Authors: Matthew M. Aid
Decades later, at a Central Intelligence Agency conference on Venona, Meredith Gardner, an intensely private and taciturn
man, did not vent his feelings about Weisband, even though he had done grave damage to Gardner’s work on Venona. But Gardner’s
boss, Frank Rowlett, was not so shy in an interview before his death, calling Weisband “the traitor that got away.”
50
Unfortunately, internecine warfare within the upper echelons of the U.S. intelligence community at the time got in the way
of putting stronger security safeguards into effect— despite the damage that a middle-level employee like Weisband had done
to America’s SIGINT effort. Four years later, a 1952 review found that “very little had been done” to implement the 1948 recommendations
for strengthening security practices within the U.S. cryptologic community.
51
The Creation of the Armed Forces Security Agency
At the same time that the U.S. and British intelligence communities were reeling from Black Friday, several new institutional
actors shoved their way into the battered U.S. cryptologic community. On October 20, 1948, the newly in dependent U.S. Air
Force formally activated its own COMINT collection organization, the U.S. Air Force Security Service (USAFSS).
52
It immediately became responsible for COMINT coverage of the entire Soviet air force and air defense system, including the
strategic bombers of the Soviet Long Range Air Force. But the ability of USAFSS to perform this vital mission was practically
non existent at the time owing to a severe shortage of manpower and equipment, largely because the U.S. Air Force headquarters
staff in Washington was slow to provide the necessary resources that the COMINT organization so desperately needed. As a result,
by the end of 1949, USAFSS was only operating thirty-five COMINT intercept positions in the U.S. and overseas, which was far
short of what was expected of it. By December 1949, the situation was so serious that the chief of USAF Intelligence was forced
to report that USAFSS’s COMINT capability was “presently negligible and will continue to be negligible for an unwarranted
period of time unless immediate steps are taken to change the present low priority on equipment and personnel assigned to
the Air Force Security Services.”
53
Seven months later, on May 20, 1949, Secretary of Defense Louis Johnson issued a Top Secret directive creating the Armed Forces
Security Agency (AFSA), which was given the responsibility for the direction and control of all U.S. communications intelligence
and communications security activities
except
for tactical cryptologic activities, which remained under the control of the army, navy, and air force.
54
AFSA was a fatally flawed organization from its inception. Its funding was grossly inadequate when compared with the significantly
higher level of funding given to the CIA, which had been created two years earlier in 1947.
55
The military services then systematically stripped AFSA of virtually all of the authority that it had originally been granted.
As a result, by the summer of 1950, AFSA found itself powerless and completely dependent on the military for all of its money,
radio intercept facilities, personnel, equipment, communications, and logistical support.
56
Then, taking full advantage of AFSA’s weakened state, the military services got key portions of their COMINT missions exempted
from its authority. With no means of compelling the other services to comply, including no control over the budgets of the
three military SIGINT units, AFSA was forced to humble itself and negotiate on bent-knee agreements with the services that
gave even more power away to them.
57
It is clear now that many of AFSA’s problems can be traced directly to its first director, Rear Admiral Earl Stone, who did
not possess the combative personality desperately needed to force the branches of the military to cooperate in order to make
AFSA work. By the time he left office in July 1951, astanding joke among his subordinates was that Stone’s authority extended
only as far as the front door of his office, and even that was subject to debate.
58
Looking back on Stone’s sad two-year tenure as director of AFSA, one of his senior deputies, Captain Wesley Wright, said that
the decision to give the job to Stone in the first place “was a horrible thing to do.”
59
Jack Gurin’s War
Declassified documents make clear that AFSA’s legion of internal management woes, although serious, were the least of its
problems. From the moment it was born, AFSA inherited, as a declassified NSA history puts it, “a Soviet problem that was in
miserable shape.”
60
AFSA had only one source of intelligence left that offered any insight into what was going on inside the Soviet Union: intercepts
of low-level, unencrypted Soviet administrative radio traffic and commercial tele grams, which were generally referred to
as “plaintext” within the Anglo-American intelligence communities. A declassified NSA historical report notes, “Out of this
devastation, Russian plaintext communications emerged as the principal source of intelligence on our primary Cold War adversary.”
61
Outside of plaintext, the only other source for information on what was going on behind the iron curtain came from Traffic
Analysis, where analysts studied the now-unreadable intercepts to try to derive intelligence from the message “externals.”
Plaintext intercepts had been ignored as an intelligence source since the end of World War II; after Black Friday, everything
changed. Since high-level Russian communications traffic could no longer be read, the previously deprecated Russian plaintext
intercepts being processed in Arlington Hall’s room 1501-B suddenly became of critical importance for U.S. SIGINT. Overnight,
the twenty-seven-year-old chief of the AFSA plaintext unit, Jacob “Jack” Gurin, became a leading figure within the U.S. intelligence
community.
62
Now the world was beating a path to his door.
The Blackout Curtain
In addition to focusing on plain text intercepts, the other principal problem that the newly created AFSA had to confront
was how to revamp itself and at the same time try to repair the damage caused by the Black Friday blackout. The U.S. Communications
Intelligence Board quickly conducted a study, which determined that an additional 160 intercept positions and 650 intercept
operators were needed just to meet minimum coverage requirements. The study also found that “currently allowed personnel are
not sufficient for these and other important tasks.”
63
The question became, how should the scarce COMINT collection resources available be reallocated? In early 1949, the U.S. Army
and Navy COMINT organizations began systematically diverting personnel and equipment resources away from non-Soviet targets
in order to strengthen the Soviet COMINT effort. By the summer of 1949, 71 percent of all American radio intercept personnel
and 60 percent of all COMINT processing personnel were working on the “Soviet problem”—at the expense of coverage of other
countries, including AFSA’s targets in the Far East, most significantly mainland China. Declassified documents show that the
number of AFSA analysts and linguists assigned to Asian problems had declined from 261 to 112 personnel by the end of 1949.
Work on all other nations in the Far East was either abandoned completely or drastically reduced.
64
Also in early 1949, personnel were pulled from unproductive Soviet cryptanalytic projects and put to work instead on translating
and analyzing the ever-mounting volume of Soviet plaintext teletype intercepts, which overnight had become AFSA’s most important
intelligence source. There were dire consequences resulting from the shift to plaintext, however. The reassignment of those
working on Soviet cryptanalytic problems to plaintext processing badly hurt the American cryptanalytic effort to solve Soviet
ciphers and indirectly contributed to the departure of a number of highly talented cryptanalysts. By 1952, there were only
ten to fifteen qualified cryptanalysts left at AFSA, down from forty to fifty at the height of World War II.
65
One Soviet-related cryptanalytic effort after another ground to a halt for lack of attention or resources. For instance, the
Anglo-American COMINT organizations largely gave up on their efforts to solve encrypted Soviet diplomatic and military attaché
traffic. These cipher systems, almost all of which were encrypted with unbreakable one-time pad ciphers, had defied the best
efforts of the American and British cryptanalysts since 1945. As of August 1948, the principal Soviet diplomatic cipher systems
had not been solved, and available information indicates that they never were.
66
The ciphers used on the Ministry of State Security (MGB) high-level internal security communications networks also consistently
stymied the American and British cryptanalysts.
67
With their access to Soviet high-level cipher systems irretrievably lost, SIGINT production on the USSR fell precipitously,
and notable successes became few and far between. But it was during this bleak period that the most important retrospective
breaks into the Venona ciphers were made. Between December 1948 and June 1950, Meredith Gardner decrypted portions of dozens
of Soviet intelligence messages, which helped the Federal Bureau of Investigation identify Judith Coplon, Klaus Fuchs, Donald
MacLean, David Green-glass, Julius Rosenberg, and the physicist Theodore Alvin Hall, among others, as having spied for the
Soviet Union during World War II.
68
However, Venona, as noted earlier, sadly turned out to be an intelligence asset that could not be used. While it is certainly
true that the Venona decrypts allowed the FBI and its counterparts in En gland and Australia to identify a large number of
Soviet spies during the late 1940s and the 1950s, they did not produce many criminal indictments and convictions. Declassified
FBI documents show that only 15 of the 206 Soviet agents identified in the Venona decrypts were ever prosecuted, in large
part because the secrecy of these decrypts prevented them from being used in an American court of law.
69
As a result, most of the “big fish” who spied for the Russians got away. For example, although her complicity in spying for
the Soviet Union was proved by Venona decrypts, all of Coplon’s criminal convictions were overturned on appeal because of
mistakes made by the FBI and also because the SIGINT materials could not be used in court. Forty individuals identified in
Venona as having spied for Russia fled before they could be prosecuted, including MacLean, Guy Burgess, and Kim Philby. But
most of the agents who spied for Russia were never indicted because it might have revealed U.S. success in breaking Russian
codes. For example, when in 1956 the FBI proposed prosecuting former White House aide Lauchlin Currie for espionage based
on information developed from Venona, NSA’s director, Lieutenant General Ralph Canine, strongly objected, telling the Justice
Department that anything that might reveal NSA’s success in breaking Russian codes would be “highly inadvisable.”
70
For the same reason, even the man whose treachery probably led to the Black Friday disaster, William Weisband, could be convicted
only of contempt of court in 1950 for refusing to testify before a federal grand jury after the director of AFSA, Rear Admiral
Earl Stone, refused to sanction a criminal indictment for espionage. Weisband worked for the rest of his life as an insurance
salesman in northern Virginia and died of a heart attack in May 1967 at the age of fifty-nine.
71
The State of American COMINT in June 1950
As of June 1950, AFSA and the three military cryptologic organizations were in a lamentable state. They were short of money,
personnel, and equipment. Neither AFSA nor Britain’s GCHQ were reading any Soviet or Chinese high-level code or cipher systems.
72
AFSA was deriving intelligence from low-level plaintext intercepts, and even that effort was not doing very well. As a result,
high-quality intelligence about what was going on inside the USSR was minimal. A CIA history reveals that COMINT was only
producing high-quality intelligence about Soviet foreign trade, internal consumer goods policies, gold production, petroleum
shipments, shipbuilding activities, military and civilian aircraft production, and civil defense.
73
Not surprisingly, intelligence consumers were concerned that AFSA was not carrying out its mission, and a consensus began
to emerge within the U.S. intelligence community that radical changes were probably needed in order to get it back on track.
74
But perhaps the most prescient judgment on the state of American COMINT in 1950 comes from an NSA historian, who writes, “American
cryptology was really just a hollow shell of its former self by 1950 . . . With slim budgets, lack of people, and lack of
legal authorities, [AFSA] appeared set up for failure should a conflict break out.”
75
And that is exactly what happened on June 25, 1950, in a country that Secretary of State Dean Acheson in a colossal gaffe
had neglected to include in the U.S. “Asian defense perimeter”— Korea.
76
The Storm Breaks
SIGINT and the Korean War: 1950–1951
The hammer shatters glass, but forges steel.
—RUSSIAN PROVERB
The Shattered Frontier
At four A.M. on the morning of Sunday, June 25, 1950, over seven hundred Russian-made artillery pieces and mortars of the
North Korean army opened fire on the defensive positions of the South Korean army deployed along the 38th parallel, which
since the end of World War II had served as the demarcation line between communist North Korea and the fledgling democracy
of South Korea. The impact of thousands of artillery shells landing in just thirty minutes shattered the morale of the green
Republic of Korea (ROK) forces. Two hours later, over one hundred thousand combat-tested North Korean troops backed by more
than 180 Russian-made T-34 medium tanks and self-propelled artillery guns surged across the 38th parallel. Within a matter
of hours, the North Koreans had routed all but a few of the undermanned and poorly equipped South Korean army units along
the border. The Korean War had begun.
1
Why hadn’t AFSA or any of the three service cryptologic agencies provided advance warning? The answer revealed by newly declassified
documents is that there had been no COMINT coverage whatsoever of North Korea prior to the invasion. An NSA historical monograph
admits that “the North Korean target was ignored.”
2
The reason was that virtually all of AFSA’s meager collection resources were focused on its customers’ primary target, the
Soviet Union. Virtually all other target countries were being ignored or given short shrift by AFSA. The result, according
to Colonel Morton Rubin, a former Army G-2 official, was that: “North Korea got lost in the shuffle and nobody told us that
they were interested in what was going on north of the 38th parallel.”
3
This meant AFSA’s capabilities against North Korea were nonexistent. Nobody at AFSA was working on North Korean codes and
ciphers. The AFSA Korean Section existed only on paper; the two civilians on its nominal staff were actually assigned to the
Chinese Section and tasked with working on the codes and ciphers of both North and South Korea only in their limited spare
time. Neither one had any degree of expertise on the North Korean military. In addition, the AFSA Korean Section possessed
no Korean dictionaries or Korean-language reference books; no North Korean traffic analytic aids; no Korean-language typewriters,
necessary for transcribing intercepts; and virtually no knowledge of North Korean military terminology and radio working procedures
because there had not been any serious intercept coverage of North Korea since 1946.
4
The Thirty-Day Miracle
On June 28, 1950, three days after the invasion began, the South Korean capital of Seoul fell to the North Koreans without
a fight. Over the next month, the news from Korea became increasingly grim. Every day the American troops in Korea lost more
ground against the numerically superior and better equipped North Korean forces. On July 3, the port of Inchon fell, followed
by the key railroad junction at Suwon on July 4. On July 20, the North Koreans captured the city of Taejon, wiping out an
entire American infantry regiment. Five days later, on July 25, the North Koreans destroyed a regiment of the First Cavalry
Division that was trying to defend the Korean towns of Kumch’on and Yongdong.
But what the public did not know was that only a few days after the North Korean invasion began, the intercept operators at
the U.S. Army listening post outside the city of Kyoto, Japan, began intercepting North Korean military Morse code radio traffic
coming from their forces inside South Korea. On the morning of June 29, 1950, the first intercepted North Korean radio traffic
from Kyoto began arriving at AFSA’s SIGINT processing center at Arlington Hall Station over the teletype links from the Far
East. Because there were so few Korean linguists available, it took AFSA a week before the first translated North Korean message
was completed on July 3, the same day that the port of Inchon fell to the North Koreans. A quick scan of the intercepts revealed
that the North Korean army was transmitting highly classified information, such as daily situation reports, battle plans,
and troop movement orders, in the clear. The analysts were amazed that the North Koreans were not bothering to encode this
incredibly valuable material.
5
It took another week before the first Top Secret Codeword traffic analysis report based on intercepts of NKPA plaintext radio
traffic was published and distributed by AFSA to its consumers in Washington and the Far East on July 11, just two weeks after
the North Korean invasion began. Three days later, on July 14, AFSA cryptanalysts at Arlington Hall broke the first encrypted
North Korean military radio message. In the days that followed, the AFSA cryptanalysts solved several more cipher systems
then being used by the North Korean combat divisions and their subordinate regiments, as well as some of the cipher systems
used by North Korean logistics units.
6
The upshot was that in a mere thirty days, AFSA’s cryptanalysts had achieved the cryptologic equivalent of a miracle—they
had succeeded in breaking virtually all of the North Korean military’s tactical codes and ciphers, which must rank as one
of the most important code-breaking accomplishments of the twentieth century. The result was that by the end of July 1950,
AFSA was solving and translating over one third of all intercepted North Korean enciphered messages that were being intercepted.
Only a severe shortage of Korean linguists kept them from producing more.
7
The net result was that AFSA’s spectacular code-breaking successes gave the commander of the Eighth U.S. Army in Korea, Lieutenant
General Walton Walker, what every military commander around the world secretly dreams about—near complete and real-time access
to the plans and intentions of the enemy forces he faced. James H. Polk, who was a senior intelligence officer on General
MacArthur’s G-2 staff in Tokyo at the time, recalled, “We had the North Korean codes down pat. We knew everything they were
going to do, usually before they got the orders from Pyongyang decoded themselves. You can’t ask for more than that.” A young
army field commander attached to Eighth U.S. Army headquarters at Taegu named James K. Wool-nough, who would later rise to
the rank of general, had this to say about the importance of the SIGINT available to General Walker: “They had, of course,
perfect intelligence. It all funneled in right there. They knew exactly where each platoon of North Koreans were going, and
they’d move to meet it . . . That was amazing, utterly amazing.”
8
These code-breaking successes were to prove to be literally lifesaving over the forty-five days that followed as the vastly
outnumbered American and South Korean infantrymen of the Eighth U.S. Army tried desperately to hold on to a tiny slice of
South Korea around the port city of Pusan in a series of battles that are referred to today collectively as the Battle of
the Pusan Perimeter. Declassified documents reveal that between August 1 and September 15, 1950, SIGINT was instrumental in
helping General Walker’s Eighth Army beat back a half-dozen North Korean attacks against the Pusan Perimeter.
9
By the end of August, SIGINT revealed that the North Korean army had been reduced to a shadow of its former self. The North
Korean Thirteenth Division could only muster a thousand men for combat, while some battalions of the North Korean Fifth Division
had lost more than 80 percent of their troops, with one battalion reporting that it had only ten soldiers left on its muster
rolls.
10
SIGINT also showed that under relentless air attacks, the North Korean supply system had almost completely stopped functioning.
Ammunition shortages were so severe that it was severely affecting the combat capabilities of virtually all frontline NKPA
units deployed around the Pusan Perimeter. For example, an intercept revealed that ammunition shortages in the North Korean
Thirteenth Division east of Taegu were so severe that it could not fire its few remaining artillery pieces.
11
The Inchon Landing
In one of the greatest gambles of the Korean War, on the morning of September 15, 1950, units of the U.S. Tenth Corps staged
an amphibious landing, planned by General MacArthur, behind the North Korean lines at the port of Inchon, west of Seoul.
Recently declassified documents reveal that the Inchon landing would not have been successful without the SIGINT coming out
of AFSA. Thanks to SIGINT, MacArthur and his intelligence chief, Major General Charles Willoughby, had a fairly clear picture
of the North Korean army order of battle, including the locations, strengths, and equipment levels for all thirteen infantry
divisions and a single armored division deployed around the Pusan Perimeter. Most important, the SIGINT data showed that there
were no large North Korean units deployed in the Inchon area.
12
In the month prior to the Inchon landing, MacArthur’s intelligence analysts in Tokyo, thanks to the decrypts, were able to
track the locations and movements of virtually every unit in the North Korean army. In mid-August, SIGINT revealed that the
North Koreans were taking frontline combat units from the Pusan Perimeter and moving them to defensive positions along both
the east and west coasts of South Korea, suggesting that the North Korean general staff was concerned about the possibility
of a U.N. amphibious landing behind North Korean lines. By early September, decrypted high-level North Korean communications
traffic showed that the North Korean army’s senior commanders were concerned that the United States might attempt an amphibious
landing on the west coast of South Korea, but had incorrectly guessed that the landing would most likely occur to the south
of Inchon at either Mokpo or Kunsan port.
13
Despite SIGINT indications that the North Koreans knew a U.S. amphibious operation was imminent, MacArthur went ahead with
the landing at In-chon on September 15. It was a stunning success, with little North Korean resistance. The sole attempt by
the North Koreans to mount a major counterattack against the Inchon bridgehead was picked up by SIGINT well before it began,
and mauled by repeated air strikes. In a matter of just a few hours, the entire North Korean force was destroyed.
14
With the collapse of the Inchon counterattack, there were no more organized North Korean forcesstanding between the U.S. forces
and Seoul. On September 28, Seoul fell to the Americans. With that, all thirteen North Korean combat divisions around the
Pusan Perimeter abandoned their positions and fled to the north. By the end of the month, all of the rest of South Korea up
to the old demarcation line at the 38th parallel had been recaptured.
The Chinese Intervention
Newly declassified documents have revealed that at the time of the Inchon landing, AFSA had very few SIGINT resources dedicated
to monitoring what was occurring inside the People’s Republic of China, North Korea’s huge communist neighbor, because, as
a declassified NSA history put it, AFSA had “employed all available resources against the Soviet target.” The only SIGINT
resources available were a few intercept positions at the U.S. Army listening post on the island of Okinawa, Japan, which
were monitoring low-level Chinese civil communications traffic, primarily unencrypted Chinese government cables and the communications
traffic of the Chinese Railroad Ministry. A small team of Chinese linguists at Arlington Hall Station, headed by a twenty-nine-year-old
New Yorker named Milton Zaslow, was able to derive a modicum of intelligence about the state of the Chinese economy, transportation
and logistics issues, and even the movements of Chinese military units inside China from these telegrams. It was not a very
impressive effort, but it was all that the overstretched AFSA could afford at the time.
15
Beginning in July 1950, and continuing through the fall, Zaslow’s team picked up indications in these low-level intercepts
that the Chinese were shifting hundreds of thousands of combat troops from southern and central China to Manchuria by rail.
16
But according to Cynthia Grabo, then an intelligence analyst at the Pentagon, the U.S. Army’s intelligence analysts refused
to accept the reports of a Chinese military buildup in Manchuria, arguing instead that the Chinese intended to invade Taiwan.
17
But there were other SIGINT sources that were indicating that China intended to take forceful action in Korea. AFSA’s principal
source for intelligence on China was its ability to read the cable traffic of arguably the best informed foreign diplomat
based in Beijing, Dr. Kavalam Madhava Panikkar (sometimes spelled Pannikar), India’s ambassador to China. Panikkar had the
ear of Premier Chou Enlai and other senior Chinese leaders, which made him AFSA’s best source for high-level diplomatic intelligence
about what was going on in Beijing.
18
For example, intercepts of Panikkar’s cables to New Delhi in July and August 1950 revealed that he had been told by Chou Enlai
that the Chinese would
not
intervene militarily in Korea.
19
But diplomatic decrypts revealed that the position of the Chinese leadership changed dramatically following the amphibious
landing at Inchon. The decrypted cables of the Burmese ambassador in Beijing, whose government also maintained generally friendly
relations with China, warned that China now intended to become involved militarily in Korea.
20
A week later, decrypts of Ambassador Panikkar’s cable traffic to New Delhi revealed that on September 25, Chou En-lai had
warned the Indian ambassador that China would intervene militarily in Korea if U.N. forces crossed the 38th parallel.
21
But Panikkar’s reporting was either discounted or ignored completely by policymakers in Washington because of his alleged
pro-Chinese leanings.
22