By: Tobias Tobiassen
Two years ago, IDT Solutions AS was hit by an alleged malware attack on its online store idtsports.com. Since then, the case has developed into a conflict that threatens confidence in the entire cyber insurance industry. InfoDesk AS, which was called in to help on behalf of IDT, is today left with a police report against Fremtind Forsikring - for fraud.
From summoned resource to suspect
When IDT Solutions reported the matter to their cyber insurance in Fremtind, the security company TrueSec and Lindbak IT were involved. InfoDesk was contacted the same day and participated in a digital meeting where we obtained access to the web server at Syse Data. All content was downloaded, handed over to TrueSec and Lindbak IT - and simultaneously analyzed by us.
"I showed up, did the tasks I was asked to do, and received verbal confirmation that our hours would be settled when the case was closed. Two years later, we ended up with a recourse claim against us - and a flat refusal to pay for the work. That's why we reported Fremtind to the police for fraud," says Håkon Berntsen of InfoDesk AS.
Shortly after, the tone changed: InfoDesk was no longer treated as a business partner, but as a potential culprit.
Incorrect causal explanation and inflated costs
TrueSec quickly concluded that the cause was an outdated Elementor Pro module in WordPress - a known vulnerability at the time. InfoDesk believes this conclusion was presented before TrueSec had analyzed the filesand that it does not match the evidence in the logs.
Our own analysis - supported by external experts - showed instead:
- That an administrator account created with the email address [email protected] was logged in from the Philippines.
- That infected extensions were uploaded in the same time window as the malware originated.
- That the company Kloner AS, which was engaged to develop a Magento replacement for idtsports.com, was the only real source of these changes.
At the same time, TrueSec invoiced close to NOK 400,000 for its conclusion. In comparison, InfoDesk would normally invoice around 5,000 kroner to clean such an infection.
Recourse claims against us
Not long after, a recourse notice was issued on almost 600,000 kroner. The claim was directed against the web designer who had worked on idtsports.com, but with InfoDesk AS mentioned as partly responsible.
In the recourse basis, costs were listed for work that InfoDesk carried out itself - meetings, collecting and handing over files - but without being paid for these hours.
"So we were first used as a free resource and then threatened with recourse claims based on our own work. It's a textbook example of being cheated," says Berntsen.
The claim was withdrawn - against censorship
After we provided extensive documentation, Crawford withdrew the recourse claim - both against us and the web designer. But this is what happened under the condition that all critical articles and reviews were removed.
When we submitted our own claim for compensation for hours worked, it was rejected in its entirety. According to Crawford, "the workload was something everyone has to expect".
Police report of Fremtind
Based on this, InfoDesk has submitted a police report against Fremtind Forsikring for fraud. The review is based on three points:
- That we received a verbal promise of settlement for work, but that this was later denied.
- That our work has been used in recourse claims as a basis for costs, but without us being compensated.
- That the causal explanation was determined without actually analyzing the files, which we can document through the logs.
"We're talking about small amounts in isolation. But the principle is hugely important: If professionals who help with cyber attacks risk becoming scapegoats, the entire insurance scheme is at risk," says Berntsen.
A dangerous precedent
The case raises big questions about how far companies like Fremtind and Crawford are willing to go to collect money - and whether cyber insurance can in practice be abused to inflate claims costs and shift liability onto innocent subcontractors.
For InfoDesk, this is about more than finance:
- The legal security of professionals in the IT industry.
- The dangers of assisting companies that have cyber insurance.
- The lack of balance between real damages and artificially inflated costs.
Fremtind does not answer
We have sent Fremtind questions about the case, including:
- How they can defend the fact that InfoDesk's work is listed as costs in the recourse claim, while they refuse to pay us.
- How the causal explanation could be clear before the files were analyzed.
- How the costs could grow to almost NOK 600,000, when the actual damage was far lower.
Fremtind has not answered our inquiries.
Conclusion
This case shows how cyber insurance, which is supposed to provide peace of mind, can become a threat to those who provide it. InfoDesk AS was first used as a resource, then put under suspicion, and finally subjected to a recourse claim of almost NOK 600,000.
"This is fraud, which is why we have reported Fremtind. We cannot allow such practices to go unchallenged," concludes Berntsen.
Editorial note:
Fremtind Forsikring, TrueSec, Crawford & Company, Lindbak IT, Kloner AS and IDT Solutions AS have been given the opportunity to respond. None of the parties have responded to the inquiry at the time of publication. Any responses will be published in their entirety.
English 
Norsk bokmål