A startup is hacking into India’s central bank for a good cause

The invisible enemies.
The invisible enemies.
Image: Reuters/Kacper Pempel
We may earn a commission from links on this page.

Saket Modi’s job is to break into the IT systems of India’s central bank.

Because Modi is a white hat—an ethical hackermore and more companies, including top commercial lenders such as HDFC Bank and ICICI Bank, want him to do the same for them, too.

The 26-year-old is the co-founder and CEO of Lucideus, a four-year-old startup he launched as a student of Jaipur’s LNM Institute of Information Technology. Lucideus scans the IT systems of its clients for possible hacking or malware attacks and suggests remedies and services if the systems are found to be vulnerable. Some of these scans are automated, others manual.

The firm, whose other co-founders are Vidit Baxi and Rahul Tyagi, was set up in 2012 and later incubated at SINE, the Indian Institute of Technology, Bombay’s startup incubator.

Today, New Delhi-based Lucideus is more relevant than ever.

It has grabbed illustrious clients, such as the country’s digital payments regulator, the National Payments Council of India (NPCI), and food chains such as Pizza Hut and KFC. And unlike most other startups in India, it is already making profits—Rs1.3 crore in fiscal 2016. The company has access to some of the most sensitive data in the country but their services are needed now more than ever.

The year 2016 was particularly notable for hacking incidents in India. First, millions of debit cards came under attack, indicating a broader risk to the banking sector in Asia’s third-largest economy. Then, a group of anonymous hackers, which calls itself Legion, took over the Twitter handles of prominent Indians.

Now, with prime minister Narendra Modi encouraging citizens to go cashless, cyber security has become increasingly important. The industry is estimated to reach $38 billion in India by 2025, according to Nasscom, a software lobby group.

Early days

Lucideus’s Modi first toyed with hacking when he was 17 years old. As a class twelve student, he had broken into the school’s system to access a chemistry exam question paper. Then, in college in Jaipur, he began speaking at events about ethical hacking and cyber security. The hobby turned into a freelancing opportunity, which culminated in the establishment of Lucideus.

“It was a massive market. On weekends, I used to teach cyber security and ethical hacking. By the third year, I already had a lot of colleges that would invite me. By the fourth, I had a list of clients, and started a private limited company,” Modi said over the phone.

In 2013, Lucideus set up its first office in New Delhi. Since then, it has grown into a firm with 75 employees and revenue of Rs4 crore (2015-16).

Core operations

Starting as a training provider of cyber security, Lucideus has transformed itself into a services and consulting firm. Modi’s co-founders, Baxi and Tyagi, also share his passion for hacking.

Baxi, 29, explained how Lucideus works with a typical client: “Technology changes from client to client. But the basic approach stays more or less the same. We first analyse, then identify the flaws and gaps in the security; then we create a report that shows how to mitigate these flaws.”

For the Reserve Bank of India (RBI), too, they provided a mix of services, “from training the staff to assessing their IT systems,” Modi explained. Lucideus has also worked with the NPCI, which executed the ambitious United Payments Interface (UPI) project. Launched by former RBI governor Raghuram Rajan, UPI is a payment system that can be used for intra-bank transfers and online payments via a smartphone.

“We can’t make Digital India without being a secure Digital India. There is a lack of awareness in security,” explained Tyagi.

Money matters

For four years, Lucideus was bootstrapped. The founders operated with a small amount of capital, mostly from personal savings or revenues. It later received funding from angel investors such as Sanjay Baweja, former Flipkart CFO, Anand Chandrasekaran, head of platform and product partnerships (messenger) at Facebook, and Amit Chaudhary, director of Motilal Oswal Private Equity.

In September this year, Lucideus announced its third round of angel funding but Modi declined to reveal the total amount the company has received till date.

The next step is scaling up through automation.

“We’ve realised that to scale up a services business is difficult because you need more people. But, the more the number of humans, there are more issues that come in,” Modi said.

Lucideus has marked its presence outside India, too, gaining a few Fortune 500 companies as clients in New York, California, and London. But it isn’t aggressively looking at expanding abroad right now, since there’s enough cyber security risk to handle at home.