Shad0wS3C claimed responsibility for the EJBCA data breach

Shad0w Security (Shad0wS3C) claimed responsibility for the data breach of the EJBCA that resulted in the exposure of credentials and certificates.

Shad0w Security claimed responsibility for the data breach of the EJBCA – Open Source PKI Certificate Authority.

Shad0w Security recently breached into a Switzerland Branch of EJBCA – Open Source PKI Certificate Authority and stole dozens of certificates and credential in clear text.

“EJBCA^® is a PKI Certificate Authority software, built using Java (JEE) technology. Robust, flexible, high performance, scalable, platform independent, and component based, EJBCA can be used stand-alone or integrated with other applications” states the description of the EJBCA.

The group of hackers is politically motivated, they fight against government dragnet surveillance in the name of Homeland Security.

“We are here to send a message to your Government, Your government is spying on you on the name of national security. The right to privacy is a human right, you deserve it as a human not as a citizen of a state. but your privacy is no the only thing that’s in risk.” states the message from the group.

The group’s message also mentions the politic of the US that is accused of persecuting people like Snowden, because he revealed the surveillance machine of the Government of Washington.

“oh, and lets not forget the united nations a.k.a united states, do you really think the UN is some sort of peace keepers or guardians of some kind ? then you need to wake up.” continues the message. “you saw what happens to people who ask questions or fight for you and risk their selves, people like Snowden [they were once part of the system but they woke up], they told us the truth, they showed us the way, why haven’t we woke up yet ? what’s more damaging is not what the governments are doing, but your silence is their power, and as long as they are in power you are not free.”

Gh0s7 provided me evidence of the hack by showing data leak that belongs to EJBCA certificate authority breached by his team.

The leaked file with all the stolen certificates was published on paste.co, the hackers also published some usernames and passwords on http://pasted.co/f6646a99 .

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Shad0wS3C , hacking)

Update 28/9/2016

I was contacted by a representative of the PrimeKey Solutions, the company behind EJBCA who provided me further details on the incident

This was not a data breach on EJBCA, the breach was on the company server/database, which happens to use an old and non-updated security system, including EJBCA. It is however imperative that EJBCA was not breached, as this company is not related to EJBCA.
The leaked data belong to the EJBCA database of EveryWare, a Swiss-based company.
There was no “data leak that belongs to EJBCA certificate authority”, if there was a data leak this is data that belonged to the company and not EJBCA.
There is no Switzerland branch of EJBCA. EJBCA is the trademark of PrimeKey Solutions and has no branches.

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.