Written by 
Roger Thompson, chief research officer at security firm AVG, told V3.co.uk that it is extremely uncommon for federal government sites to be hacked.
“City and country level sites get hacked all the time in the US and the UK, but it is very unusual to see an attack like this,” he said.
The affected sites, which have now been taken down, are bep.gov, bep.treas.gov and moneyfactory.gov.
The attack used an iFrame to add malware to the sites which reportedly sent data via a series of hosted PCs to the controller believed to be in eastern Europe.
Thompson said that the precise method of attack had not been proved, but that there was an 80 per cent chance that it came from the use of a third-party site visitor counter. He suspected the flaw could prove difficult to fix.
“I would not be at all surprised if it does not come back when they restart the sites, in which case we will have a bit of a chuckle and tell them again,” he said.
