We have the first documented case of Russian hacking in the 2018 election

Sen. Claire McCaskill, one of the 2018 midterms’ most vulnerable Democrats, appears to have been a Russian target, per reporting from the Daily Beast.

Russia is already trying to hack the 2018 midterm elections, going after Sen. Claire McCaskill (D-MO), one of the most vulnerable Senate Democrats up for reelection this year.

That’s the key takeaway from a piece published Thursday afternoon by the Daily Beast. Reporters Andrew Desiderio and Kevin Poulsen used a combination of court records and internet sleuthing to identify that malicious emails to a McCaskill aide were sent from a server that likely belongs to Fancy Bear, the same Russian intelligence group that did the 2016 hacks. The attack, launched in the second half of last year, seems to have failed.

The evidence in the Daily Beast piece that this attack was launched by Russians is reasonably compelling. If it’s correct, then this is the first publicly identified case of Russian interference in a specific 2018 election campaign.

What’s more, the report comes two days after President Trump said Russians would likely be “pushing very hard for the Democrats” in 2018. Not only does this appear to be false — according to the Daily Beast, Russia is already working to help Republicans — but in fact, they’re getting involved in a smartly targeted race, one tight enough that it could end up mattering to the outcome.

You’d only want to do that if you wanted Republicans to maintain control of the Senate.

What the Daily Beast found — and why it matters

To understand how the Daily Beast figured out what was going on here, you need to understand a few technical details.

Fancy Bear, a subgroup of Russia’s GRU intelligence service, is the same group that went after Clinton campaign staffers in 2016. The strategy was to put a link in an email saying a password had expired, and then redirect the reader to a website where they would click another link that would grant the hackers access to the email accounts.

To get people to click the second link, the hackers plastered their fake website with Microsoft logos — so it looked like a site you’d legitimately visit to change your Outlook password. Microsoft didn’t like this and actually sued the Russian hackers in US court, demanding the power to be able to shut down any websites hosted on servers identified as belonging to Fancy Bear that used Microsoft logos in them. In August 2017, the company won the case, and it’s been shutting down Fancy Bear sites ever since.

The Beast reporters looked through evidence related to that case and found something interesting in a September 26 snapshot of one of the now-closed Russian sites: a “fake password-change page with the Senate email address of a McCaskill policy aide on display.”

What that shows, in short, is that a website that Microsoft had determined to be hosted on a Fancy Bear server was demonstrably trying to trick a McCaskill staffer into giving up access to their account. That is fairly strong evidence that Russia’s intelligence services were, in fact, trying to hack McCaskill.

This is an extremely big deal. Microsoft had already announced that Russian hackers had gone after “three candidates” in the 2018 election, but hadn’t revealed who they were. Identifying McCaskill specifically as a target is incredibly revealing: She’s only up on her Republican opponent by one point in the RealClearPolitics average. If Democrats lose her seat, they face a very tough road to win back the Senate in November. Helping Republicans defeat McCaskill (or another Democratic senator in a Trump-voting state) would be perhaps the single biggest boost that Russia could give to the GOP — and, by extension, to President Trump.

All in all, this Trump tweet, from Tuesday, has aged remarkably poorly: