Russians Tried To Hack Claire McCaskill. To Help Her, Probably!
The universe has a funny way of creating ironic juxtapositions. Like for instance, just the other day, Donald Trump took to the Twitter to try to convince everyone Russia would probably try to get Democrats elected in the midterms because Trump is so very tough on Russia. It was therefore nearly mandatory for news to break yesterday that Russia tried to access email accounts from the office of Democrat Claire McCaskill, the US senator from Missouri. Irony achievement: unlocked. Fortunately, not so much any of her staff's emails, that we know of.
The attempt to grab control of emails from McCaskill's office was done through a targeted "spearphishing" attack similar to the one carried out in 2016 by those Fancy Bears against Hillary Clinton's campaign manager, John Podesta. Emails claiming to be from Microsoft were sent to McCaskill's Senate staff, telling them their passwords for Microsoft Exchange had expired, and asking staffers to click a link to update their password. The location went not to Microsoft, but to a spoofed URL set up by the GRU, Russia's military intelligence agency and a page that looked exactly like the central login page for Senate email and other online services.
The Daily Beast notes it was a fairly clever phishing attempt:
As with the Podesta phishing, each Senate phishing email had a different link coded with the recipient's email address. That allowed the fake password-change webpage to display the user's email address when they arrived, making the site more convincing.
Luckily, Microsoft had previously sued the GRU for other attempts to impersonate its products, and had stolen back control of the spoofed Senate address, which meant that when anyone clicked on the link, their data went not to Russia, but to a "sinkhole server" owned by Microsoft. It was apparently a really good fake: At last week's Aspen Security Forum, Microsoft VP Tom Burt said the company had saved three US midterm election candidates' offices from having their passwords phished, although Burt didn't name the candidates.
"We did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for elections in the midterm elections," said Burt, Microsoft's corporate vice president for customer security and trust. "We took down that domain and working with the government actually were able to avoid anybody being infected by that particular attack."
Reporters at the Daily Beast started investigating, and determined one of the targets had been McCaskill's office. McCaskill confirmed the alleged intrusion attempt Thursday and said she'd release further details next week, and later issued a statement condemning the phishing attempt:
Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable [...] While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated. I've said it before and I will say it again, Putin is a thug and a bully.
Oh, hey, this is almost certainly nothing more than a HUGE coincidence, simply another case of the brain's capacity to make ironic connections (we said in the lede it was the universe, but it's our highly evolved monkeybrains, really). But yeah, the password-theft attempt against McCaskill occurred in August 2017, and wouldn't you know it, Donald Trump traveled out to Missouri in August 2017 for one of his stupid campaign rallies, where he mocked McCaskill and told the crowd to "vote her out of office," but he didn't publicly ask Russia to help elect her Republican opponent, state attorney general Josh Hawley. So like we say, just a funny little juxtaposition there.
So anyhow, just go ahead and don't worry too much about Russian interference in the midterms, because even though Director of National Intelligence Dan Coats says the warning lights have been "blinking red," the "president" knows Russia is trying to throw the election to the Democrats, and Homeland Security Secretary Kirstjen Nielsen said earlier this month there's no reason to worry, either, explaining that while
"adversaries and nonstate actors" consider U.S. elections a persistent target, Nielsen said there are "no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016."
Thank goodness the House has already voted against increased spending for election security, since there's no problem the Republican majority can see. The Senate may consider a similar measure soon, and we bet McCaskill will have plenty to say on the matter. Republican senators will no doubt tell us not to worry about protecting the vote, because look what a great job Microsoft did at being in the right place at the right time while the government left her office unprotected.
Doktor Zoom's real name is Marty Kelley, and he lives in the wilds of Boise, Idaho. He is not a medical doctor, but does have a real PhD in Rhetoric. You should definitely donate some money to this little mommyblog where he has finally found acceptance and cat pictures. He is on maternity leave until 2033. Here is his Twitter, also. His quest to avoid prolixity is not going so great.