If you’ve been following the news over the past few days, you’re probably already familiar with the fact that for a number of hours, the National Health Service website based out of the UK was redirecting to malicious websites designed to steal the credentials from unwitting users. Anyone who attempted to make an appointment with their doctor, check the status of their insurance claims, or email a representative were redirected right into the hands of hackers from the Czech Republic.
The problem came to light thanks to a Reddit user named Muzzers, who discovered that the source of the redirects were malicious script tags containing a URL that pointed to a falsified version of the Google-owned address for developers. Instead of a URL that read “googleapis.com” like it should, the redirects were flipping everyone over to a version that ended in “googleaspis.com”, hoping that people would graze over the admittedly subtle difference.
In his personal account, Muzzers wrote how his encounter with the problem first went down.
“So while attempting to access flu shot information I stumbled upon a page which redirected me to an advertisement. Digging a bit deeper I found hundreds more pages which redirect to either an advertisement or malware infested page.”
Apparently what makes this case different from other similar redirect raids, is that the attackers behind the problem never even needed to write code for the hack. According to IT specialists responsible for running the website, the html required for the crack was already installed in the NHS database, simply waiting for someone with a keen eye to come along and recognize an opportunity when they saw one.
“An internal coding error has caused an incorrect re-direct on some pages on NHS Choices since Sunday evening. Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code.”
All that’s known about the person behind the attack is a Whois lookup, placing him or her somewhere in the Czech Republic. The NHS has told reporters they will be launching an inquiry into the matter, and expect to have results and a full report on the damage done in the next couple of weeks.