We have all undoubtedly come across methods of steganography in our childhoods. The infamous writing of secret messages to friends in invisible ink may have seemed so unexplainable at the time, yet our young selves never questioned such a phenomenon. Now we can realise that it all came down to the art of steganography.

It is present both physically and digitally, having migrated online in recent years along with most other new features of the digital world. Aside from its ability to draw a few laughs as a party trick, it can be used effectively as a form of covert communication, as well as being a method used by hackers. Derived from the Greek words στεγανος (meaning “hidden”) and the stem γράφ- (meaning “to write”), it involves concealing a secret message or data within something that is not secret, which can be almost anything. This separates it from average encryption: with standardly encrypted data, hackers are able to immediately recognise exactly what to attack, yet steganographically encrypted data leaves no traces of a secret message without being deeply explored, therefore asserting itself as an effective method of transmitting data securely.

Modern day steganography often entails embedding messages within images or Word/Excel documents. For instance, the first image below is an unassuming picture of a person, yet the one below that has the first 10 chapters of Nabokov's Lolita hidden in the image. This lends credence to the intricacy of steganography as there is no discernible distinction. Furthermore, there is no immediate method to justify my very claim, which illustrates the effectiveness of this technique.

As is true with the images shown above, the hidden message will be placed within the pixels of the image. For the current RGB format, which is currently used by most images, the memory used is 24-bit, giving rise to a possible 16 million colours. When combined with the high resolution of modern images, if 1 to 3 bits were taken up by secret information, the changes to the whole picture are invisible, especially with increasing resolutions. This is only one of the methods to conceal data - another method entails writing the message into the file’s metadata. Hiding the message in plain sight not only has minimal effect on its security but is also much more amusing to the programmers.

With the digitalisation of steganography, there have naturally been multiple applications designed to implicate such a procedure; examples include Steghide, Xiao, Stegais and Concealment. By using steganography programs such as the simple Steghide snippet below, a message can be embedded into a file and extracted with the correct password. The strength here is that only someone who knows there is a hidden message will know to apply the appropriate program; the data will be inaccessible otherwise, proving how effective steganography is at cybersecurity.

Aside from its most obvious use being cybersecurity and keeping sensitive data secure, it is also popular amongst hackers. By using scripts such as Powershell and BASH, attackers are able to automate attacks without needing the victim to use an application such as Steghide. The following steps allow the malicious script to be executed by merely having the document read by the user:

1. The victim clicks on the document which has been altered by steganography.
   

2. The click unleashes a hidden Powershell/BASH script.
   

3. This script can then install an application into the computer which often evades anti-malware software due to how quickly and subtly it acts.
   

4. The attacker can then compromise the computer via execution of said malware. This may be capable of keylogging, enlisting the computer into Distributed Denial of Service botnets, or installing Trojans such as Rovnix or Pillowmint.
   

These are just a handful of the potential malwares which can be installed once a steganography attack is successful, which demonstrates how collateral the damage could be.

Steganography is used both by hackers with malicious intent and by penetration testers. These are “ethical hackers” employed by an organisation to help them scrutinise their safety systems. A penetration tester attempts to gain access to data and highlights the security vulnerabilities to avoid malicious hackers from exploiting these.

Furthermore, with the recent rapid development of AI such as ChatGPT, the ability to modify steganographic techniques has been improved, which renders detecting attacks far more arduous than previously. Yet, since this method has been around digitally for a few years now, analysts have been identifying the key tactics and techniques which are used by hackers to attack using steganography. Therefore, most antivirus applications can identify the typical characteristics of steganographic applications. This is alike most other methods of hacking, which implies that hackers will be constantly attempting to develop new ways in breaking through anti-malware. However, there are certain precautions which can be taken to prevent an attack:

1. Ensure the details of the sender of a file do not seem dubious before opening the file. 
   

2. Use trusted sources when downloading applications. 
   

3. Use an updated anti-malware application which is trusted to update the backlog of recognised attack methods.
   

Ultimately, steganography can be utilised by both the defenders and attackers of sensitive data. It is a dynamic and ever-evolving method with several techniques. Unlike other encryption or anti-malware techniques, both sides are trying to one-up each other in developing a better version, which makes it one of the fastest progressing digital techniques.