Coding Typo "Hacked" the NHS and Redirected Visitors to Malware Sites

By Gary Cutlack on at

The online advice services offered by the NHS are currently under siege, after a reader discovered that pages on the NHS Choices web portal were redirecting users to ad-serving and malware sites. But this was no hack, it was the discovery of a teeny tiny typo that allowed shady coders to hijack innocent hypochondriacs.

According to the NHS, the coding typo had happily existed in the web code since last year, but it was only when someone spotted it -- and bought the domain it erroneously pointed at -- that NHS visitors were redirected to the bad peoples' adverts instead of advice about what to do about their mysterious headaches and chest pains.

The NHS explained how the crude hack had been put in place, saying: "Last year, a developer accidentally put '' rather than '' as the source for the JavaScript file. Last night someone in the Czech Republic took ownership of the incorrectly spelt domain it was referring to; the correctly spelled one is actually owned by Google. Although the typo existed in NHS Choices code, until the point the domain name was purchased, this was not causing any issues." [Guardian]