Korea is often seen as a Sigint failure – but was it?
“The Korean war although limited in geographical scope to a small Asian country and beginning as a struggle between armies of Koreans, the conflict eventually included combatants representing 20 different governments from six continents. Of the estimated casualties to military personnel more than half were non-Korean. The war rendered terrible destruction to the indigenous peoples yet still failed to resolve the political division of the country which remains a source of tension and danger to the present day. In its timing, its course and its outcome the Korean war served in many ways as a substitute for World War III”1
Research into UK Signals Intelligence (Sigint) is severely hampered by the stringent restrictions placed on the release of information by GCHQ. “With the exception of a small amount of material released to the ‘HW series’ in the National Archives, all information about the work of GCHQ from after VJ Day remains classified and, with the exception of Directors and PEOs and members of staff who have become well known because of their work at Bletchley Park, they hold as ‘unreleasable’ the names of members of staff, their jobs and their job titles”.2 As far as UK activities are concerned, therefore, there are very lean pickings indeed. Fortunately the exploits of US intelligence agencies are far better documented – aided by the Freedom of Information Acts and the publication of the Official History of the NSA.
During the war and in post-war investigations, there have been many charges that US Intelligence failed in the Korean War not once but twice. Critics charged that American intelligence organisations had failed to give warnings of the initial North Korean attack in June 1950 and failed again when the Chinese entered the war in October 1950.3 To understand why criticism was levelled mainly at the USA one needs to know the background to the co-operation between the USA and the United Kingdom. BRUSA was the cryptonym given to the world’s first major Sigint agreement between two foreign powers – Britain and the USA. Its purpose was to avoid and eliminate wasteful duplication of effort. This co- operation worked extremely well and led to the creation of UKUSA. The United Kingdom – United States of America Agreement4 is a multilateral agreement for co-operation in signals intelligence among the United Kingdom, the United States, Canada, Australia, and New Zealand. The alliance of intelligence operations is also known as Five Eyes (FVEY).
Emerging from an informal agreement related to the 1941 Atlantic Charter, the secret treaty was renewed with the passage of the 1943 BRUSA Agreement, before being officially enacted on 5 March 1946 by the United Kingdom and the United States. In the following years, it was extended to encompass the three Commonwealth realms of Canada, Australia and New Zealand. Other countries, known as “third parties”, such as West Germany, the Philippines and several Scandinavian countries also joined the UKUSA community. Much of the sharing of information is performed via the ultra-sensitive STONEGHOST network. Besides laying down rules for intelligence sharing, the agreement formalised and cemented the Special Relationship between the UK and the USA. Due to its status as a secret treaty it was not disclosed to the public until 2005. On 25 June 2010, for the first time in history, the full text of the agreement was publicly released by Britain’s National Archives.
In Sigint terms the Korean conflict was a “sideshow to the main event, the secret wireless war conducted throughout the late 1940’s over the Soviet Union”.5 Within very few years of the end of World War II American cryptography was a hollow shell of its former self. The lack of resources was compounded by bureaucratic infighting and, with this, came signs of professional failure. Up until 1948, Britain and America had been reading many of the codes of the USSR – the new post-war target and then, in the space of one year, this ability disappeared, virtually completely. Although this happened over a period it is usually known as Black Friday. The USSR changed everything: codes, ciphers, procedures and equipment. Britain and America were suddenly electronically blind.
In 1949 Chiang Kai-shek fled to Taiwan and the Communists came to power. Their communications were no more exploitable than those of the Soviet Union.
Korea is often seen as a Sigint failure, but was it? What is certain, however, is that the invasion by the North took the West by surprise; indeed, the Official History of the NSA notes that ‘there was no person or group of persons working on the North Korean problem6’ What warnings there might have been were not seen or ignored completely. Agents – the few who had survived – had reported increased troop movements and armoured build-ups. There was also a breakdown in communications between the members of the UKUSA, when early in 1950, there was a dispute between the British and McArthur’s HQ in Japan over estimates of the size of North Korean forces. British intelligence claimed that there were only 36,000 troops whilst MacArthur’s intelligence claimed 136,000. The CIA, under Jay Vanderpool, supported the British figure but, sadly, MacArthur would be found to be much nearer the true figure.7 As late as 12 October, President Truman and Acheson were still supporting the CIA and British JIC estimates.8
Under the UKUSA, Britain was an almost invisible partner alongside MacArthur in the region and relations with the small British intelligence (S.I.S) unit in Tokyo were already awkward, the two staffs only liaising “unofficially”. Bluntly, without MacArthur’s contribution, the British knew little more than what could be gleaned from the newspapers. Relations had hardly been helped by the British recognising Communist China the year before whilst America still supported Chiang Kai-shek’s Nationalist regime in Taiwan. From the outset, Anglo–American intelligence co-operation had been bad since the USA considered that Korea and Formosa (Taiwan) were “not covered” by UKUSA agreements on intelligence exchange “in view of the political differences between us over China”. As a result no intelligence had been received from the Americans on either of these countries. A year later, British Military Intelligence was still refusing to accept American estimates, arguing that they were “infected with MacArthuritis”.
The surprise invasion destroyed Britain’s very limited intelligence capacity which had, until then, consisted of a newly opened SIS station based in the British Embassy in Seoul ran by a middle-ranking SIS officer George Blake. This was overrun within days.
Sigint material was especially rare. The North Korean Army made a great deal of use of “one time pads” and observed scrupulous radio silence with much of its traffic being sent by landline and undersea cables, effectively cutting off any potential high-level dividends from
Sigint. When the Chinese entered the war they did the same. Regardless of the quantity of signals traffic available, neither the Americans nor the British seemed interested in intercepting and analysing it.9 Soviet radio security advisers based in Korea were fully aware of the potential of techniques such as traffic analysis and direction finding which allow intelligence to be extracted from traffic even though it had not been broken and had trained the North Koreans well.10 The Korean War was eventually to be of vital importance to GCHQ because it would fundamentally alter the structure of the US Sigint community leading to the eventual creation of the NSA, giving them unambiguous control over Comint.11
The largest American Sigint operation in the region was the Army Security Agency, with its headquarters in Tokyo First Arsenal and four listening stations throughout the region. Due to personnel shortages it operated on a nine-to-five day staffed, in the main, by conscripts which resulted in a high turnover. Post-WWII US Signals intelligence activity had ceased in Korea with the departures of American forces in 1949. According to Aid,12 “Prior to the attack there was virtually no Comint covering North Korea; what little North Korea radio traffic being intercepted was not being analysed”, and some North Korean communications had been accidentally intercepted between May 1949 and April 1950 because they were following Soviet communications procedures. Coverage, however, was dropped once analysts confirmed that it came from a non-Soviet source. It should be stressed that these messages were not positively identified as originating from the DPRK.13 In April 1950 ASA undertook a limited research and development study of DPRK traffic. Two positions intercepting internal North Korean communications were set up and approximately 200 messages were available for analysis, although by the time the war began none had been processed.
Prior to 1950 there were two Sigint hints of more than usual interest in the Korean peninsular by Communist Bloc nations but neither was seen as sufficient to provide a specific warning of a June invasion. In the spring of 1950 a Soviet network in the Vladivostok area greatly increased its targeting of communications in South Korea. In the second, Sigint revealed that large shipments of bandages went from the USSR and Manchuria, starting in February. These incidents would only be seen as significant in hindsight after the invasion in June.14
At the outbreak of war only two Korean linguists were available to the Army Security Agency (ASA). Youn P Kim and Richard Chun had both been assigned to the Army Language School at Monterey. “YP” was from California, the son of Korean immigrants whilst “Dick” Chun had grown up in Hawaii. Both had served in WWII and had been hired by ASA initially for their Japanese language skills.15 The AFSA (Armed Forces Security Agency) had no technical expertise on Korea. There were no Korean linguists assigned to them. There was one civilian who had studied the language whilst hospitalised and a female civilian of Korean descent. These, together with several Japanese linguists established the first Korean language unit. It was possible to convert Japanese linguists due to the similarity of the grammar of the two languages.16 It had no Korean dictionaries, no Korean typewriters and no books on Korea. Until April 1950 it had no formal communications interception of any kind. There was an almost total lack of knowledge of North Korean military and technical terminology. In the beginning, terminology appearing in North Korean military communications was collected and definitions were painstakingly determined by context or by referring to Japanese or Chinese dictionaries.17 On 21 April 1950 an Air Force (AFSA)
unit near Kyoto was specifically tasked to collect more Korean traffic; by mid-June they had collected virtually nothing. The Air Force (AFSA) actually beat the ASA to Korea. Its first representative arrived in Taegu on 19 July, almost two months ahead of the Army counterparts.18 The ASA, the American Army’s cryptologic organisation fared no better. They could offer virtually no Sigint support, not arriving in Korea until six days after American forces landed at Inchon.19 Prior to the attack, as the US Sigint conceded in 1951 and as Aid pointed out, “there was virtually no Comint (Sigint) covering North Korea; what little North Korean radio that was intercepted was not being analysed”.20
This failure was not to continue; soon AFSA analysts were working 24 hours a day and 12 intercept positions taken from coverage of Chinese and Soviet cover, based in Japan, were transferred to Korean duties. The ASA unit was supplemented by a South Korean intercept unit (ROKN Group “M”). By the end of September 1950 ASAPAC (Tokyo, Japan) had established an advanced base at Taego and in mid-October the 60th Signal Service Company from Fort Lewis, Washington, landed at Pusan. By then the total intercept was increased to 20 positions.
In the first phase of the conflict, North Korean encrypted messages used simple cryptosystems in large volumes and cryptanalytic effort in the field and back in the States enjoyed high levels of success. The North Koreans changed their systems frequently but still retained the basic simplicity. The end-product during the latter part of 1950 and through the spring of 1951 was considerable and of great value. High-echelon North Korean messages revealed a great deal of information about the capabilities and intentions of the North Korean forces and were considered by the UN High Command and field commanders to be a vitally important source of information.21
The US were concerned at the possibility of Chinese intervention and AFSA’s monitoring of Chinese civil communications revealed large volumes of routine logistics and movement orders seemed to confirm this view. By July they had intercepted references to “army units moving north”. By September AFSA had identified six of the nine armies that were later involved in the fighting in North Korea.22 Ignoring these Sigint reports of Chinese troop movements has been described as “one of the most famous miscalculations in modern military history”. Thousands of Chinese troops attacked unsuspecting American troops. The marines seem to have had no Sigint support throughout the entire war which led to the retreat of the 1st Marine Division which had been trapped at the Chosen reservoir in N.E. Korea. They had fought in the Pusan perimeter, landed at Inch’on and advanced deeply into N.E. Korea without any Sigint support. Although senior officers seemed to have access to the intelligence it appears not to have filtered down to the marines as they moved north
The biggest problem facing the advance ASA unit, the 60th Signal Service Company, which arrived in Korea in mid-September 1950 was the shortage of linguists. Initially they had only two, both of whom had been assigned to the language school in Monterey. Faced with the choice of leaving them in California to train future Korean linguists or transferring them to the front they found themselves being shipped very rapidly. The shortage of Chinese linguists was partly solved by hiring Chinese Nationalist officers from Taiwan. This shortage of linguists led to competing units even resorting to bribery to secure the very few competent civilians. There was also the Russian language problem as the Russians had established a communications net in China to serve military and civilian aircraft in Korea and Manchuria. Interception showed Soviet control of fighter activity in the northernmost regions of Korea and Soviet pilots were frequently heard in air-to-air and air-to-ground conversations.
Generally, Sigint production was hampered by supply shortages and outmoded equipment in addition to the lack of linguists.
As was so often the case in WWII, the Intelligence being produced was not always appreciated or understood by Eighth Army officers. Sigint produced by AFSA and ASA was also subject to restrictions on distribution which prevented its full exploitation; Generally, Intelligence produced by Korean units locally was preferred. Initially lacking any real support from Washington and Tokyo, EUSAK (US 8th Army in Korea) under Gen Walker had set up their own Sigint unit, starting from scratch. When finally a unit did arrive EUSAK requisitioned their equipment and sent the personnel packing which was not greatly appreciated.23
All was not doom and gloom on the Sigint front. One of the most successful Sigint coups during the War was carried out by the CIA. It was realised that some kind of cable stretched between the Shantung peninsula in mainland China and Dairen in Manchuria and that this must be the main telegraph cable carrying much of the traffic between Chinese forces in Korea and Beijing. A converted armed junk, normally employed on coastal raids, was used to search for it. It was pulled to the surface with grappling hooks and the captain a former air force master sergeant hacked out a three-foot length of cable before fleeing back across the Yellow Sea.24
Soon, under the strain of American bombing, North Korean communications began to collapse and, as a result, most Korean People’s Army codes were being broken within hours. This enabled several days warning to be given of the offensive against the Pusan perimeter at the end of August 1950 together with detailed information about the plan of attack. A release by NSA dated 9th May 2008 gives details of Walker’s tactics which were driven all the time by his knowledge gained from Sigint which was described as “being of vital importance in deploying his mobile reserve in defence of the perimeter by revealing the enemy commander’s intended plan of attack”. The typical message to units of the First Army Group used as an example, was intercepted on 26 July, decoded, translated and transmitted to Headquarters, 8th Army by 29 July.25
Once the UN forces had regained the initiative and Seoul was safe, both US Air Force and Army cryptologists moved their headquarters to the western suburbs of Seoul, the air force to Chosen Christian College and the army to the campus of Ewha College. ASA intercept units were flung along the wavering front line north of Seoul concentrating mainly on manual Morse transmissions. These proved difficult to exploit and were of little value in a tactical sense apart from traffic analysts being able to establish an order of battle for the North Korean Army. Most of ASA’s value in Korea stemmed from its intercept of Korean and Chinese voice communications. Much of that came from the detection of Chinese telephone conversations being carried through the ground and picked up by sensors originally placed to detect the sounds of marching feet. Incredibly this technique had been successfully pioneered in WWI.
What other success stories were there? An attempt by the Chinese to capture Hill 395 came to be known as the Battle of White Horse Mountain. Intercepted Chinese communications gave the Americans warning of the attack. The ASA rushed an intercept unit to the battleground and it gave commanders hard intelligence as the battle progressed. The Chinese lost 10,000 troops out of the 23,000 they had committed. In March 1953 advance information on Chinese planned offensives on Old Baldy and Pork Chop Hill was gained through Sigint. US Air Force had benefited from what they had learned from monitoring Soviet air warfare techniques. Russian air force voice communications had been discovered in the early spring of 1951 and a mobile intercept station had been set up at Pyongtaek in central Korea. This significantly increased the coverage and it is believed by many to have been responsible for the enormous American kill ratio during the war. All Air Force Sigint was brought together at Chosen Christian College where intercepts of North Korean, Chinese and Soviet communications, both voice and Morse26, were made available, for the first time, in one location to analysts.
North Korean communications which had been so exploitable earlier in the war, dried up in the summer of 1951. With the adoption of Soviet communications procedures the North Korean nets that AFSA had been exploiting earlier were no longer yielding useful intelligence. There was little strategic information available from AFSA in Washington. Partly because of this, the war would bring about the end of AFSA, losing the battle tor centralising American cryptology, leading to the formation of the National Security Agency (NSA).
After the truce agreement was signed, marked efforts were still being made by the North Koreans. With the cessation of open hostilities and the situation becoming static, the North Koreans made less use of radio communication and more use of landline, courier and mail services. In 1952 North Korean communications targets other than military were being intercepted. Surveillance of North Korean internal civil communications – which in many respects resembled Cable & Wireless or Western Union – produced plain text messages which had passed between major North Korean cities and industrial complexes. These messages contained a large variety of subjects ranging from personal messages to coal, lead, zinc and other mining statistics. Often information passed to or from members of the military forces was of use when constructing order of battle details.27
Despite the opening strictures, what can we learn about the UK’s Sigint efforts in Korea? Set up in 1953, No. 9 Intelligence School was based in a girls’ school just outside Seoul and there were representatives of all three services there. One of its known major tasks was the debriefing of POWs returning in 1953 and they were training officers and senior NCO’s in the arts of escape and evasion. The C.O. was a Lt. Col. de Cent, RA, The adjutant was a Capt. Butler, also RA and the ops officer was Major Anderson RUR. The school was still operational until 1954 at least. There is no direct evidence that No. 9 was involved directly in Sigint except that every other intelligence school recorded has been a Sigint unit and there is no reason to believe that No. 9 was an exception. To confirm this belief, there was a Royal Signals contingent based there at that time – far larger than for normal day-to-day signals work. Royal Signals special operators had been trained in Chinese Morse in addition to Russian, from 1951
The truce did not bring about a truce in the Sigint war. There were a couple of extremely tense periods following the capture of the USS Pueblo28 and the shooting down of a reconnaissance aircraft. What also changed was that they were no longer the North Korean forces of the 1950s. They were now a modern, better-equipped, better-trained and experienced military machine. In addition there is still the threat of thousands of well-trained and well-armed Chinese Communist forces just across the Yalu River just waiting to come to the aid of their North Korean friends. That is still the case today.
PWC Nov13
1 W. Stueck. The Korean War an International History. Princeton 1995. Introduction.
2 Letter to the author from GCHQ. T. Comer, departmental historian 02/08/2010.
3 D.A. Hatch The Korean War: the Sigint Background. NSA Historical publications.
4 Wikipedia.
5 Nigel West ibid. p. 313.
6 Aldrich GCHQ p.100.
7 Malcolm, White Tigers p. 14
8 Alexander, Strange Connection pp. 112–13
9 Aldrich, The Hidden Hand. P277
10 Aid, US Humint and Comint 17-63.
11 Aldrich GCHQ p. 101.
12 Ibid.
13 The Korean War Hatch. D.H with R.L. Benson The Sigint background National Security Agency/Central Security Service p. 5–6.
14 Hatch ibid., p. 6.
15 Hatch ibid. p8
16 Dick Chan. NSA DOCID 3216597 ‘Secret Spoke’ approved for release 09/18/2007 p1
17 Dick Chan ibid p2
18 Johnson ibid. p. 3.
19 T.R Johnson ‘American Cryptology during the Korean War’, Studies in Intelligence Vol 45, No. 3, 3001 pp. 3-4.
20 Aid ibid.
21 Chan ibid. p. 2.
22 Johnson ibid. p. 4.
23 Aid ibid.
24 Aldrich ibid. p. 279.
25 AFSA DOCID 3417049 declassified from Top Secret Copse. FOIA Case #53894. Attached as annexe
26 Thos R. Johnson. Studies in Intelligence Vol 45, no. 3 2001, ‘American Cryptology during the Korean ‘
27 Chan ibid. p. 4.
28 The USS Pueblo was an American Elint and Sigint, Banner-Class technical research ship which was boarded and captured by the North Koreans on 23 January 1963. It was a major incident in the Cold War. She is still, today, held by the North Koreans in Wonsan Harbour