Spy radio
Burst encoders
Dead Drop
Lock picking
• • • Donate • • •
   Logo (click for homepage)
USS Pueblo   AGER-2
US spy ship

The USS Pueblo, also known as AGER-2, 1 was a Banner-class environmental research ship, used by the US Navy as an information gathering ship (spy ship). It was attacked and captured by North Korean forces on 23 January 1968, after which sensitive equipment fell into North Korean and USSR (Russian) hands. The incident is also known as the Pueblo Incident and as Pueblo Crisis.
The image on the right shows the official US Navy photograph of the ship that was made shortly after it went into service as the AGER-2 intelligence gathering ship on 13 May 1967 [6].

On 5 January 1968, the Pueblo left the US Naval base in Yokosuka (Japan) with the intention to gather intelligence on the Soviet 'red' fleet and on North Korea, as part of a secret mission with SIGAD 2 USN-467Y, jointly carried out by the US Navy and the US National Security Agency (NSA). On 22 January, the Pueblo arrived near the North Korean port of Wonsan under strict radio silence.
The USS Pueblo during trials in 1967. Official US Navy Photo [1].

It was an exceptionally sunny day and the ship soon started picking up Electronic Intelligence (ELINT). After lunch however, its luck changed after the Pueblo was spotted by two North Korean fishing trawlers that started circling it. Although the trawlers initially disappeared, they later returned to start circling the Pueblo at a shorter distance. The crew decided to break EMCON 3 in order to send a SITREP-1, 4 but due to bad ionospheric radio conditions they were not successful.

It was not before 10:00 the next morning that a successful SITREP-1 was sent. Shortly afterwards SITREP-2 was send to indicate that the Pueblo was no longer under surveillance. Or so it seemed. Around lunchtime, a North Korean submarine chaser, S0-1, was rapidly approaching. It would soon be joined by three P4 torpedo boats and two MIG-21 fighter planes. A fourth torpedo boat and a second submarine chaser were already underway as the S0-1 prepared for boarding.
Aboard the USS Pueblo was a wealth of intercept equipment and high-grade cipher machines, such as the KL-47 and the KW-7. Although the ship was effectively closed in, the captain tried to escape in order to stall for time, so that the crew could destroy the sensitive equipment and documents as per COMSEC destruction orders.

After a direct hit of the radar mast by the 57 mm cannon of the S0-1, the USS Pueblo slowed down and was eventually boarded by the Koreans. During the attack, crew member Duane Hodges got killed and several others were wounded [1].
hi-grade KW-7 cipher machine

The crew worked very hard to destroy the 10 cipher machines, their spare parts, the service documentation and the cryptographic key material, but had to stop when the boat was being boarded by the North Koreans. By that time, most of the cipher machines had been destroyed, but not all. It is assumed that one fully operational KW-7 fell into North Korean hands, along with the service manuals of all machines and at least some spare parts that were aboard as well.
The ship was taken to the port of Wonsan and the crew was paraded on North Korean television as part of a propaganda campaign. In the mean­time the machines were investigated by North Korean experts. The technical personnel of the Pueblo was interrogated for several months, until the Koreans had a good understanding of the operating principles of the seized machines.

It is believed that the North Koreans shared their findings with the Soviet Union and that they even passed them some of the actual machines, in order to help intercepting US communications.
The teleprinter room of the USS Pueblo. Photograph courtesy John Pavelka, via Wikipedia [8].

After long and tough negotiations between North Korea and the US, the latter was forced to admit that the USS Pueblo was on a spying mission. Finally, after exactly 11 months of capture, the crew was released on 23 December 1968. The ship was not surrendered however, and remains a popular touristic attraction in North Korea to this day (2016). The photograph above shows the ship's teleprinter room in its present state, which is not very good. For additional information on the USS Pueblo, its capture and the aftermath, please refer to the Pueblo's original website [1].

 USS Pueblo Veteran's Association (off-site)
  1. AGER = Auxiliary General Environmental Research.
  2. SIGAD = SIGINT Activity Designator. → Wikipedia
  3. EMCON = Emission Control, also known as Radio Silence.
  4. SITREP = Situation Report.

Captured equipment
The following list shows which cryptographic equipment and documentation was present in the CRYPTO room of the USS Pueblo on 23 January 1968 when it was captured by North Korea. Although the crew had done its best to destroy the equipment, some of it was captured intact.
Qty Description Remark
1 KL-47 -
2 KW-7 One destroyed, one captured intact
3 KWR-37 -
4 KG-14 -
1 KWQ-8 kit Spare parts for the KW-7
1 KWQ-4 kit Spare parts for the KWR-37
1 KG-14 kit Spare parts for the KG-14
1 KAM-3(A) Repair and Maintenance Manual for KL-47
1 KAM-78(A) Repair and Maintenance Manual for KWR-37
1 KAM-79(A) Repair and Maintenance Manual for KWR-37
1 KAM-143(B) Repair and Maintenance Manual for KW-7
1 KAM-144(B) Repair and Maintenance Manual for KW-7
1 KAM-145(A) Repair and Maintenance Manual for KW-7
1 KAM-179(B) Repair and Maintenance Manual for KG-14

Damage assessment
After the crew of the USS Pueblo was released by the North Koreans in December 1968, they were debriefed by the US Navy. It was investigated which equipment had been onboard and how much of it had fallen into enemy hands. The final report on this investigation was released a few months later, on 28 February 1969 [3]. It turned out that the crew had done its best to destroy the equipment and the code material, but that some of it had been captured (partly) intact.
Of the two KW-7 cipher machines that were aboard, only one was properly destroyed. The circuit boards were removed and the circuit blocks were chipped to pieces. It was believed that this machine was destroyed beyond repair.

An attempt was made to destroy the second one, but by that time the ship was already being boarded by the North Koreans. All circuit boards were removed and were smashed against the wall, but it was believed by the crew that they were effectively undamaged and that the KW-7 could be made operational again [3 p.12].
Removing one of the boards

In itself, this should not have been a problem. The KW-7 was specifically designed as a tactical cipher machine for use in forward echelons where physical loss through capture had been anticipated [3 p.33]. The same crypto logic had been supplied to Australia, New Zealand and to all NATO countries. Although the enemy was expected to adapt the technology for their own use, the loss of the crypto logic had no effect on US COMSEC as the enemy had no access to the keys.
The above is true for any cryptographic system that provides security by complexity and follows the rules of Kerckhoffs's Principle, in which the secret is protected by the key rather than by the equipment [4]. The KW-7 was such a system.

Unknown to the US however, the Russians did have access to a wide range of keys and other crypto material, through US Navy chief warrant officer John Anthony Walker, who started spying for the Russians in December 1967. With this in mind, it seems logical to assume that the North Koreans passed on the KW-7 to the Russians, along with the information they had obtained from interrogating the crew of the USS Pueblo.

In his book Spymaster, former KGB general Oleg Kalugin even suggests that Pueblo Incident may have taken place because the Russians wanted to study the equipment described in documents supplied to them by Walker in 1967 [5].

 More about the KW-7
 More about John Anthony Walker

The knowledge gained from the capture of the USS Pueblo, combined with the continuous flow of key material supplied by Walker and his spy ring, allowed the Russians to decrypt well over one million classified US communications. Thanks to this, they often had advance knowledge 1 of top secret maneuvers and of the US B-52 bombing runs in Vietnam [5]. Driven by money, Walker was probably one of the most daring and damaging American spies in the history of the Cold War.
  1. This is contradicted by some sources that state that Walker only provided the Russians with keys that were at least two months old and were supposed to have been destroyed. Furthermore, intact KW-7 machines had been lost before in Vietnam and had almost certainly been supplied to the Russians [9]. On the other hand, in her 2001 thesis, Major Laura Heath comes to the conclusion that, after weighting all publicly available sources, it seems more than likely that the Pueblo Incident was related to Walker's activities [10].

  1. USS Pueblo Veteran's Association, USS PUEBLO (AGER-2)
    Official website. Visited May 2016.

  2. Espionage Encyclopedia, Pueblo Incident
    Retrieved May 2016.

  3. NSA, USS Pueblo, AGER-2, Section V, Cryptographic Damage Assessment
    28 February 1968. 106 pages. 1

  4. Wikipedia, Kerckhoffs's principle
    Retrieved May 2016.

  5. Oleg Kalugin, Spymaster
    2008. ISBN 1-85685-101-X.

  6. Wikipedia, USS Pueblo (AGER-2)
    Retreived May 2016.

  7. Robert E. Newton, The Capture of the USS Pueblo and its effect on SIGINT Operations
    United States Cryptologic History. Special Series, Crisis Collection, Volume 7. 1992. 2

  8. John Pavelka, Photograph of teleprinter room aboard the USS Pueblo
    Reproduced under the Creative Commons Attribution 2.0 Generic Licence.
    Retrieved via Wikipedia May 2016.

  9. Commander Bucher, The KW-7 and John Walker
    23 February 2001. Obtained from the USS Pueblo Veteran's Association.

  10. Laura H. Heath, Analysis of Systematic Security Weaknesses of the US Navy...
    M.S., Georgia Institute of Technology, 2001. Fort Leavensworth, Kansas (USA), 2005. Thesis of Major Laura Heath, detailing how John Walker exploited weaknesses in the US Navy Broadcasting System between 1967 and 1974.

  1. Declassified by NSA on 14 September 2012, FOIA case 40722.
  2. Declassified by NSA on 10 December 2006, EO 12958.

Further information

Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Monday 09 May 2016. Last changed: Thursday, 23 March 2017 - 13:15 CET.
Click for homepage