The Slatest

Russian Hackers Attempted 2016-Style Phishing Hack of Claire McCaskill’s Senate Office Email

Sen. Claire McCaskill gestures with her right hand while speaking into a microphone during a news conference on Capitol Hill.
WTF? Mark Wilson/Getty Images

As a reminder of everything President Donald Trump isn’t doing to protect American democracy from second Russian electoral remix over the next hundred days, the Daily Beast reported Thursday that Sen. Claire McCaskill’s email was targeted by the same Russian hackers, the so-called “Fancy Bear” hackers backed by Russia’s GRU intelligence agency, in largely the same way, by trying to steal passwords through phishing. The Missouri senator is among the ten most vulnerable Democrats facing reelection this cycle, competing in states that Trump carried in 2016. Clinton only got 38 percent of the vote in Missouri and lost by nearly 20 points to Trump.

McCaskill confirmed the attack and said it was unsuccessful. “While this attack was not successful, it is outrageous that they think they can get away with this,” McCaskill said in a statement. “I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.”

Similar to the hacking effort that felled Clinton campaign chair John Podesta’s email account in 2016, this latest hack was carried out by sending email notifications informing staff recipients that their Microsoft password had expired and needed to be changed. “If the target clicked on the link, he or she was taken to a convincing replica of the U.S. Senate’s Active Directory Federation Services (ADFS) login page, a single sign-on point for e-mail and other services,” according to the Daily Beast. “As with the Podesta phishing, each Senate phishing email had a different link coded with the recipient’s email address. That allowed the fake password-change webpage to display the user’s email address when they arrived, making the site more convincing.”

In October, Microsoft wrested control of one of the spoofed website addresses— Seizing the Russians’ malicious domain names has been easy for Microsoft since August 2017, when a federal judge in Virginia issued a permanent injunction against the GRU hackers, after Microsoft successfully sued them as unnamed “John Doe” defendants. The court established a process that lets Microsoft take over any web addresses the hackers use that includes a Microsoft trademark.

Once alerted to the scheme, “Microsoft redirected the traffic from the fake Senate site to its own sinkhole server, putting it in a prime position to view targets trying to click through to change their passwords,” according to the Daily Beast.

*Update, June 27 , 2018: This post has been updated with a statement from Sen. McCaskill confirming the hack was unsuccessful and that it targeted her Senate office email, not her campaign email as was previously reported.