Russian hackers have already launched their first attempts to meddle in the 2018-midterm elections by targeting a democratic senator whose seat is considered vulnerable, according to reports—and they will likely keep going, according to one expert.
On Thursday, Senator Claire McCaskill, a Democrat from largely Republican Missouri, confirmed that Russian hackers tried to gain access to her office’s computer networks. The statement was one of the first indicators that Russia is attempting to interfere in the 2018 elections, although lawmakers and security experts have been warning for months that such interference would likely take place.
U.S. intelligence agencies have accused Russian government-linked hackers of interfering in the 2016 presidential election, and have warned they will do it again in the next round of elections.
“While some seem surprised that they [Russia] would ‘try again’—well of course, it worked so well for them so why not; it’s incredible easy to pull off,” Robert Katz, executive director of the Cyber Science Institute, told Newsweek.
“It’s impossible to really know if this is ‘the first’ mid-term election attack since we don’t know of the many potentially undetected or not-yet detected ones,” Katz added. “This attack, so similar to the previous ones, and even ones from the Mueller indictment, are so common and easy, they could possibly even be a mocking diversion or deception from attack by another vector. This just reinforces the truth that most attacks are successful by attacking the weakest links of our multi-billion dollar networks and infrastructure—people.”
Earlier in July, Microsoft alleged that three candidates in the midterm elections had already been targeted by phishing campaigns that appeared similar to the ones that targeted Hillary Clinton’s campaign for president in 2016. During a discussion at the Aspen Security Forum, a representative of Microsoft described how his company had discovered that a fake Microsoft domain was being used as “the landing page for phishing attacks.”
Microsoft began seizing the fake domains after the company successfully sued members of Russia’s military intelligence last year. A federal judge issued an injunction against the Russians and permitted Microsoft to seize any web address with a Microsoft trademark. This allowed the company to see who the hackers were targeting and when, the Microsoft representative described.
The hack on Clinton’s campaign chairman John Podesta during the 2016 election was allegedly perpetrated by a group of Russian hackers known as Fancy Bear, which sent fake emails that urged the user to change an expired password. When the victim clicked the link and changed his password, the Russian hackers gained access to his computer system. McCaskill’s office was allegedly targeted using the same techniques. Like Clinton, the Democratic senator has been highly critical of Russia throughout her career.
“These are extremely unsophisticated attacks, which is all the more disheartening regarding their reported success for the DNC account and its implications,” Katz told Newsweek.
Just several weeks ago, the Justice Department indicted 12 Russian military officials, calling them out by name, for having interfered in the 2016 presidential election. Days later, President Donald Trump met Russian President Vladimir Putin for two hours behind closed doors.
It is still unknown what the two men discussed during the meeting, but Trump later cast doubt on whether the Russian government had been involved in the 2016 election interference. U.S. intelligence agencies have unanimously determined that Russia is to blame. Many lawmakers and analysts have expressed dismay over the fact that Trump appears unwilling to take Russian election interference seriously, and that the government isn’t doing enough to protect itself against Russian interference in the lead up to the 2018 election.