Home / Industry

Unraveling Unsolved Mysteries with Threat Intelligence

Have you ever heard of Lake City Quiet Pills? It refers to a mysterious site that first made waves on Reddit in 2009 and has since resurfaced.

What Is Lake City Quiet Pills?

Lake City Quiet Pills (LCQP) is known as an image-hosting site "lakecityquietpills.com" — believed to be run by a Redditor with the handle "ReligionOfPeace" also known as "Milo."

Some Redditors speculated that LCQP was a front for ex-military contract assassins. A few believers have even attempted to draw connections between the site and the assassination of Mahmoud al-Mabhouh in January 2010. That theory, however, has been debunked. Others, meanwhile, speculated that "quiet pills" is slang for "bullets."

Here's a timeline of LCQP-related events:

  • Early 2009: Milo, who claimed to be a military veteran, regularly commented on a variety of topics. He spent more time, however, talking about violence and politics and rallying against liberal news sites and socialism. In doing so, he promoted a variety of content from his site, most of which was prejudicial and offensive. Using Threat Intelligence Platform, we found that the LCQP domain was registered in June 2008 anonymously in the U.S., among other data points.
  • July 2009: Milo stopped posting. A new poster with the handle 2-6 logged on a day after Milo's last post appeared. 2-6 claimed to be Milo's hosting provider. This post led the curious to dig deeper into 2-6 and found a user named AngelTwo-Six whose email address often appeared in the LCQP site. AngelTwo-Six's forum posts had no direct ties to LCQP. However, they could be associated with the Lake City Army Ammunition Plant, which had the tagline: "Dispensing Lake City Quiet Pills to lousy bastards in need of permanent rest since 1968."
  • January 2010: Investigations led to a poster named Angel (assumed to be AngelTwo-Six) looking for groups of 8-10 people who were fluent in specific languages to travel to different countries and deliver packages. On the surface, this could have ties to illegal activities. Some believed the ad was related to Mahmoud al-Mabhouh's assassination (debunked since).
  • September 2011: CNN's Anderson Cooper did a feature on LCQP. His investigation looked closely at the site's pornographic nature. This exposed Jailbait moderator, Michael Brutsch, who allowed LCQP content to tag his subreddit.
  • October 2012: The Jailbait subreddit has since been shut down. And Brutsch, also known as "Violentacrez," aired his side to the media in an exclusive interview with Adrain Chen.
  • 2018-2019: A post telling Redditors to stop looking into LCQP appeared. This was followed by another post still discussing the unresolved mystery to date. So where do things stand? A quick look at the LCQP site's WHOIS records shows that the domain is set to expire in June 2020 and was last updated in February 2019. A WHOIS history search revealed that it changed domain owners four times. At present, the domain's ownership is nontransferable.

What this sequence of events shows is that web activities leave breadcrumbs, which may lead to speculations, mysteries, and unanswered questions. Are there ways to look into this while casting some light on dubious or criminal undertakings? This is made possible, at least partially, through threat intelligence.

Using Threat Intelligence for Investigating Online Entities

A threat intelligence platform offers easy-to-use tools, services, and application programming interfaces (APIs). More specifically, threat intelligence data can help gather detailed information about hosts and their infrastructure — notably through real-time host configuration analysis. With it, researchers and analysts can better determine:

  • If a domain contains malware or other potentially harmful content (malicious Android application packages (APKs) and executable files, iframes, scripts, and redirects)
  • If it has a valid Secure Sockets Layer (SSL) certificate and properly configured system settings
  • Details available in WHOIS records including:
    – When a domain was registered
    – When its registration expires
    – When it was last updated
    – Who its registrar is
    – Who owns it and ways to contact him
    – What country it's registered in

These information sources can aid in cybercrime-related investigations. The data can also serve as jump-off points for collecting more specific investigative information from additional sources.

* * *

While forums can be valuable sources of information on emerging threats, caution is necessary. Taking a step back and launching a proper forensic investigation is one way to comprehend the bigger picture.

Threat Intelligence Platform (TIP)

About Threat Intelligence Platform (TIP) – Threat Intelligence Platform (TIP) offers easy to use threat intelligence tools, services, and APIs to get detailed information about hosts and the infrastructure behind them. Gathering data from different providers, utilizing our substantial internal databases (compiled for 10+ years), and also real-time host configuration analysis, our threat intelligence solutions provide an in-depth look at target hosts and are an essential addition to any threat detection toolkit. Visit Page

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform