference books; no North Korean traffic analytic aids; no Korean-language typewriters, necessary for transcribing intercepts; and virtually no knowledge of North Korean military terminology and radio working procedures because there had not been any serious intercept coverage of North Korea since 1946.4
The Thirty-Day Miracle
On June 28, 1950, three days after the invasion began, the South Korean capital of Seoul fell to the North Koreans without a fight. Over the ne
xt month, the news from Korea became increasingly grim. Every day the American troops in Korea lost more ground against the numerically superior and better equipped North Korean forces. On July 3, the port of Inchon fell, followed by the key railroad junction at Suwon on July 4. On July 20, the North Koreans captured the city of Taejon, wiping out an entire American infantry regiment. Five days later, on July 25, the North Koreans destroyed a regiment of the First Cavalry Division that was trying to defend the Korean towns of Kumch’on and Yongdong.
But what the public did not know was that only a few days after the North Korean invasion began, the intercept operators at the U.S. Army listening post outside the city of Kyoto, Japan, began intercepting North Korean military Morse code radio traffic coming from their forces inside South Korea. On the morning of June 29, 1950, the first intercepted North Korean radio traffic from Kyoto began arriving at AFSA’s SIGINT processing center at Arlington Hall Station over the teletype links from the Far East. Because there were so few Korean linguists available, it took AFSA a week before the first translated North Korean message was completed on July 3, the same day that the port of Inchon fell to the North Koreans. A quick scan of the intercepts revealed that the North Korean army was transmitting highly classified information, such as daily situation reports, battle plans, and troop movement orders, in the clear. The analysts were amazed that the North Koreans were not bothering to encode this incredibly valuable material.5It took another week before the first Top Secret Codeword traffic analysis report based on intercepts of NKPA plaintext radio traffic was published and distributed by AFSA to its consumers in Washington and the Far East on July 11, just two weeks after the North Korean invasion began. Three days later, on July 14, AFSA cryptanalysts at Arlington Hall broke the first encrypted North Korean military radio message. In the days that followed, the AFSA cryptanalysts solved several more cipher systems then being used by the North Korean combat divisions and their subordinate regiments, as well as some of the cipher systems used by North Korean logistics units.6
The upshot was that in a mere thirty days, AFSA’s cryptanalysts had achieved the cryptologic equivalent of a miracle—they had succeeded in breaking virtually all of the North Korean military’s tactical codes and ciphers, which must rank as one of the most important code-breaking accomplishments of the twentieth century. The result was that by the end of July 1950, AFSA was solving and translating over one third of all intercepted North Korean enciphered messages that were being intercepted. Only a severe shortage of Korean linguists kept them from producing more.7
The net result was that AFSA’s spectacular code-breaking successes gave the commander of the Eighth U.S. Army in Korea, Lieutenant General Walton Walker, what every military commander around the world secretly dreams about—near complete and real-time access to the plans and intentions of the enemy forces he faced. James H. Polk, who was a senior intelligence officer on General MacArthur’s G-2 staff in Tokyo at the time, recalled, “We had the North Korean codes down pat. We knew everything they were going to do, usually before they got the orders from Pyongyang decoded themselves. You can’t ask for more than that.” A young army field commander attached to Eighth U.S. Army headquarters at Taegu named James K. Wool-nough, who would later rise to the rank of general, had this to say about the importance of the SIGINT available to General Walker: “They had, of course, perfect intelligence. It all funneled in right there. They knew exactly where each platoon of North Koreans were going, and they’d move to meet it . . . That was amazing, utterly amazing.”8
These code-breaking successes were to prove to be literally lifesaving over the forty-five days that followed as the vastly outnumbered American and South Korean infantrymen of the Eighth U.S. Army tried desperately to hold on to a tiny slice of South Korea around the port city of Pusan in a series of battles that are referred to today collectively as the Battle of the Pusan Perimeter. Declassified documents reveal that between August 1 and September 15, 1950, SIGINT was instrumental in helping General Walker’s Eighth Army beat back a half-dozen North Korean attacks against the Pusan Perimeter.9By the end of August, SIGINT revealed that the North Korean army had been reduced to a shadow of its former self. The North Korean Thirteenth Division could only muster a thousand men for combat, while some battalions of the North Korean Fifth Division had lost more than 80 percent of their troops, with one battalion reporting that it had only ten soldiers left on its muster rolls.10SIGINT also showed that under relentless air attacks, the North Korean supply system had almost completely stopped functioning. Ammunition shortages were so severe that it was severely affecting the combat capabilities of virtually all frontline NKPA units deployed around the Pusan Perimeter. For example, an intercept revealed that ammunition shortages in the North Korean Thirteenth Division east of Taegu were so severe that it could not fire its few remaining artillery pieces.11
The Inchon Landing
In one of the greatest gambles of the Korean War, on the morning of September 15, 1950, units of the U.S. Tenth Corps staged an amphibious landing, planned by General MacArthur, behind the North Korean lines at the port of Inchon, west of Seoul.
Recently declassified documents reveal that the Inchon landing would not have been successful without the SIGINT coming out of AFSA. Thanks to SIGINT, MacArthur and his intelligence chief, Major General Charles Willoughby, had a fairly clear picture of the North Korean army order of battle, including the locations, strengths, and equipment levels for all thirteen infantry divisions and a single armored division deployed around the Pusan Perimeter. Most important, the SIGINT data showed that there were no large North Korean units deployed in the Inchon area.12In the month prior to the Inchon landing, MacArthur’s intelligence analysts in Tokyo, thanks to the decrypts, were able to track the locations and movements of virtually every unit in the North Korean army. In mid-August, SIGINT revealed that the North Koreans were taking frontline combat units from the Pusan Perimeter and moving them to defensive positions along both the east and west coasts of South Korea, suggesting that the North Korean general staff was concerned about the possibility of a U.N. amphibious landing behind North Korean lines. By early September, decrypted high-level North Korean communications traffic showed that the North Korean army’s senior commanders were concerned that the United States might attempt an amphibious landing on the west coast of South Korea, but had incorrectly guessed that the landing would most likely occur to the south of Inchon at either Mokpo or Kunsan port.13
Despite SIGINT indications that the North Koreans knew a U.S. amphibious operation was imminent, MacArthur went ahead with the landing at In-chon on September 15. It was a stunning success, with little North Korean resistance. The sole attempt by the North Koreans to mount a major counterattack against the Inchon bridgehead was picked up by SIGINT well before it began, and mauled by repeated air strikes. In a matter of just a few hours, the entire North Korean force was destroyed.14
With the collapse of the Inchon counterattack, there were no more organized North Korean forcesstanding between the U.S. forces and Seoul. On September 28, Seoul fell to the Americans. With that, all thirteen North Korean combat divisions around the Pusan Perimeter abandoned their positions and fled to the north. By the end of the month, all of the rest of South Korea up to the old demarcation line at the 38th parallel had been recaptured.
The Chinese Intervention
Newly declassified documents have revealed that at the time of the Inchon landing, AFSA had very few SIGINT resources dedicated to monitoring what was occurring inside the People’s Republic of China, North Korea’s huge communist neighbor, because, as a declassified NSA history put it, AFSA had “employed all available resources against the Soviet target.” The only SIGINT resources available were a few intercept positions at the U.S. Army listening post on the island of Okinawa, Japan, which were monitoring low-level Chinese civil communications traffic, primarily unencrypted Chinese government cables and the communications traffic of the Chinese Railroad Ministry. A small
team of Chinese linguists at Arlington Hall Station, headed by a twenty-nine-year-old New Yorker named Milton Zaslow, was able to derive a modicum of intelligence about the state of the Chinese economy, transportation and logistics issues, and even the movements of Chinese military units inside China from these telegrams. It was not a very impressive effort, but it was all that the overstretched AFSA could afford at the time.15
Beginning in July 1950, and continuing through the fall, Zaslow’s team picked up indications in these low-level intercepts that the Chinese were shifting hundreds of thousands of combat troops from southern and central China to Manchuria by rail.16But according to Cynthia Grabo, then an intelligence analyst at the Pentagon, the U.S. Army’s intelligence analysts refused to accept the reports of a Chinese military buildup in Manchuria, arguing instead that the Chinese intended to invade Taiwan.17
But there were other SIGINT sources that were indicating that China intended to take forceful action in Korea. AFSA’s principal source for intelligence on China was its ability to read the cable traffic of arguably the best informed foreign diplomat based in Beijing, Dr. Kavalam Madhava Panikkar (sometimes spelled Pannikar), India’s ambassador to China. Panikkar had the ear of Premier Chou Enlai and other senior Chinese leaders, which made him AFSA’s best source for high-level diplomatic intelligence about what was going on in Beijing.18For example, intercepts of Panikkar’s cables to New Delhi in July and August 1950 revealed that he had been told by Chou Enlai that the Chinese would not intervene militarily in Korea.19