The SIGINT Background
by David A. Hatch with Robert Louis Benson
Since the revelation of the vital role of cryptology in World War II, the contribution of communications intelligence (COMINT) and communications security (COMSEC) in postwar conflicts has become a frequent question for many, particularly scholars and veterans' groups.
This short summary of the cryptologic background to the Korean War is intended to provide only a general overview of the conflict from a cryptologic perspective and give initial answers to some of the more important questions about intelligence support.
This paper has been cobbled together from summaries prepared during or immediately after the period of hostilities, some original documents, and the memories of some of the participants. Some of the materials on which this history is based may not be declassified by its publication date (June 2000). I have prepared the booklet in this unusual manner in order to have a general history in time for the 50th anniversary of the beginning of the war.
This booklet is therefore intended only as an introduction to the subject, an interim history until further declassification allows the fuller history of cryptologic support during the Korean War to be written. I would like to emphasize that much remains to be researched and studied about cryptology in Korea and, in fact, I look forward to more detailed studies of cryptology in the Korean War in the near future.
The Korean War
When it became clear in mid-August 1945 that Japan intended to surrender, U.S. policy makers began to make arrangements for peripheral areas occupied by Japan. One of the thorniest problems was the status of Korea.
The peninsula had been an independent nation for centuries before the Japanese took it as a colony in 1910. In August 1945, Soviet forces were fighting the Japanese military on the China-Korea border, and it appeared that the Red Army might occupy all of Korea.
The U.S. solution was a temporary division of the country. Americans would take the Japanese surrender in the southern sector, Soviet troops in the north. After a suitable - but undefined - period in which Koreans would be prepared for self-rule, both armies would withdraw. The Soviets agreed to this plan, and Korea was divided on either side of the 38th parallel.
However, as the Cold War developed, the peninsula became a pawn in a larger, international ideological struggle. After three years, the United States turned the problem over to the United Nations, which mandated elections to decide on a unified government in Korea. UN-sponsored elections led to the formation of the Republic of Korea (ROK) on August 15, 1948, under President Syngman Rhee, with its capital in Seoul. North Korea declined to participate in the UN elections and formed its own government, the Democratic People's Republic of Korea (DPRK), with Kim Il-song as its leader and its capital in Pyongyang.
The next two years were marked by struggle on many levels - military, political, and ideological. Small unit clashes and armed incursions along the 38th parallel were frequent. Both the ROK and the DPRK built military forces, but there was a difference: the USSR supplied armor and aircraft to Pyongyang, while the U.S. denied them to Seoul.
The USSR, as confirmed by the VENONA decrypts, which NSA released to the public in 1995-97, had stolen the secrets of the atomic bomb through espionage. Without espionage it is inconceivable that the Soviets would have had their own atomic bomb by the time of the Korean War. Several U.S. and British spies were able to keep the Soviets abreast of U.S. and allied diplomatic, military, and intelligence activities well into the Korean War period.1
The United States deliberately excluded South Korea from the defensive perimeter it was drawing around the Pacific Ocean area. The ROK, said U.S. officials, should depend on the United Nations for support.
Finally, in the early hours of June 25, 1950, the Korean People's Army (KPA) crossed the dividing line in strength and began pushing southward toward Seoul. After some initial resistance, the ROK Army gave way before the larger, stronger KPA, and retreat became rout.
President Harry S. Truman and his advisers assumed the USSR had directed the attack and that this was the opening move in a wider war. At that point, the U.S. reversed its policy and intervened militarily to support the ROK. The U.S. persuaded the United Nations to call for assistance in repelling North Korea's aggression, and a number of other UN members sent troops or supporting forces.
After a period of retreat, General Walton Walker, in command of the U.S. Eighth Army, stabilized the lines around a defensible area that came to be known as the "Pusan Perimeter." Deployed largely along the meandering Naktong River, Walker moved his forces quickly and astutely to blunt repeated North Korean attacks.
On 15 September 1950, a USMC/Army amphibious force, spearheaded by Marines, striking according to General Douglas MacArthur's plans, conducted one of the greatest feats of American arms ever, an amphibious landing behind North Korean lines at the port of Inch'on. This operation, combined with a breakout from the Pusan Perimeter, smashed the DPRK's military forces.
UN forces, primarily American and South Korean troops, crossed into North Korean territory in pursuit of their retreating enemy, despite warnings from Communist China to remain below the 38th parallel. In November, as U.S. and South Korean forces approached the China-Korea border, the People's Liberation Army (PLA) struck them in force, sending the UN army in a precipitous retreat southward.
In the spring of 1951, UN forces reestablished a stable line of resistance with the communist armies at roughly the midpoint of the Korean peninsula. Both sides entrenched. The Korean War continued for more than two years, but consisted largely of limited offensive operations, characterized by only small gains and losses, to capture or defend particular points of real estate. The strongpoints were designated officially by their height in meters, but known popularly by colorful or poignant nicknames bestowed by the GIs who fought over them - The Hook, Old Baldy, Pork Chop Hill, and Heartbreak Ridge.
Once the lines had hardened, truce talks opened. The negotiations were first held in the city of Kaesong, behind communist lines. This was unsatisfactory to the UN side, so the meetings were moved to Panmunjom, an obscure village in "no-man's land."
The war ended in August 1953, after more than three years of combat, with the signing of a truce agreement and the exchange of prisoners.
During the war and in postwar investigations, there were many charges that U.S. intelligence had failed in the Korean War, not once, but twice. Critics charged that American intelligence organizations had failed to give warnings of the initial North Korean attack in June 1950 and failed again when the Chinese entered the war in October 1950.
Background To U.S. Cryptology
In the late 1920s and early 1930s, the U.S. Army and Navy for the first time established and operated permanent codemaking and codebreaking units. The cryptanalytic units expanded at the outbreak of World War II, and the enhanced activity paid off in plentiful and high-quality information on the Germans and Japanese - their location, armament, and intentions. Working in close cooperation with Great Britain, U.S. military and civilian decision-makers got accustomed to detailed inside information about their enemies (and a few neutrals).
Allied exploitation of the German Enigma machine and other high-level German and Japanese cryptographic systems is well known. Less known but also invaluable to the war effort was U.S. and British exploitation of front-line systems to provide a wealth of tactical information on their enemies' activities.
These decision-makers expected the same inside information after the war, but encountered difficulties creating productive and cost-effective organizations. The postwar period was characterized by contradictory problems - escalating requirements for accurate information, rapid demobilization of skilled personnel, severe budget cuts, the need for expensive processing machines, and a new adversary.
In the period prior to the Korean War, U.S. communications intelligence underwent major structural and doctrinal changes. The Army Security Agency (ASA) had shared the national COMINT mission with the Navy's Communications Supplementary Activity (COMMSUPACT) - which became the Naval Security Group in June 1950. During and after World War II, a portion of Army COMINT assets was dedicated to support of the U.S. Army Air Corps, and, when the independent Air Force was created in 1947, these cryptologic assets were resubordinated to the new organization as the Air Force Security Service (AFSS).
Many officials favored centralization of cryptologic activities, and in 1949 the Department of Defense created the Armed Forces Security Agency (AFSA) as a national organization. AFSA, just by its existence, forced the Army and Navy to redefine the organization and roles of their cryptologic services. The cryptologic agencies of all three services began structuring themselves to provide direct COMINT support for American fighting forces.
It was furthermore intended that AFSA eliminate duplication of effort among the Service Agencies and get an economy of scale in research and purchasing. As it turned out, however, AFSA did not have sufficient legal authority to provide central direction to cryptologic work.
Because there had been no advance budgeting for AFSA in 1949, its financial needs were met initially by reductions in the cryptologic budgets of the armed services. Proposals for increases to AFSA's budget or personnel allocations were not approved.
In those lean budget times, even general requirements for support met with disfavor. In April 1949, the U.S. Communications Intelligence Board (USCIB) requested $22 million in funds, including 1,410 additional civilian employees, to expand the COMINT effort. The secretary of defense returned the proposal for additional study. In June, the USCIB, noting that intercept and processing resources were already overburdened even as the military required more support, requested an interim supplement of $11.6 million, which would include 705 additional civilian employees; this was endorsed by the Joint Chiefs of Staff. The proposal, however, was disapproved by the secretary of defense because of budget limitations.
This situation changed with the coming of war. Within a month of the North Korean invasion, the Joint Chiefs of Staff approved the transfer of 244 officers and 464 enlisted men to AFSA. They also recommended a large increase in civilian positions. In August, the Department of Defense comptroller authorized an increase of 1,253 additional civilian COMINT positions.
Given the administration's belief that the conflict in Korea was merely a part of what could soon be a wider war, only a portion of the increase would go to direct support of the conflict in Korea. But the increase would allow significant expansion of the effort to support the war.
Cryptology in the Korean War
The Monthly Intelligence Requirements issued by the U.S. Communications Intelligence Board reflected the generally low level of government interest in information on Korea. The country was, after all, outside the U.S. defense perimeter in the Pacific region.
USCIB maintained two requirements lists. The first consisted of subjects of "greatest concern to U.S. policy or security," such as "Soviet intentions to launch an armed attack." On the second list were items of "high importance"; for the month prior to the war, Japan and Korea were item number 15 on the second list, but this did not focus on Korea itself. The specific requirements were "Soviet activities in North Korea," "North Korean-Chinese Communist Relations," and "North Korean-South Korean relations, including activities of armed units in border areas."
Intercept facilities in the Pacific region were relatively few. All were directed toward higher priority targets, primarily Chinese Communist activities, but also including the Philippine Huk rebellion. Only by diverting collection from existing ones could they cover other intercept targets. Customers often gave no specific guidance to AFSA about target priorities, and, left to its own devices, AFSA sensibly concentrated on those of obvious great importance, primarily the USSR and the PRC.
AFSA directed an expanded effort against the People's Republic of China in early 1950. This included increased intercept and cryptanalytic study.
ASA in the post-World War II period had broken messages used by the Soviet armed forces, police and industry, and was building a remarkably complete picture of the Soviet national security posture. It was a situation that compared favorably to the successes of World War II. Then, during 1948, in rapid succession, every one of these cipher systems went dark. Although the loss of these systems occurred over several months (and none happened at the end of a week), U.S. cryptanalysts tended to lump the disasters together under the dire designation "Black Friday."
Soviet intelligence had had an agent inside AFSA who had revealed the extent of U.S. penetration of Soviet cipher systems. This was William Weisband, who had been recruited by the KGB in 1934. During and after World War II, Weisband was involved in the U.S. COMINT efforts, working (as a native speaker of Russian) in the Russian section in ASA and, later, AFSA. Although in 1950 the FBI uncovered information alleging espionage activities by Weisband in the early 1940s, he was never charged with espionage - Weisband lost his job with AFSA and served a year in prison for contempt of a grand jury.2
The U.S. cryptologic agencies took steps to recover, but this dreary situation continued up to the Korean War, denying American policymakers access to vital decrypts in this critical period. This was perhaps the most significant intelligence loss in U.S. history.
Some North Korean communications were intercepted between May 1949 and April 1950 because the operators were using Soviet communications procedures. Coverage was dropped once analysts confirmed the non-Soviet origin of the material. These messages, it should be noted, were not positively identified as originating from the DPRK until after the war began and there was a basis for comparison with confirmed Korean traffic.
In April 1950, ASA undertook a limited "search and development" study of DPRK traffic. Two positions were assigned intercept of internal North Korean communications, and approximately 200 messages were on hand at the time the war began, although none had been processed.
COMMSUPACT monitored communications from some North Korean naval bases in the period before 1950, but only because these were occupied by the Soviet navy.
As it happened, prior to 1950 there were two COMINT hints of more than usual interest in the Korean peninsula by communist bloc nations, but neither was sufficient to provide specific warning of a June invasion. In the spring of 1950, a Soviet network in the Vladivostok area greatly increased its targeting of communications in South Korea. Soviet targeting of South Korea was quite low until early February, then rose dramatically after the 21st. This coverage continued at a very high level until 15 May, when it ceased altogether.
In the second case, as revealed in COMINT, large shipments of bandages and medicines went from the USSR to North Korea and Manchuria, starting in February 1950.
These two actions made sense only in hindsight, after the invasion of South Korea occurred in June 1950.
COMINT, supported by information from other open and secret sources, showed a number of other military-related activities, such as VIP visits and communications changes, in the Soviet Far East and in the PRC, but none was suspicious in itself. Even when consolidated by AFSA in early 1951, these activities as a whole did not provide clear evidence that a significant event was imminent, much less a North Korean invasion of the South.
In 1952, when personnel levels and a more static war allowed some retrospective analysis, AFSA reviewed unprocessed intercept from the June 1950 period. Analysts could not find any message which would have given advance warning of the North Korean invasion. One of the earliest, if not the earliest, messages relating to the war, dated 27 June but not translated until October, referred to division level movement by North Korean forces.
The Initial Responses
The outbreak of the Korean War spurred significant increases in funding and personnel for the U.S. national security establishment as a whole. The cryptologic agencies were no exception.
In June 1950, prior to the beginning of the war, AFSA had had the equivalent of two persons working North Korean analysis, two half-time cryptanalysts and one linguist. By November 1950, AFSA had 36 people on the problem, 49 by early 1951, and 87 people by March 1953. Prior to the Korean War, AFSA employed 83 analysts against the PRC; by November 1950, the number was 131, and by February 1951 it was 156, plus additional part-time assistance.
AFSA's chief of the Office of Operations, Captain Redfield Mason, USN, put the processing units for Korean materials on a twenty-four-hour basis. He also enhanced other operational areas that might produce information to support the war.
All available intercept positions in Japan were redirected to Korean collection. Some Navy intercept operators in Japan worked with ASA Far East on Korean collection. Even the 50th Signal Service Detachment, whose mission was to monitor U.S. forces to ensure communications security, was diverted to wartime support.
A small advance ASA unit arrived in Korea in mid-September 1950 and was assigned to combat support. The 60th Signal Service Company, based in Fort Lewis, Washington, considered the best prepared of the existing tactical ASA units in the Far Eastern Command, was dispatched to the war zone. It did not arrive, however, until early October, three months after hostilities had commenced.
Initial COMINT product was the result of plain text intercepts and traffic analysis. In fact, at many points in the conflict, traffic analysis, that is, the examination of message externals, often constituted the only form of COMINT for Americans. Because of problems with mountainous terrain, there was no steady or reliable information from direction finding (D/F), which had been an important source of intelligence in World War II.
COMINT production was hampered by supply shortages, outmoded gear, a lack of linguists, difficulties in determining good intercept sites, and equipment ill-suited to frequent movement over rough terrain. Until late in the war, most ASA trucks and radio receivers were of World War II vintage. The U.S. military fought much of the Korean War with equipment from the last big one; it is not surprising that intelligence organizations also would have to make do.
In the earliest period, the intelligence produced was not appreciated by Eighth Army officers. COMINT produced by AFSA or ASA was subject to restrictions on distribution which prevented full exploitation of the information. Officers preferred COMINT produced locally by Korean units which they took into service (see below). The distribution problems were slowly rectified.
COMINT units moved in support of the fighting forces. The First Communications Reconnaissance Company, which had arrived in Korea in October 1950, advanced into North Korea with the Eighth Army. It became one of the last American units out of Pyongyang during the Chinese counteroffensive. It eventually established a location for itself in Seoul in early 1951.
The Air Force Security Service (AFSS) also responded rapidly to the crisis in Korea. The AFSS had only been in existence less than two years, and had concentrated primarily on organizational and doctrinal development; its field activities were minimal. It had two mobile squadrons; the one in the Far East concentrated almost exclusively on targets in the USSR and was configured to provide early warning of hostile activity rather than provide tactical support in time of war.
AFSS instructions to its headquarters in Japan on 25 June were to devote two intercept positions to the air activity in the conflict in Korea and increase reporting. On 27 June, AFSS instructed its field office to "go into a full war alert status," with special attention paid to Soviet actions, particularly any Soviet movement against Japan.
As soon as war broke out in Korea, AFSS headquarters in Japan dispatched a team to recruit trusted South Koreans and establish a forward support unit in Korea. They found that U.S. Air Force personnel in Seoul had already appropriated the services of a South Korean COMINT unit (see below), the unit was already productive, and there was nothing for the team to do. The crew returned to Japan.
During the Korean War, the Naval Security Group primarily monitored the activities of Soviet forces in the Far East. Since the Soviets intervened in the war with air support, there remained the possibility they might deploy ground or naval forces, or take advantage of U.S. preoccupation to seek advantage elsewhere in Asia. The possibility of Soviet intervention seemed great in the first days of the war, when elements of the South Korean Navy fired upon a Soviet auxiliary vessel from Vladivostok.
Navy intercept also monitored Soviet reactions to U.S. ferret flights in the North Korean region. This information was passed to U.S. Air Force units.
The Marines who fought in the Pusan Perimeter, landed at Inch'on, and advanced deeply into northeast Korea did not have their own tactical COMINT support. Although senior commanders likely had access to COMINT available at higher headquarters, it appears, pending further research, that COMINT did not filter down to the Marines who moved northward.
The Marine Corps had deployed tactical COMINT units for combat intercept late in the Pacific campaigns of World War II, but these were demobilized or "downsized" after the war. A Marine Radio Company, trained for COMINT support in wartime, was in existence at Camp Pendleton in 1950, but was not deployed to Korea because it lacked equipment and was not considered combat ready.
The Korean campaigns led to improvements in the 1950s. A USMC study of its Korean War experience recommended enhancement of the Corps' tactical COMINT capabilities. This was done in the years following the war.
The Language Problem
At the time the war began, only two Korean linguists were available to the Army Security Agency, Youn P. Kim and Richard Chun, both assigned to the Army Language School in Monterey, California. Y.P. Kim was from California, the son of Korean immigrants, while "Dick" Chun had grown up in Hawaii. Both had served in World War II and had been hired by ASA initially because of their Japanese language abilities.
Neither possessed a security clearance in June 1950. Y.P. had served as a cryptanalyst and translator for the Army at Arlington Hall prior to 1945, but had relinquished his clearance when assigned to occupation duty in Japan in the late 1940s. Dick Chun, as a transportation sergeant in the Hawaiian National Guard - with service in Italy and the South Pacific - had never had a security clearance and, in fact, knew nothing about communications intelligence.
Dick Chun was sent to ASAPAC, first in Japan, then on to the Korean Peninsula. He tipped ASAPAC off to Lieutenant Y.P. Kim, who was the more experienced linguist, so when Y.P. arrived in Tokyo, expecting to join General Dean's headquarters, he was diverted instead to ASA. (This was personally fortunate: the North Koreans mauled General Dean's forces, and the general himself was taken prisoner).
AFSA began a vigorous training program in the Korean language. A few linguists, stimulated by the emergency, taught themselves the language.
At the beginning of the war, not only linguists were in short supply, so were Korean-language dictionaries. For that matter, no dictionaries had listings of North Korean military terms - few linguists knew them, either. Working aids were developed over time by contextual analysis and by comparison with Japanese and Chinese cognate words.
One solution to the problem for U.S. forces was to attach South Korean COMINT units which had lost their parent organizations during the disorganization in the early period of the war. The U.S. Army sponsored an ROK Navy unit, known from its leader's name as the Kim Unit. The U.S. Air Force Security Service sponsored a similar unit from the ROK Air Force, known also from its leader, the Cho Unit.
The Kim and Cho Units worked to support the U.S. military for the duration of the war; they were given rations and military supplies in exchange for intercept and translation work. The Americans at first drew on these units as language resources, but soon were impressed with their discipline in collection and often were pleasantly surprised by their cryptologic capabilities.
It was not until mid-1951, a year after the outbreak of war, that larger numbers of Korean linguists arrived from the Army Language School. The problem of linguists, however, was never adequately solved.
The Pusan Perimeter
Although UN forces equaled or outnumbered the North Koreans by July 1950, American and South Korean troops were spread thinly over a wide defensive perimeter. Since the KPA could choose the place and time of its attacks, initially it could put local superiority of force into any battle. More than once the North Koreans came close to breaking through American lines.
At this crucial stage, COMINT identified North Korean airfields, including timely information on their construction and the disposition of aircraft, located distribution centers for artillery ammunition, and reported the status of the North Korean supply system. COMINT often gave General Walton Walker adequate warning of KPA movements, allowing the Eighth Army Commander to move his own troops to meet threats.
As UN forces pressed the KPA northward, COMINT followed the progressive collapse of Army and other networks and the relocation of many air operations. By late October, air force and coastal defense network activity had been reduced to "callups." Police networks handled almost all the rest of DPRK government and military communications. It appeared from COMINT that Supreme Headquarters had moved to Sinuiju, near the Manchurian border.
The Chinese Enter the War
ASA and then AFSA had worked the Chinese Communist "problem" since 1945, but, prior to the intervention of the People's Liberation Army in the Korean War, the effort was largely confined to traffic analysis. With lives at stake, the need to provide new kinds of tactical and strategic information, and provide it faster, led to greatly enhanced effort.
The cryptologic services had begun enhancing coverage of mainland Chinese targets following the establishment of the PRC in October 1949. In March 1950, USCIB authorized an increase in collection and processing against PRC communications, but it required nearly two years to develop effective processing of PRC military messages.
Although it took time to develop capabilities against the People's Liberation Army (PLA), one area of exploitation was available. In the postwar period, a team of Chinese linguists and analysts at AFSA, under the leadership of Mr. Milton Zaslow, exploited Chinese civil communications, i.e., general traffic which included personal cables as well as unencrypted official messages. This effort was to assume unexpected importance as the possibility of Chinese entry into the war loomed.
Based on translation and analysis of Chinese civil communications, in July 1950 AFSA reported that elements of the Chinese Fourth Field Army had moved from Central China to Manchuria in April and May. In early September, AFSA, again basing its reporting on Chinese civil communications, stated that the PRC had continued to deploy major military units from southern or central China to Manchuria. Throughout September and October AFSA noted continued movement of these and additional forces toward the Sino-Korean border areas.
A message datelined Shanghai in mid-July identified General Lin Piao as the commander of PLA forces which would intervene in Korea. Messages of late September 1950 told how Chou En-lai, the PRC foreign minister, had warned diplomats from neutral nations that the PLA would intervene in Korea if UN forces crossed the 38th parallel, the original dividing line between the two countries. In a radiotelephone call, an East European reported from Beijing in early November that orders had been issued allowing every Chinese soldier to volunteer to fight in Korea, saying, "we are already at war here."
It has long been known that military and intelligence officials, in possession of considerable warning from non-COMINT sources (usually referred to by COMINT-cleared readers as "collateral"), decided either that the PRC was bluffing or that it did not matter, because the time when Chinese intervention could be effective had passed. The reactions of U.S. leaders in Washington, Tokyo, and Seoul to the COMINT indications of PRC intervention are not known at this writing, and deserve closer study.
The PLA forces in North Korea attacked UN units on 25 October, then unaccountably broke off contact for a month, despite large concentrations of Chinese troops in North Korea and along the border. Many believe that the initial attack was a warning to UN forces to pull back. COMINT does not shed light on this question.
However, COMINT in the month between the first Chinese attacks and their all-out offensives which began in late November showed additional movement of Chinese troops toward Manchuria. Messages in November continued to show Beijing in a state of emergency.
Messages from PRC civil communications of early to mid-November disclosed an order for 30,000 maps of Korea to be sent from Shanghai to the forces in Manchuria. Officials in the U.S. Army's Military Intelligence calculated that many maps would supply thirty divisions. In late November, the PLA attacked U.S. and allied forces with thirty divisions.
COMINT reports of early July 1950 noted that the Soviet air forces had established a communication net in China to serve military and civilian aircraft at airfields in Korea and Manchuria. After March 1951, intercept showed Soviet control of fighter activity in the northernmost regions of Korea, as communist aircraft challenged UN air operations.
While in Pyongyang, General Walton Walker visited an ASA Company (where First Lieutenant Dick Chun mistook him in the dark for another lieutenant - Walker made light of the error). As Chun remembered, Walker was intrigued to read raw intercept; he requested that it be sent to him instead of the summaries he had been receiving.
The 60th ASA, which was accustomed to operating out of trucks, mobilized its vehicles and departed Pyongyang ahead of the Chinese. One team was sent ahead to Seoul to begin operations before the other departed, so there would be no break in coverage. The second team spent three days in the winter weather retreating southward to the capital city, then further south as the Chinese pushed U.S./UN forces back.
Traffic analysis enabled U.S. analysts to follow the reestablishment of North Korea's armed forces, first as they centralized at Pyongyang, then as headquarters moved elsewhere. By early January, U.S. analysts believed the North Korean Air force had achieved operational levels comparable to those in existence before it evacuated Pyongyang in October 1950.
UN forces recovered from the Chinese drive and by spring 1951 had reestablished a defensible line in the waist of the Korean peninsula. The line of battle remained there for the rest of the war.
As the line stabilized in mid-1951, and COMINT support became more institutionalized, ASA headquarters was established in the western suburbs of Seoul on the campus of Ewha College, the largest women's school in Asia.3 The college was selected because it was on the periphery of the capital, had Western-style buildings, and had suffered comparatively little damage in the liberation of Seoul. Other COMINT activities were conducted in the neighboring Choson Christian College (now Yonsei University).
Advance warning of impending attacks often was derived through analysis of communications associated with PLA artillery preparations. Much of the initial reconstruction of the PLA's order of battle (OB) came from traffic analysis. In May 1952, intercept of a plaintext message allowed ASA analysts to reconstruct an almost complete PLA OB.
In one instance, COMINT answered an important OB question. Senior commanders of the Eighth Army wanted to confirm reports that the Chinese 40th Army, composed largely of combat veterans, had crossed into Korea during the winter of 1951. The presence and location of the PLA unit were confirmed by a North Korean message reporting that farmers had complained about soldiers from the 40th Army stealing their rice! It is believed that this message was couriered immediately to the Eighth Army commander, General Matthew Ridgway.
The entrance of the Chinese armies in Korea renewed the language problem for the COMINT units. Neither ASA nor AFSS had enough Chinese linguists. AFSS began training airmen in Chinese through a program at Yale University.
It might seem that the large Chinese population of the United States would be a natural source of linguists for ASA, but this did not work out as hoped. One particular problem was the difference in dialect between PLA radio operators and American-born Chinese. Some help in intercept and translation was obtained by hiring a limited number of Chinese Nationalists from Taiwan as Department of the Army civilians. Some special training was needed here, also, due to differences in military vocabulary between the Communists and the Nationalists.
The new war in Korea in 1951 was actually a Sino-Soviet intervention. Soviet pilots fought in the skies over North Korea, although no Soviet infantry were committed to the conflict. This created the need for Russian linguists with the ability to intercept tactical communications. These individuals also were in short supply in AFSA and AFSS in 1951.
Once the battle line stabilized, U.S. forces instituted a rotation policy under which soldiers earned "points" for service at variable rates according to their job and proximity to combat. This rotation policy included ASA personnel and created a constant need to find replacements and conduct training for linguists as well as other specialties.
Despite the problems, COMINT production continued and was appreciated. In encouraging measures to enhance linguistic support, the Far Eastern Command told AFSA, "Korean COMINT remains outstanding intel [sic] source here for MacArthur and Ridgway."
As the war settled into relatively static front lines and truce talks began, both KPA troops and the People's Liberation Army improved their communications security procedures. This resulted in a significant decrease in the quantity and quality of information available to UN commanders, although the flow never ceased entirely.
COMINT supported the UN Command when truce negotiations began in July 1951. For example, intercepts helped identify North Korean personalities who were participating in the initial talks in the city of Kaesong. The support from these communications included summaries of meetings and communist propaganda statements.
Some reports concerned the frontline situation and routine administrative matters. Typical was a message to General Nam Il on defensive activities by UN forces.
On the other side of the world from the combat zone in Korea, COMINT assisted the war effort by exposing Soviet spies in key positions. In Washington and London, Donald Maclean and Guy Burgess, British diplomats, and some colleagues were able to provide the Soviets with detailed information from the highest levels about U.S. atomic bomb stockpiles, U.S. and British policy prior to the Korean War, war plans, and - perhaps most important of all - the restrictions on U.S. commanders in Asia which prevented them from carrying the war to Soviet or Chinese territory.
Maclean was exposed when cryptanalysts working on the VENONA project recovered and translated enough messages about his work to identify him. Harold "Kim" Philby, a co-conspirator with access to VENONA, warned him and Burgess; the two then fled to the USSR.
Despite the failure to arrest the conspirators, the leak of vital policy and intelligence secrets was stanched.4
The decline in more traditional methods of COMINT production forced the services into trying new ideas, or, in one case, reverting to an older one.
In late 1951, in conditions reminiscent of France in 1917, ASA personnel inadvertently rediscovered an intercept technique used extensively in World War I.5 UN forces in Korea commonly planted sound detecting devices forward of their bunkers to give warning of approaching enemy troops; it was found that these devices also picked up telephone calls. This "ground-return intercept," using the principle of induction, enabled collection of some Chinese and Korean telephone traffic.
The bad news was this intercept had to be conducted much closer to enemy positions than normal intercept, sometimes as close as thirty-five yards. This risk was assessed carefully and accepted.
Ground-return intercept (GRI) gave UN forces access to information on Chinese or North Korean patrols, casualty reports, supply problems, and evaluations of UN artillery strikes.
One colonel who participated in the GRI program was heard to remark that the information was so well appreciated by his soldiers that he had little trouble getting volunteers to go out at night and implant the equipment to make intercept possible.
A second innovation in COMINT production became one of the foremost producers of tactical intelligence for the U.S. military. This was low-level intercept (LLI).
Low-level teams initially consisted of an officer, driver, and one to three operators/translators working out of a jeep; over time the number of operators increased. Although the mobile operations were productive, the jeeps were considered too vulnerable, and operations were "dug in" in bunkers near the main line of resistance, as it was then called. The product was disseminated directly to combat units, usually at regimental level.
The first attempt at front-line LLI in July 1951 proved only partially successful, but, after some changes in equipment, the program began in earnest in August. Seven LLI teams were fielded by November 1951. By the following May, ten LLI teams were in operation, with planning for more. The success of the program is attested by the fact that by October 1952, fifteen LLI teams were at work, and by the end of the war, twenty-two LLI teams were active.
It was estimated that the tactical value of LLI product lasted from twenty minutes to three days at best - but, however perishable, it paid off. In early September, units in the U.S. 1st Cavalry Division area successfully repelled a heavy attack by the PLA. One important element in this victory was the advance warning given by the 1st Cav's LLI team.
Because the LLI teams dealt in perishable and current intelligence, not much long-term analysis was done - or possible. It thus became difficult to keep continuity on opposing units. These problems were eased somewhat with the creation of an LLI "control section" at ASA headquarters in Seoul in late 1951. This section collated reports from the field and service as a reference source on language problems and OB questions.
Air Force Support
The Air Force Security Service continued support to the air during the period of stalemate. The AFSS also adopted a number of innovations to provide new kinds of support for the air war.
A good example of AFSS support occurred in June 1951. Analysts at an Air Force intercept site were able to accurately predict a North Korean bombing raid on UN-held islands. This intelligence enabled the commanding general of the U.S. 5th Air Force to ensure that the raid was met with ample defense. One YAK and two IL-10 bombers were downed, several others were damaged, and two MiG fighters were also damaged. It is believed that the commander of the 5th Air Force may have been aware of the impending raid before the commander of the North Korean attacking unit had received his orders.
In late April 1951, AFSS personnel intercepted messages that indicated aircraft of the 4th Fighter Squadron were being boxed by Soviet aircraft. The quick relay of this information to the flight enabled it to avoid the trap. This kind of warning continued through the war.
Soviet Bloc Air defense doctrine called for control of local fighter pilots by their tower. These ground control intercept (GCI) communications were vulnerable to eavesdroppers.
At various periods during the air campaign, COMINT units from the AFSS were intercepting North Korean, Chinese, or Soviet instructions to their pilots. These were disguised as "radar plots" and forwarded in near-real time to U.S. pilots operating over North Korean territory. When this source was exploited, the U.S. "kill ratio" over MiGs was quite high; during periods of nonexploitation, the ratio was much lower.
Monitoring of North Korean, Chinese, and Soviet air communications was done from listening posts in South Korea, but there were hearability problems for certain areas at different times of the day. To solve these problems, in mid-1951 the AFSS established an intercept site on Paengyong-do - commonly known as "P-Y-do" by Americans - a UN-held island close to the west coast of North Korea. Since this was close to enemy territory, the security regulations had to be relaxed, and 5th Air Force had to provide special evacuation service. Eventually the Americans abandoned their effort on the island.
Once this activity on P-Y-do proved successful, in the spring of 1952 a similar operation was undertaken on Cho-do, a UN-held island off the east coast of Korea, near Wonson. Lieutenant Delmar Lang organized teams of linguists and personnel from the Tactical Air Control Center to provide near-real-time information to pilots operating over North Korea. Del Lang, by the way, used this operation as a model for similar activity during the Vietnam War.
Security Service also conducted airborne collection operations. In addition to support of the war effort, these flights were useful in testing intercept equipment and general concepts of operations.
Hill 395 was located at a strategic point in central Korea, and its loss would have endangered other UN positions in that region. In October 1952, the Chinese attacked the hill, which was defended largely by ROK Army units, with U.S. artillery and air support and French infantry. A standard history of the Korean War notes that "pre-battle preparation, made possible by effective intelligence, added to well-trained troops, skillfully employed, and backed by coordinated air, armor, and artillery support, demonstrated what might be accomplished on defense."6
The standard history could not say how good the intelligence really was.
Warning of the battle came first from an intercepted Chinese message, prompting ASA to establish a field intercept site for tactical COMINT during the battle. Prior to the battle, this site identified the Chinese units assembled for the attack, then accurately predicted the date and time of the first wave. Low-level intercept kept the UN forces informed of the location of Chinese units during the battle, and artillery fire was targeted on the basis of COMINT.
Hill 395 changed hands several times, but, at the end, the ROK Army 9th Division held it. According to ROKA legend, the victors thought that war's devastation had reshaped the hill to look like a White Horse, and Hill 395 acquired the nickname by which it is best known.
In March 1953, intercept revealed Chinese planning for offensives at Old Baldy and Pork Chop Hill, two UN-held positions in central Korea. COMINT revealed troop movements and buildups several days prior to the attack. On "D-Day" itself, a low-level intercept gave the defenders warning that the attack would commence in five minutes. During the battle, intercept continued to provide information for U.S. decision-makers.
Similar warnings and battle COMINT were received concerning the all-out attack on Pork Chop Hill in July 1953.
COMINT provided warning of the final Chinese Communist Forces offensive of the war, at Kumsong, directed primarily against ROK positions.
The Transition to NSA
AFSA's role in the Korean War was severalfold. It first did sophisticated processing not available in the field, conducted long-term studies, and provided technical assistance. AFSA also coordinated official tasking with the services to eliminate duplication of effort in collection and analysis. Finally, AFSA worked with the services to standardize cryptologic terminology and reporting vehicles.
The central cryptologic organization had been established in May 1949, just a year before the Korean War began. AFSA's rapid response to wartime needs showed the professionalism of its people and its commitment to the war effort. However, it should be remembered that at the outbreak of war in Korea, AFSA was still in the process of sorting out its relationship with the Service Cryptologic Agencies. It is not surprising the relationship was somewhat uneasy and had some duplication of effort or other inefficiencies.
Despite excellent COMINT support to combat units, senior commanders, particularly those who had enjoyed access to COMINT in World War II, were dissatisfied. AFSA, which was supposed to be setting and maintaining standards of performance, came in for much of the blame. General James Van Fleet, commander of the U.S. Eighth Army, one of the principal ground units in the war, put it in writing:
It has become apparent, that during the between-wars interim we have lost, through neglect, disinterest and possibly jealousy, much of the effectiveness in intelligence work that we acquired so painfully in World War II. Today, our intelligence operations in Korea have not yet approached the standards that we reached in the final year of the last war.
Much of this dissatisfaction centered on AFSA. At the same time, the senior officials of the State Department and the Central Intelligence Agency also felt AFSA was less responsive to their needs than it should have been.
Dissatisfaction over AFSA's performance in the Korean War was not the only reason for the decision to reorganize American cryptology, but it clearly constituted one of the major factors.
Based on the perceived problems, President Truman created a committee, headed by New York lawyer George Brownell, to study the question of proper COMINT organization. The Brownell Committee Report, submitted in June 1952, noted that
AFSA is dependent on the services for all of its direct interception of COMINT … and on Service communications for all of its communications channels. However, none of the three Service units is subject to AFSA control, except for the intercept positions under AFSA's operational direction' by negotiated agreement, and AFSA has no power to compel elimination of duplication of effort between them or to restrain them from engaging in activities that could better be centralized in AFSA itself….7
The Brownell Committee suggested that the creation of AFSA could be seen as a "step backward," and recommended that the power of the director, AFSA, to centralize COMINT be increased.
In October, Harry Truman authorized a reorganization and renaming of AFSA, and in November, the secretary of defense authorized the replacement of AFSA by the National Security Agency.
The Korean War affected the U.S. cryptologic community in profound ways. When the war began, the U.S. government had just established its first central cryptologic organization, the Armed Forces Security Agency. This forced a sweeping reexamination of doctrine by the service agencies, followed by changes to structure and procedures.
Even though five years had passed since the highly successful cryptologic activities of the Second World War, little modernization had occurred in tactical support. In a time of lean budgets, priorities were given to development and deployment of sophisticated machine systems for making ciphers and for breaking them.
In the short term, after June 25, 1950, all four cryptologic agencies had to scramble to provide what the fighting man needed. At the beginning of the war, this was done through the tested methods from the Second World War. As more was needed later in the conflict, military and civilian analysts innovated and discovered new ways to skin old cryptologic cats.
The Air Force Security Service was also a relatively new organization, but set a high standard for support to the effort in its first war.
All the SCAs, plus AFSA, benefited from the presence of a nucleus - in some cases, a large nucleus - of cryptologists who had seen service in World War II. They knew what was expected of them and worked hard to deliver it.
In the long term, all four cryptologic agencies were the beneficiaries of the significant budget increases to all sectors of the national security apparatus which the Korean War engendered. And each of the agencies profited from the experience in this war.
The cryptologic agencies relearned the techniques and skills developed during World War II. They also observed and revised their operational doctrines based on the needs of limited war.
Finally, perhaps a little sooner than officials might have liked, the concept of a centralized cryptologic agency was tested under the direst of conditions. The policymakers were able to observe strong points as well as weaknesses in AFSA and, eventually, create a newer, more effective institution.
As Admiral Joseph Wenger, one of the architects of centralized cryptology, put it,
I firmly believe that had it not been for the invaluable experience we gained under the joint coordinating plan in effect prior to the creation of AFSA and in the operation of the latter agency, we would have had far more trouble in solving the early problems incident to NSA's establishment than was actually the case. At the beginning of NSA's existence, we at least knew, fairly certainly, what had to be done.
As in all of America's wars, however, the story of cryptology is not the story of brilliance in collecting or processing messages, nor even about determining the most effective organization. The purpose of wartime cryptology is to support the nation's objectives and to save American lives. As in World War II, cryptology in Korea accomplished these critical goals, and its contribution to the Korean War still shines and inspires.
1. These and subsequent paragraphs on espionage were written by Robert Louis Benson. For further information on Soviet espionage, see Verne W. Newton, The Cambridge Spies (New York: 1991) or Alan Weinstein, The Haunted Wood (New York: 1999).
VENONA is a coverterm of unknown derivation for the ASA/AFSA project to decrypt Soviet espionage communications. The Soviet communications occurred during World War II and were exploited in the late 1940s and early 1950s. They provided initial clues that allowed U.S. law enforcement authorities to arrest a number of important Soviet spies before and during the Korean War.
2. Robert Louis Benson and Michael Warner, VENONA: Soviet Espionage and the American Response, 1939-1957 (NSA/CIA Publication, 1996).
3. Interestingly, during World War II, both the Army and Navy cryptologic organizations established their headquarters in former girls' schools.
4. Yuri Modin, My Five Cambridge Friends (New York: Farrar Straus Giroux, 1994); Verne W. Newton, The Cambridge Spies (New York, 1991).
5. For the World War I application of this intercept technique, see Ernest H. Hinrichs, Listening In: Intercepting German Communications in World War I (Shippensburg, Pa.: White Mane Books, 1996).
6. Walter G. Hermes, United States Army in the Korean War: Truce Tent and Fighting Front (Washington: Office of the Chief of Military History, U.S. Army, 1966), 307.
7. Report to the Secretary of State and the Secretary of Defense, commonly referred to as the "Brownell Committee Report," Special Research History 123, National Archives and Records Administration, Record Group 457.
AFSA - Armed Forces Security Agency, founded in 1949
AFSS - U.S. Air Force Security Service, the U.S. Air Force COMINT organization
ASA - U.S. Army Security Agency, the U.S. Army COMINT organization
ASAPAC - Army Security Agency Pacific
COMINT - Communications intelligence (now known as SIGINT, i.e., signals intelligence)
COMMSUPACT - Communications Supplementary Activity, the U.S. Navy COMINT organization
DPRK - Democratic People's Republic of Korea
KPA - Korean People's Army
LLI - Low-level intercept
NSA - National Security Agency, successor to AFSA
OB - Order of Battle
PLA - People's Liberation Army
ROK - Republic of Korea
ROKA - Republic of Korea Army
SCA - Service Cryptologic Agency, i.e., ASA, NSG, AFSS
USCIB - U.S. Communications Intelligence Board