"We were used - and then cast under suspicion": InfoDesk reports Fremtind to the police for fraud
By: Tobias Tobiassen Two years ago, IDT Solutions AS was hit by an alleged malware attack on its online store idtsports.com. Since then the case has developed into a conflict that threatens...
By: Tobias Tobiassen
Two years ago, IDT Solutions AS was hit by an alleged malware attack on its online store idtsports.com. Since then the case has developed into a conflict that threatens trust in the entire cyber insurance industry. InfoDesk AS, which was brought in to help on assignment from IDT, is today left with a police report against Fremtind Forsikring - for fraud.
From summoned resource to suspect
When IDT Solutions reported the case to its cyber insurer at Fremtind, the security company TrueSec and Lindbak IT were brought in. InfoDesk was contacted the same day and took part in a digital meeting where we obtained access to the web server at Syse Data. All content was downloaded, handed over to TrueSec and Lindbak IT - and analysed by us at the same time.
"I showed up, did the tasks I was asked to do, and received verbal confirmation that our hours would be settled when the case was concluded. Two years later we ended up with a recourse claim against us - and a flat refusal to pay for the work. That is why we have reported Fremtind to the police for fraud," says Håkon Berntsen of InfoDesk AS.
Shortly afterwards the tone changed: InfoDesk was no longer treated as a partner, but as a possible perpetrator.
Wrong explanation of cause and inflated costs
TrueSec quickly concluded that the cause was an outdated Elementor Pro module in WordPress - a known vulnerability at the time. InfoDesk believes this conclusion was presented before TrueSec had analysed the files, and that it does not match the evidence in the logs.
Our own analysis - supported by external experts - instead showed:
- That an administrator account created with the email address [email protected] was logged in from the Philippines.
- That infected extensions were uploaded in the same time window in which the malware appeared.
- That the company Kloner AS, which was engaged to develop a Magento replacement for idtsports.com, was the only real source of these changes.
At the same time, TrueSec invoiced nearly NOK 400,000 for its conclusion. By comparison, InfoDesk would normally have invoiced around NOK 5,000 to clean up such an infection.
Recourse claim against us
Not long after came a recourse notice for nearly NOK 600,000. The claim was directed at the web designer who had worked on idtsports.com, but with InfoDesk AS described as partly to blame.
The basis for the recourse listed costs for work that InfoDesk itself carried out - meetings, gathering and handing over files - but without us being paid for those hours.
"So we were first used as a free resource, and then threatened with a recourse claim based on our own work. It is a textbook example of being deceived," says Berntsen.
The claim was withdrawn - in exchange for censorship
After we provided extensive documentation, Crawford withdrew the recourse claim - both against us and the web designer. But this happened on the condition that all critical articles and coverage were removed.
When we put forward our own claim for settlement of the hours spent, it was rejected in its entirety. According to Crawford, the "workload was something anyone has to expect".
Police report against Fremtind
On this basis, InfoDesk has filed a police report against Fremtind Forsikring for fraud. The report rests on three points:
- That we were given a verbal promise of settlement for our work, but that this was later denied.
- That our work is used in the recourse claim as a basis for costs, but without us being compensated.
- That the explanation of cause was determined without any actual analysis of the files, something we can document through the logs.
"We are talking about small amounts in isolation. But the principle is hugely important: If professionals who help out in cyber attacks risk being made scapegoats, the entire insurance scheme is at risk of collapsing," says Berntsen.
A dangerous precedent
The case raises major questions about how far players such as Fremtind and Crawford are willing to go to recover money - and whether cyber insurance can in practice be misused to inflate damage costs and shift responsibility onto innocent subcontractors.
For InfoDesk, this is about more than economics:
- The legal protection of professionals in the IT industry.
- The dangers of assisting companies that have cyber insurance.
- The lack of balance between actual damage and artificially inflated costs.
Fremtind does not respond
We have sent Fremtind questions about the case, including:
- How they can justify that InfoDesk's work is listed as costs in the recourse claim, while at the same time refusing to pay us.
- How the explanation of cause could be ready before the files were analysed.
- How the costs could grow to nearly NOK 600,000 when the actual damage was far lower.
Fremtind has not responded to our inquiries.
Conclusion
This case shows how cyber insurance, which is supposed to provide security, can become a threat to those who step up. InfoDesk AS was first used as a resource, then cast under suspicion, and finally subjected to a recourse claim of nearly NOK 600,000.
"This is fraud, and that is why we have reported Fremtind. We cannot let such a practice go unchallenged," Berntsen concludes.
Editorial note:
Fremtind Forsikring, TrueSec, Crawford & Company, Lindbak IT, Kloner AS and IDT Solutions AS have been given the opportunity to respond. None of the parties had responded to the inquiry at the time of publication. Any replies will be published in full.
