Shad0wS3C claimed responsibility for the EJBCA data breach

Pierluigi Paganini July 27, 2016

Shad0w Security (Shad0wS3C) claimed responsibility for the data breach of the EJBCA that resulted in the exposure of credentials and certificates.

Shad0w Security claimed responsibility for the data breach of the EJBCA – Open Source PKI Certificate Authority.

Shad0w Security recently breached into a Switzerland Branch of EJBCA – Open Source PKI Certificate Authority and stole dozens of certificates and credential in clear text.

“EJBCA® is a PKI Certificate Authority software, built using Java (JEE) technology. Robust, flexible, high performance, scalable, platform independent, and component based, EJBCA can be used stand-alone or integrated with other applications” states the description of the EJBCA.

Shad0wS3C EJBCA Shad0w Security

The group of hackers is politically motivated, they fight against government dragnet surveillance in the name of Homeland Security.
“We are here to send a message to your Government, Your government is spying on you on the name of national security.  The right to privacy is a human right, you deserve it as a human not as a citizen of a state. but your privacy is no the only thing that’s in risk.” states the message from the group. 

The group’s message also mentions the politic of the US that is accused of persecuting people like Snowden, because he revealed the surveillance machine of the Government of Washington.

“oh, and lets not forget the united nations a.k.a united states, do you really think the UN is some sort of peace keepers or guardians of some kind ? then you need to wake up.” continues the message. “you saw what happens to people who ask questions or fight for you and risk their selves, people like Snowden [they were once part of the system but they woke up], they told us the truth, they showed us the way, why haven’t we woke up yet ? what’s more damaging is not what the governments are doing, but your silence is their power, and as long as they are in power you are not free.”

Gh0s7 provided me evidence of the hack by showing data leak that belongs to EJBCA certificate authority breached by his team.

The leaked file with all the stolen certificates was published on, the hackers also published some usernames and passwords on .

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Shad0wS3C , hacking)

Update 28/9/2016

I was contacted by a representative of the PrimeKey Solutions, the company behind EJBCA who provided me further details on the incident

  • This was not a data breach on EJBCA, the breach was on the company server/database, which happens to use an old and non-updated security system, including EJBCA. It is however imperative that EJBCA was not breached, as this company is not related to EJBCA.
  • The leaked data belong to the EJBCA database of EveryWare, a Swiss-based company.
  • There was no “data leak that belongs to EJBCA certificate authority”, if there was a data leak this is data that belonged to the company and not EJBCA.
  • There is no Switzerland branch of EJBCA. EJBCA is the trademark of PrimeKey Solutions and has no branches.

you might also like

leave a comment