A computer incident derived from a regular update of servers causes errors in the resolution of the “.fi.cr” domains, which causes failures in the display of the pages used by the Costa Rican financial system. This, in turn, generates problems in the timestamp of the digital signature, which prevents users from completing this process correctly.
The incident, which started at 9:00 a.m. of this September 23rd and had not been completely resolved, was confirmed by the director of Digital Governance of the Ministry of Science, Technology, and Telecommunications (Micitt), Jorge Mora.
The failure, the official stressed, is not related to the National Digital Signature System but to a query that is carried out as part of the development of the certificate’s timestamp, which is made on a site whose domain is “.fi.cr”.
“When it comes to digitally sign, among the electronic components that are developed to give security, there is a document called time stamping. This is what saves the integrity of the document from when it was signed and gives validity to that document.
The digital signature has duration of four years, once that certificate expires, with the time stamp what we do is that that document does not appear expired after the four years when that certificate expired, but keeps it valid.
“When the query is made to stamp the time, it does not stamp with the machine (computer), but it stamps though a query through a .fi.cr address to the Certifying Authority. As of now, to make that query and not resolving the ‘.fi.cr’ domain caused problems when putting the time stamp on the document,” explained Mora. Due to this situation, Mora recommended that users who have had problems digitally signing documents during the day to try again as of September 24th.
The computer incident in the resolution of the domains for the financial system is considered “random”. This implies that not all citizens will suffer from difficulties and that problems with websites do not occur simultaneously and widely.
Also, the Director of Digital Governance indicated that a technical team from the administration unit of the “.cr” domains, NIC Costa Rica, seeks to solve the incident. At 4:30 p.m. on September 23rd, Mora assured that he had received information that “the issue is almost resolved; they are in the testing process.”
The official ruled out finding evidence that the incident was caused by a computer attack and assured that the data of users and institutions of the financial system is kept safe and properly protected.