On April 18, 2016, Todd Michael Gori, from the US state of Washington, applied for a cyber security job with TSI Healthcare Inc. – a corporation based in Chapel Hill, N.C., that sells and supports customized software for healthcare practice management and electronic health record software.
Well, at least, you might say it was an application letter. Then again, you could well consider it to have been an extortion note. According to court documents, this is what Gori said in his emailed cover letter:
This is [information identifying other party redacted]. I am giving you, TSI healthcare two choices. You either lay-off [identity redacted] and replace her with me, an operator 100x better that she is oppressing. Or I will take out your entire company along with my comrades via a cyber attack.
Well! That is one very confident cover letter, Mr. Gori. Could you tell us a bit more about your qualifications?
Gori’s email continued, misspellings, threats and all:
Get ride of her and hire me. Or slowly be chipped away at until you are gone. She is a horrible operator that can only manage 2 screens with an over inflated travel budget. I fly at least 10x as many places as this loon on 1/5th of the budget.
Judging by the email, it sounds like it wasn’t his first attempt to get hired either. He blamed “the loon” for her recalcitrance in helping his application proceed:
I have petitioned for a job with you guys with her as a reference as I am a felon with computer skills and need assistance getting work as technically I have “no work history”. She declines everytime and burries me even further. I even stated this straight from TSI website “Center for Generational Kinetics Best Places to Work for Millennials Top 75 Millennial Employer in the U.S. 2015” …
Gori gave TSI 72 hours to respond before unleashing the furies of his cyber attack. No avoiding it, he said: he did the penetration tests and declared that TSI was a fly stuck in his web:
There is nothing that can be done to stop the attacks. I have ran multiple penetration tests on your entire network and your company fails miserably.
“This is not a threat,” Gori wrote, nor is it a “means of leverage.” Rather, it’s just Gori saving himself, he said. You’ve been warned: if you don’t comply, he told TSI, “you can prepare for the most annoying and pesky uphill cyber battle your company has ever seen.”
Meanwhile, Gori said, “the loon” with the “over-inflated travel budget” will also be blocked from working while the attack is underway.
Upon finishing reading this missive, TSI Healthcare did what any organization would hopefully do: it hopped on the phone to call authorities – in this case, the FBI – straight away.
Last month, the US Attorney’s Office for the Middle District of North Carolina announced that the 28-year-old Gori had been sentenced to 37 months in federal prison after pleading guilty to threatening to damage computers at TSI. He was also sentenced to three years of supervised release.
So no, his request for a job did not turn out quite as planned.
And, it looks like TSI escaped a sorry fate: instead of actually hiring an employee from Hell, it instead had to fend off merely a job candidate from Hell. True, it was a criminally threatening extortionist job candidate from Hell, but at least TSI escaped the fate of some companies that wind up employing EfH as IT admins.
Like, say, the company whose Admin from Hell held it to ransom with a porn makeover.