A report in Mother Jones this week cites a recording of Senate Minority Leader Mitch McConnell (R-Ky.) in his offices engaged in what he thought was a private conversation. Someone recorded the conversation and provided the recording to Mother Jones.

Especially in the context of political figures our thinking about surveillance gets primitive. Indeed, even the title of the Mother Jones article exhibits this: "Secret Tape: McConnell and Aides Weighed Using Judd's Mental Health and Religion as Political Ammo". The emphasis on "Secret Tape" is mine, and I'm not going to get into the substance of the discussion in this commentary.

Of course McConnell wants the recording investigated by the FBI and this is obviously reasonable, although it's not at all clear what laws were broken by Mother Jones or whoever created the recording.

The term "bugging" in political context raises images of Watergate (for those of us old enough to remember it — I'm 51 and remember it clearly), with burglars breaking into a building and physically messing with telecommunications equipment, not to mention big clunky tape recorders in the Oval Office.

The sort of bugging equipment used in the Watergate break-in

The sort of bugging equipment used in the Watergate break-in

Nowadays you'd do it completely differently. How would you record someone's conversations clandestinely? You'd use the powerful and flexible world of malicious software. Every computer and mobile device in that office where Senator McConnell was speaking is a potential clandestine recording device.

A malicious program installed on any computer or phone or tablet in the office could turn on the microphone, record the contents and forward it on to the attacker, either through email or some cloud sharing service. It's not all that complicated. The program could also potentially record video, but this is more likely to be noticed because of the large volume of data involved.

What's a little complicated is how you'd get the malicious software on the specific device. This would involve what we call a targeted attack against McConnell or his staff. I don't know exactly how it's done, but obviously it can be done.

It's possible, through rigourous best practices, to prevent this sort of surveillance softwre from getting on your systems, but sadly it's common for people not to want the inconvenience attached to such security.

By the way, just to clear things up, Mother Jones issued a statement saying that they were not involved with the creation of the recording: