But please, check for yourself, visit the site. On safari you right light to inspect element, click resources and scripts, and there you find it.
I can't claim credit for spotting this. @Scott_Helme on twitter drew my attention to it. He has managed to find a lot of sites running it.
But I can confirm I have checked, and it is true - but check for yourself.
P.S. The hack is in a third party site (browsealoud.com) from which the ICO include scripts but do so without integrity checks. If anyone should be "careful" and have proper "technical and organisation measures" in place, it is the ICO.
P.P.S 15:30 seems browsealoud.com have done something, using an invalid certificate (odd) but has the effect of stopping the issue.
A little more for my less technical friends.
When you visit a web site, a lot of things get loaded in to your web browser in the background. These include images, and stylesheets and scripts which do useful things. Sometimes these come from other web sites.
In this case the ICO have included a script from another site, which does something useful - a tools to allow text readers for the web site for blind people. It is included in a lot of web pages.
However, someone has hacked that third party web site, so now when you go to the ICO web site you get more than you bargained for.
The ICO could have protected you from this - there is a way for them to tell your browser what to expect, and so it would not load the hacked version. The ICO should really know about this and have done it, being, well, the ICO. They did not.
So what is this bad thing that you get? Well it is not "infecting your computer", thankfully, but it is using it to "mine cryptocurrency". While the web page is open your computer will be slower as it is doing loads of work behind the scenes.
Explaining cryptocurrencies would take a while, but they are like money except you can "create" it using computers. It normally takes a lot of computing power (and hence money for electricity) to create useful amounts. However, by harnessing the power of millions of computers that are simply accessing web sites someone can make money using your computer. That is why they do this.
Is the A&A site OK? Well, yes, we use very few external scripts at all, and we don't use the one that has been hacked. However, we had not yet added these integrity checks yet - we are actually working on a new web site, and so some "maintenance" things have been left behind a bit with "That'll be sorted with the new web site". However, this example shows how important that is, and it will be done shortly anyway. We really feel the ICO should have known better though.
