We look hard
We look through
We look hard to see for real

Sisters of Mercy, “Lucretia My Reflection”

Inspired by my recent conversation with the delightful Erik Arneson, I decided to take some time and write up a more cohesive set of my thoughts on the interrelationship of magic and computer hacking.

Prefatory note:  “Hacking” is a very broad term, which covers not only intrusion into computer systems, but also their defense, engineering, and an entirely vast array of non-computer-related tinkering, making, and puzzling.  Here, however, I’m talking specifically about the offensive side of hacking:  the approach to breaking into computers and networks.

In my day job, I’m a professional computer hacker.  I work on an internal red team, which means that I’m paid by my employer to break into our own systems before criminal threat actors can do so, and serve as a sparring partner for our network defenders.  In recent years I’ve seen a great many parallels between hacking and magic, and ways in which the former can inform the latter.  In doing so, I’ve also found myself viewing magic through the lens of a hacker more and more frequently.

By and large, my experience is that most people who become magicians are drawn to it by a common set of motivations.  We are people who are drawn to understand why and how reality works, and who have glimpsed beyond the common assumptions to know that there are secrets waiting to be discovered.  Those secrets captivate us, and we want to uncover them.  We see a closed door, and we want to know what’s behind it.  When the door is closed to us, we can choose to walk away–or we can start learning how the lock works and figure out how to pick it or otherwise bypass it so we can see what’s on the other side of that door ourselves.

Hacking is no different from magic in this regard.  In both cases, we want to dig beneath the assumptions to see how things actually work, regardless of how we think they’re supposed to work.  We find threads to pull on, we explore, we investigate, we play with the puzzles.  And with a certain amount of skill and luck, we can leverage our findings to give us the ability to do things we would ordinarily be unable to do otherwise.

Hacking and magic are, at their core, both systems of control.  They are both pursuits which involve approaching a system that appears to have a consistent set of rules and behaviors, and then trying to break those rules (or otherwise circumvent them) in ways that serve to our advantage.  And in both cases, the systems that we are exploring have seemingly denied us access.  When hacking computers, these can be access controls (like not having a valid password, or not having the right permissions to get at the data we want); or they can be technical limitations, such as having to figure out how an unknown program communicates over the network so we can learn how to speak with it.  In the case of magic, we are trying to achieve goals and accomplish effects that appear to be otherwise impossible given what we understand of the world around us and how it works.  Through magic, we attempt to exert some agency and gain leverage in order to achieve our desired effects.  Similarly, hacking is also fundamentally about control.  In both cases, the universe appears to tell us “no”, and we aren’t prepared to accept that answer.  So instead we go digging, we research, we experiment, and–like the velociraptors in Jurassic Park–we test those controls which appear to lock us in place.

The key in both cases is experimentation.  You can research and study works of magic all you like, but that isn’t the same as actually doing magic.  You can read as much as you want about the offensive uses of PowerShell or Python, or how to exploit a vulnerability in a piece of software, but doing so doesn’t make you a hacker.  For both the magician and the hacker, it’s putting that knowledge into action that defines the pursuit.

Magic, like hacking, is fundamentally both an art and an experimental science.  It should be noted that when I refer to magic as a “science”, I’m using the term in the earlier sense of scientia:  a body of knowledge, experience, and expertise.  In this sense I am speaking more to the pre-20th century meaning of the word, before the influences of Karl Popper and logical positivism crept in, and before we became ensconced in an epistemology of scientific materialism.  Instead, when I use the word I’m referring the pursuit of knowledge itself.  Because the terrain in both cases is so vast, however (infinite, in the case of magic), and because magic—like hacking—isn’t merely a domain of knowledge but rather the skill of putting knowledge into action in ways that achieve a desired result, the necessity for experimentation and experiential learning is unavoidable.
Like hackers, we as magicians must make room for what Aidan Wachter refers to as “serious play”.  We must cultivate our curiosity and follow it down the rabbit hole.  Rather than being content with established methods, we should be seeking to get at the root of what makes those methods work, and see how far we can stretch and bend them until they break–teaching us in the process what our palette of options is, what shortcuts we may safely take, and ever expanding our repertoire and our experience.  This is what makes someone a true hacker, and it is equally what makes a person a true magician.