{"id":1571,"date":"2025-06-22T23:14:22","date_gmt":"2025-06-22T21:14:22","guid":{"rendered":"https:\/\/nettsak.no\/?p=1571"},"modified":"2025-06-24T14:07:06","modified_gmt":"2025-06-24T12:07:06","slug":"infodesk-reports-idt-solutions-as-to-the-police-claiming-insurance-fraud","status":"publish","type":"post","link":"https:\/\/nettsak.no\/en\/infodesk-reports-idt-solutions-as-to-the-police-claiming-insurance-fraud\/","title":{"rendered":"InfoDesk reports IDT Solutions AS to the police - claims insurance fraud"},"content":{"rendered":"

By Tobias Tobiassen, Nettsak | Published <\/em>22.06.2025<\/p>\n\n\n\n

\n
\n

Update after publication<\/h4>\n

\n After Nettsak published this case, both Fremtind and Crawford have withdrawn their recourse claims. Going forward, we will remove information from the article that is no longer relevant.\n <\/p>\n

\n Crawford nevertheless maintains his account of the course of events, despite the fact that this does not correspond with available logs and documentation.\n <\/p>\n

\n InfoDesk has announced that they will analyze the case again, and it is expected that the police reports may be withdrawn, as the recourse claim has now been waived and there is thus no financial loss - beyond the work hours required to produce correct decision-making bases for the insurance companies.\n <\/p>\n

\n At the same time, the case raises questions about the sense of justice in situations where serious financial claims are not thoroughly assessed before they reach the public, and where press coverage is ultimately required for fair treatment.\n <\/p>\n\n<\/div>\n\n<\/blockquote>\n\n\n\n

SANDEFJORD(Nettsak)<\/strong> - Small, specialized IT environments rely on insurance and the legal system to protect them from unreasonable claims. After two and a half years in the spotlight, the Sandefjord-based company is experiencing InfoDesk AS<\/strong> the exact opposite: A recourse claim of kr 430 514<\/strong> from Fremtind Insurance<\/strong>, built on the daily manager H\u00e5kon Berntsen<\/strong> calls \"a fictional history\".<\/p>\n\n\n\n

The attack no one can agree on<\/h2>\n\n\n\n

Night to April 3, 2023<\/strong> becomes the WooCommerce online store idtsports.com<\/em> Infected. A pirated backup extension is installed, WordFence is disabled, and visitors are sent to spam domains. The logs show logins from IP addresses in Cebu City, Philippines - under the account rune@kloner.no<\/em><\/a>, created the day before by Morten Iversbakken<\/strong> (Sales & Marketing Manager at IDT Solutions AS).<\/p>\n\n\n\n

Ten days later, InfoDesk submits a report to the anonymous web designers<\/strong> behind the page. The report points to Cloner AS<\/strong> As a source. IDT Solutions skips its suppliers, activates its cyber insurance and hires Truesec<\/strong> to full forensics.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The information above comes from documents submitted by InfoDesk AS.<\/em><\/p>\n\n\n\n

\n

\"We never hosted idtsports.com, we only developed features for idt.no<\/em> on a completely different server. But the recourse claim points only<\/strong> on us,\" says Berntsen in an interview with Nettsak.<\/p>\n\n\n\n

\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n<\/figure>\n<\/blockquote>\n\n\n\n

A bill - and a new online store<\/h2>\n\n\n\n

The Truesec invoice alone reads kr 305,484<\/strong>. The rest are hours and modules for Magento<\/strong> - a brand new platform Cloner AS<\/strong> had already started weeks before the attack. Everything is included in the recourse claim.<\/p>\n\n\n\n

\n
\"\"<\/figure>\n<\/blockquote>\n\n\n\n

Who has been reported - and for what<\/h3>\n\n\n\n
Name \/ company<\/th>Penalty provision<\/th>Short justification<\/th><\/tr>
IDT Solutions AS<\/strong><\/td>Penal Code \u00a7 376 (insurance fraud) & \u00a7 221 (false statement)<\/td>Incorrect information to Insurance, bill placed on third party<\/td><\/tr>
Svein Iversbakken<\/strong> (general manager)<\/td>Participation \u00a7 15, cf. \u00a7\u00a7 376, 221<\/td>Overall decisions and confirmations<\/td><\/tr>
Morten Iversbakken<\/strong> (Sales & Mkt.)<\/td>\u00a7 376, \u00a7 221<\/td>Created admin user linked to infection<\/td><\/tr>
Cloner AS<\/strong><\/td>Section 2-1 of the Damages Act (negligent damage), possibly aiding and abetting section 351 of the Damages Act.<\/td>Development tracks before, during and after the attack<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n

<\/p>\n<\/blockquote>\n\n\n\n

\"A pattern over several years\" - Berntsen is interviewed<\/h2>\n\n\n\n

Tobiassen, Nettsak:<\/strong> Why the police?<\/p>\n\n\n\n

Berntsen:<\/strong> \"Because the puzzle shows intent: first a dispute over unpaid invoices to the web designer, then an attack that legitimizes new platform, then a recourse claim that shifts the bill to us. In between battles, IDT Solutions AS has used BAHR lawyers in an attempt to gag our technical case studies, and sent a phishing PDF to the web designer to steal her login.\"<\/p>\n\n\n\n

Tobiassen:<\/strong> What do you think about the claim that Elementor Pro has not been updated?<\/p>\n\n\n\n

Berntsen:<\/strong> \"The Truesec report mentions it, but our logs don't show any exploit traffic to Elementor endpoints. However, they do show admin-upload<\/em> of pirated backup plugin from the Philippines the minute WordFence shuts down. This is a known mode for nulled-malware.\"<\/p>\n\n\n\n

Tobiassen:<\/strong> The case started as a recourse against the web designer - now everything points to you?<\/p>\n\n\n\n

Berntsen:<\/strong> \"We helped her with documentation; that's our culture. Since then, all the arrows have moved to us, but the core facts remain: We had no operating agreement, no server access before assisting TrueSec and no role in the Magento project.\"<\/p>\n\n\n\n

Notified everyone - the email documenting claims<\/h2>\n\n\n\n

Today, InfoDesk sent a copy of its latest response letter to Crawford<\/strong>, Truesec<\/strong>, Cloners<\/strong> and IDT Solutions<\/strong>. The email requires:<\/p>\n\n\n\n