Body of Secrets: Anatomy of the Ultra-Secret National Security Agency (5 page)

Once the
signals were captured, a specially designed time-delay device activated to
allow recorders to be switched on. Devices were also developed to divert a
single signal to several receivers. The intercepts were then forwarded to
Arlington Hall, headquarters of the Army codebreakers, over forty-six special
secure teletype lines. By the summer of 1945 the average number of daily
messages had grown to 289,802, from only 46,865 in February 1943. The same soldiers
who only a few weeks earlier had been deciphering German battle plans were now
unraveling the codes and ciphers wound tightly around Argentine negotiating
points.

During the
San Francisco Conference, for example, American codebreakers were reading messages
sent to and from the French delegation, which was using the Hagelin M-209, a
complex six-wheel cipher machine broken by the Army Security Agency during the
war. The decrypts revealed how desperate France had become to maintain its
image as a major world power after the war. On April 29, for example, Fouques
Duparc, the secretary general of the French delegation, complained in an
encrypted note to General Charles de Gaulle in Paris that France was not chosen
to be one of the "inviting powers" to the conference. "Our
inclusion among the sponsoring powers," he wrote, "would have
signified, in the eyes of all, our return to our traditional place in the
world."

In charge
of the San Francisco eavesdropping and codebreaking operation was Lieutenant
Colonel Frank B. Rowlett, the protégé of William F. Friedman. Rowlett was
relieved when the conference finally ended, and he considered it a great
success. "Pressure of work due to the San Francisco Conference has at last
abated," he wrote, "and the 24-hour day has been shortened. The
feeling in the Branch is that the success of the Conference may owe a great
deal to its contribution."

The San
Francisco Conference served as an important demonstration of the usefulness of
peacetime signals intelligence. Impressive was not just the volume of messages
intercepted but also the wide range of countries whose secrets could be read.
Messages from Colombia provided details on quiet disagreements between Russia
and its satellite nations as well as on "Russia's prejudice toward the
Latin American countries." Spanish decrypts indicated that their diplomats
in San Francisco were warned to oppose a number of Russian moves: "Red
maneuver . . . must be stopped at once," said one. A Czechoslovakian
message indicated that nation's opposition to the admission of Argentina to the
UN.

From the
very moment of its birth, the United Nations was a microcosm of East-West
spying. Just as with the founding conference, the United States pushed hard to
locate the organization on American soil, largely to accommodate the
eavesdroppers and codebreakers of NSA and its predecessors. The Russians, on
the other hand, were also happy to have the UN on American soil—it gave them a
reason to ship dozens of additional spies across U.S. borders.

Since the
discovery of the Russian Fish machine by TICOM at the end of the war, and the
ability to read a variety of diplomatic, KGB, and trade messages as a result of
the Venona breakthrough on Soviet onetime pads, American codebreakers had been
astonishingly lucky. Virtually overnight they were placed in what NSA has
called "a situation that compared favorably to the successes of World War
II." For several years, American codebreakers were able to read encrypted
Soviet armed forces, police, and industry communications and the agency could
put together "a remarkably complete picture of the Soviet national
security posture."
But then, almost overnight
in 1948, everything went silent. "In rapid succession, every one of these
cipher systems went dark," said a recent NSA report, which called it
"perhaps the most significant intelligence loss in U.S. history." It
forever became known at NSA as Black Friday.

Just as
the United States had successfully penetrated secret Soviet communications
networks, so the Russians had secretly penetrated the Army Security Agency and
later the Armed Forces Security Agency (AFSA), into which ASA had been folded.
Although he was never charged with espionage, a gregarious Russian linguist by
the name of William Weisband became the chief suspect. Born to Russian parents
in Egypt in 1908, Weisband emigrated to the United States in the 1920s and
became a U.S. citizen in 1938. Four years later he joined the Signal Security
Agency and was assigned to Sigint activities in North Africa and Italy, before
returning to Arlington Hall and joining its Russian Section. Although Weisband
was not a cryptanalyst, his fluency in Russian gave him unique access to much
of what the Russian codebreakers were doing. In 1950, after being suspended
from work on suspicion of disloyalty, he skipped a federal grand jury hearing
on Communist Party activity and, as a result, was convicted of contempt and
sentenced to a year in prison. He died suddenly of natural causes in 1967,
always having denied any involvement in espionage.

For
American codebreakers, the lights could not have gone out at a worse time. In
late June 1950, North Korean forces poured across the 38th Parallel into the
south, launching the Korean War. Once again, as with Pearl Harbor, America was
caught by surprise.

A year
before the attack, the Army, Navy, and Air Force code-breaking organizations
had been combined into a single unit, AFSA. But instead of establishing a
strong, centralized organization to manage the growing worldwide signals
intelligence operations, each service was allowed to retain control of both
intercept and codebreaking activities. That left little for the director of
AFSA to direct. Nor could he even issue assignments to field units. They would
first have to pass through each of the services, which could then accept them,
change them, or simply ignore them. Herbert L. Conley, who was in charge of
Russian traffic analysis at AFSA in the late forties, and later headed up
Russian code-breaking at NSA, likened the organization to a "three-headed
monster." "He couldn't control anything outside of the buildings that
were occupied," he said of the director.

In the
weeks leading up to the attack, Korea barely registered as a Sigint target for
AFSA. Out of two priority lists, North Korea was number fifteen on the
secondary list. From listening posts at Kamiseya, Japan, and several other
locations, most of the intercept activity was directed at Russia. Communist
China was also a high priority, with eighty-seven intercept operators and
analysts focused on it. But because AFSA had not broken any important Chinese
cipher systems, most personnel concentrated on traffic analysis, the
examination of the message's "external indicators," such as its date
and "to" and "from" lines. North Korea, on the other hand,
was targeted by just two intercept operators at the time the war broke out. In
all, they had collected a paltry two hundred messages, and none of those had
been processed. "AFSA had no Korean linguists, no Korean dictionaries, no traffic
analytic aids, and no Korean typewriters," said a later NSA analysis.

Despite
the limited resources, clues were there. Buried in stacks of intercepted Soviet
traffic as far back as February were messages pointing to large shipments of
medical supplies going from Russia to Korea. Other messages, about the same
time, revealed a sudden and dramatic switch toward targets in South Korea by
Soviet radio direction-finding units.

Suddenly,
at 3:30 on the morning of June 25, 1950, Joseph Darrigo, a U.S. Army captain
and the only American on the 38th Parallel, was jarred awake by the
teeth-rattling roar of artillery fire. At that moment North Korean ground
forces, led by 150 Soviet T-34 tanks, began their massive push into South
Korea. Darrigo managed to escape just ahead of the advancing troops and spread
the alarm. "AFSA (along with everyone else) was looking the other way when
the war started," said a recent, highly secret NSA review. The first word
to reach Washington came from a news account by a reporter in Seoul.

Within
days, the North Korean Army had captured Seoul and continued to steamroll
south, seeking to unify the peninsula under the flag of communism. In response,
American troops were quickly dispatched to provide assistance to South Korea as
part of a United Nations force. By the end of the first week, 40,000 South
Korean soldiers had been killed, captured, or declared missing in action.

Following
the attack, AFSA began a quick push to beef up its ranks. The number of
intercept positions targeting North Korean traffic jumped from two to twelve.
Any signals even remotely North Korean were transmitted back to AFSA
headquarters in Washington, arriving ten to twelve hours after intercept. Soon,
new messages were arriving hourly and lights were burning around the clock.

Nevertheless,
cryptanalysis was virtually nonexistent. In fact, the first few decrypts of
enciphered North Korean air traffic were produced not by professional
codebreakers but by an uncleared U.S. Army chaplain using captured codebooks.
Seconded into Sigint duty, Father Harold Henry had spent a number of years in
Korea, where he learned the language. Most analysts instead concentrated on
traffic analysis and plaintext intercepts—highly useful because of poor
communications security by the North Koreans during the early part of the war.
Among the messages sent in the clear were secret battle plans.

Adding to
the problems, it was three months before a small advanced Sigint unit actually
arrived on the Korean peninsula. Radio direction finding was greatly hampered
by the mountainous terrain. Then there were the supply shortages, outmoded
gear, difficulties in determining good intercept sites, equipment ill-suited to
frequent movement over rough terrain, and a significant lack of translators.

From the
beginning, the ground war went badly. By the end of July, the Eighth Army, led
by General Walton H. Walker, had been forced into a boxlike area known as the
Pusan Perimeter, so named because it surrounded the southeastern port of Pusan.
"When we got into the . . . Perimeter, you never saw a more beat-up bunch
of soldiers," recalled former PFC Leonard Korgie. "The North Koreans
had hellish numbers and equipment. We were very, very thin in both."

Walker's
one advantage was a constant supply of Sigint, which provided him with such
vital information as the exact locations of North Korean positions. Armed with
this intelligence, he was able to maximize his limited men and resources by
constantly moving them to where new attacks were planned. Finally, following
MacArthur's daring amphibious landing at Inchon, a port located behind enemy
lines, Walker's men broke out of their box and joined in the attack, putting
North Korea on the defensive.

In one
sense, Sigint in Korea was like a scene from
Back to the Future.
After
planting a number of sound-detecting devices forward of their bunkers to give
warning of approaching troops, ASA soldiers discovered that the devices also
picked up telephone calls. So they began using them for intercept—a practice
common during World War I but long forgotten. This "ground-return
intercept," using the principle of induction, enabled the ASA to collect
some Chinese and Korean telephone traffic. The downside, however, was that in
order to pick up the signals the intercept operator had to get much closer to
enemy lines than normal, sometimes as close as thirty-five yards.*

"One
of our problems in Korea was linguists, there were so few," said Paul
Odonovich, an NSA official who served in Korea with the Army Security Agency.
Odonovich commanded a company of intercept operators on the front lines.
Sitting in antenna-bedecked vans, they would mostly eavesdrop on North Korean
"voice Morse," an unusual procedure whereby the North Korean military
would read the Morse code over the communications channels rather than tap it
out with a key. "They used the singsong 'dit-dot-dit-dit' business,"
said Odonovich.

Other
units conducting low-level voice intercept (LLVI), as it was known, operated
out of jeeps and bunkers close to the front lines. The intelligence was then
disseminated directly to combat units. By the end of the war, twenty-two LLVI
teams were in operation. Air Force intercept operators also had some successes.
Operating from small islands off North Korea, Sigint units were able to
intercept North Korean, Chinese, and Soviet instructions to their pilots. The
intercept operators would then disguise the intelligence as "radar
plots" and pass them on in near-real time to U.S. pilots operating over
North Korean territory. Once they received the information, their "kill
ratio" increased significantly.

After the
battle began, the most important question was whether China would intervene.
Since the end of World War II, Army Sigint specialists had engaged in a
haphazard attack on Chinese communications. In 1945, General George Marshall
attempted to bring Nationalist leader Chiang Kai-shek and Communist boss Mao
Tse-tung to the negotiating table. At Marshall's request, a small group of
intercept operators eavesdropped on both sides during the talks.

But the
operation was less than a success. A team set up in Nanjing to intercept
Nationalist communications was hampered by unreliable electrical power.
Another, which targeted Communist links from a listening post in Seoul, was
plagued with "poor hearability." Ironically, as the United States
struggled, the British had been secretly listening to Chinese Communist
communications for years. From 1943 until 1947, the Government Code and Cypher
School successfully monitored a link between Moscow and Mao's headquarters in
Yan'an, China. But because the link was part of a clandestine Soviet network,
the decision was made to keep the Americans in the dark until March 1946.