In July The Daily Beast reported that Senator Claire McCaskill was the target of a Russian operation:
The attempt against McCaskill’s office was a variant of the password-stealing technique used by Russia’s so-called “Fancy Bear” hackers against Clinton’s campaign chairman, John Podesta, in 2016.
The hackers sent forged notification emails to Senate targets claiming the target’s Microsoft Exchange password had expired, and instructing them to change it. If the target clicked on the link, he or she was taken to a convincing replica of the U.S. Senate’s Active Directory Federation Services (ADFS) login page, a single sign-on point for e-mail and other services.
The attempt was one of three apparently detected by Microsoft, and was not successful. But even if it were, the unsophisticated nature of this type of password phish almost certainly qualifies not as a "hack" per se, but as an exercise in social engineering. As such, it isn't much different from the social media bots and astroturfing we already know will be attempting to influence the election process.
More relevant for this question is the very real concern of voting booth security, which the state of Nevada, at least, has devoted $8M to improving. North Carolina has also developed a plan for systemic upgrades, and Florida is attempting to improve their process as well.. These efforts would be in addition to the $250M Senate Democrats are attempting to disburse over Republican objections.
NBC News has reported that, at the federal level, no one is in charge of election security oversight:
"The President has made it clear that his administration will not tolerate foreign interference in our elections from any nation state or other malicious actors," the White House said in a statement afterward.
But current and former officials tell NBC News that 19 months into his presidency, there is no coherent Trump administration strategy to combat foreign election interference — and no single person or agency in charge.
This is despite the fact that official state websites are eminently vulnerable. From FiveThirtyEight:
...the subpar preparation of state websites and election systems remains a concern for cybersecurity experts. According to Hursti, the potential vulnerabilities outlined by Appsecuri were basic. Using slang for relatively inexperienced hackers, he called them “‘script-kids’ vulnerabilities, which anyone can find.” Hursti said that no website “with anything meaningful” should have these kinds of vulnerabilities on its site in 2018.
With all that in mind, the question:
Will the 2018 US Midterm elections be hacked?
Resolves positive if by Jan 15, 2019, the ODNI, other US agency (DOJ, FEC), or Congressional Committee, releases a report assessing affirmatively that hacking (as defined below problem) was part of the 2018 campaign of influence.
For our purposes, "hacked" is understood to mean the unauthorized access of a site or system--distinct from but still compatible with mimicking the appearance of same--perpetrated by a malicious actor with the express intent to alter the outcome of any or all elections in the timeframe. For example, an official entering account information into a webpage designed to look legitimate, resulting in a compromised machine that precipitates an info dump, e.g. is not a hack, but the takeover or penetration of that same website would be. Alternatively, an intentional miscount of physical ballots would not be a hack, but a manipulation of a system to do the same would be.