PGP, Pellicano & FBI's "password-divining system"



I was reading about the Pellicano case recently and a comment that the
FBI had finally accessed his hard drives caught my interest.

I was going to post here asking for people's thoughts on how they went
about this, since I would expect someone of Pellicano's technological
savvy to have used high-end crytography software. Obviously the route of
least resistance is the passcode... but how did they get his passcode?

I just found an interesting article on law.com which suggests his
encryption was cracked using a "password-divining system":

"several federal agencies have designed systems to figure out pass
codes, generally by inputting detailed data about an individual into a
computer to get a psychological profile that can suggest potential
codes"

It's a fascinating piece:

http://www.law.com/jsp/ca/PubArticleCA.jsp?id=1140775520572

But smoke and mirrors to cover up the use of a backdoor?

Even if it is possible to "profile" your way to a passcode, surely the
most sophisticated users (the most likely persons of interest) would
chose the passcode using a random number generator to choose words from
a newspaper (or something along these lines, that's probably a flawed
methodology!--I suppose my *choice* of newspaper could be profiled, and
newspapers tend to have idiosyncratic vocabularies... using a number
generator to choose a book from the Gutenberg archive to use as a word
bank would probably be a better option).

Hwoever, for the average user, a key logger, wiretap or even a tempest
attack would be more cost effective. I don't see where a "password
profiler" fits in, it sounds like something from the movies. If
terrorists and organized crime were regularly using passwords that could
be reverse-profiled, wouldn't this system be kept secret? I hadn't
considered using a method that completely removes the element of choice
until I read that article (not that I use cryptography software...).

Anyway, any thoughts on how the Feds actually cracked Pellicano's PGP?
On second thoughts, he was probably a prime candidate for profiling...
Apparently the guy saw himself as a Godfather... his passcode was
probably "omerta" or something stupid.
.