OPERATION SILENCE:
The Coordinated Cyberattack Campaign Against berndpulch.org
A forensic account of the multi-vector digital warfare conducted against this platform โ including DDoS attacks, Negative SEO poisoning, reputation fraud, and the Automattic infrastructure link โ with full Google Search Console evidence.
This platform has been under sustained, coordinated digital attack since at least January 2026 โ and by documented pattern, annually before that. The attacks are multi-vector: technical DDoS, Negative SEO link poisoning, reputation association fraud (connecting this site to porn, hacking, and financial fraud), and exploitation of shared infrastructure via Automattic/WordPress.com servers. Google Search Console data now provides forensic proof of both the attack and its cessation. This report is a timestamped public record and forms part of the ongoing RICO evidentiary filing (Case 1:15-cv-04479, U.S. District Court, Southern District of New York).
I. The Evidence: What Google’s Own Data Shows
Google Search Console data for berndpulch.org covering January 24 to April 23, 2026 โ exported April 27, 2026 โ reveals an unmistakable attack-and-recovery signature that no algorithm change or content gap can explain.
During the JanuaryโMarch attack period, daily impressions were artificially suppressed to between 12,000 and 30,000 despite the site’s 120,000+ article archive. Click-through rates held at 0.25โ0.4%, consistent with normal performance on a site of this authority. Then, in the week of April 17โ23, 2026 โ coinciding with the Easter period, when attack operations paused โ impressions exploded from 22,000 to over 74,000 per day. This is not organic growth. This is the lifting of a suppression filter.
| Period | Avg Daily Impressions | Avg Daily Clicks | CTR | Assessment |
|---|---|---|---|---|
| Jan 24 โ Feb 10 | ~16,500 | ~57 | 0.33% | โ Active suppression |
| Feb 11 โ Mar 17 | ~22,000 | ~60 | 0.28% | โ Continued suppression |
| Mar 18 โ Apr 16 | ~21,000 | ~54 | 0.26% | โ Residual suppression |
| Apr 17 โ Apr 23 (Easter) | ~58,000 | ~57 | 0.09% | โฆ Suppression lifted |
The Easter correlation is forensically significant. Attack operations โ whether human-coordinated or automated โ require active maintenance. Holiday periods reduce operational capacity. The simultaneous cessation of attacks and the recovery of impressions during the same 72-hour window on April 17โ19, 2026 is not coincidence. It is confirmation of an actively maintained suppression campaign.
II. The Attack Vectors: How It Was Done
A. Negative SEO Link Poisoning
The primary sustained attack method. Thousands of toxic backlinks were constructed pointing to berndpulch.org with anchor text associating the site with fraud, pornography, hacking, and financial crime. This is a documented tactic in digital warfare against investigative journalists and functions by triggering Google’s spam detection algorithms, which interpret an unusual volume of low-quality links with toxic anchor text as a signal that the destination site is itself a spam or malicious operation.
The pattern is confirmed by the GSC inbound links data, which shows hundreds of Bitchute API endpoints, anonymous proxy services, and content farms in the site’s recent link profile โ none of which reflect editorial choice or organic citation.
A disavow file has been submitted to Google Search Console. This instructs Google to exclude the toxic links from its ranking calculations. The Easter-period impression recovery suggests Google began processing this disavow submission during the same period.
B. The Automattic Infrastructure Link
A significant element of the attack infrastructure has been traced to servers operating within or adjacent to Automattic’s network โ the company behind WordPress.com, on which berndpulch.org operates. This is not an accusation against Automattic itself but a forensic observation: the attack operators used automated WordPress infrastructure โ bots, scrapers, fake referral injections, and duplicate URL generation โ that exploited the shared hosting environment to manipulate how Google perceives and crawls this site.
This is why berndpulch.org remains on the WordPress.com free plan despite its limitations. Migrating to a self-hosted or commercially managed WordPress installation would expose the site to the full range of plugin-based attacks. In April 2026 alone, at least 30 WordPress plugins were found to contain planted backdoors after being purchased by malicious actors โ a supply-chain attack vector that the free plan’s plugin-free architecture is immune to by design.
In April 2026, a buyer identified as “Kris” โ with a background in SEO, cryptocurrency, and online gambling โ purchased 30+ WordPress plugins and planted backdoors in all of them. The backdoor activated on April 6, 2026 and gave remote operators full control of any website running the affected plugins. Berndpulch.org, operating on the WordPress.com free plan without third-party plugins, was not affected. This architecture decision, often criticized as a technical limitation, proved to be a security asset.
C. URL Injection and Duplicate Content Manipulation
GSC coverage data shows 229 pages flagged as “Duplicate โ not canonicalized by user” and 19,787 pages in “Crawled but not indexed” status. These figures are abnormal for a site of this architecture and strongly indicate automated URL parameter injection โ a technique where bots generate thousands of variant URLs for the same content (e.g. article?ref=spam, article?source=hack) causing Google to treat legitimate content as duplicate or low-quality spam.
The 36,512 pages excluded by noindex tag require further investigation. While some of this reflects normal WordPress archive behavior, the scale is inconsistent with intentional configuration and may reflect injected noindex meta tags in page headers โ a known attack technique that silently removes pages from Google’s index without the site owner’s knowledge.
D. Reputation Association Fraud
A parallel campaign has been operating in the search results themselves, attempting to associate berndpulch.org with pornography, financial fraud, and criminal hacking through manufactured search results, fake mirror sites, and defamatory content on anonymous platforms. This tactic is designed to deter new visitors, damage advertiser or sponsor relationships, and create a false paper trail that can be used in legal or regulatory proceedings against the journalist. The operators behind this campaign have been provisionally identified as connected to the GoMoPa network and the Ehlers/Lorch/DFV syndicate documented in RICO Case 1:15-cv-04479.
III. The Annual Pattern: This Is Not New
The January 2026 attack is part of a documented annual cycle. Coordinated attacks on berndpulch.org have been recorded in January of multiple consecutive years, typically intensifying around significant legal or investigative milestones. The pattern is consistent with a retained, professional negative SEO operation โ not opportunistic hacktivism โ because:
- โThe attacks correlate with publication of specific investigation milestones, not random timing.
- โThey pause during holiday periods (Christmas, Easter) โ consistent with human operator availability, not automated-only campaigns.
- โThey use multiple simultaneous vectors (DDoS + Negative SEO + reputation fraud), indicating coordinated operational planning rather than a single actor.
- โThe server error count (3,155 5xx errors in the GSC crawl data) points to active infrastructure interference, not configuration drift.
- โTechnical fingerprinting has confirmed shared infrastructure between GoMoPa and the Ehlers network, routing through the same Cloudflare nodes in Toronto โ a probability of coincidence below 1 in 1,000,000.
IV. Update: Current Status โ April 2026
As of April 27, 2026, the following has been confirmed:
- Disavow file submitted to Google Search Console
- Attack infrastructure documented and filed
- RICO evidentiary package updated
- All critical data transferred to secure offshore backup
- FSB Molnar Files and Vacuum Study preserved in US-protected whistleblower filing
- Server error (5xx) resolution โ 3,155 affected pages
- Noindex tag audit โ 36,512 pages under review
- Reputation fraud monitoring โ ongoing
- URL injection canonicalization โ pending fix
- RICO case active โ Southern District of New York
The impression spike to 74,000+ daily in the Easter window is the clearest signal yet that Google’s systems are beginning to re-evaluate the site’s true authority. With the disavow file processed and attack operations temporarily suspended, the site’s organic footprint is reasserting itself. The next 60 days will be critical in determining whether Google fully lifts the suppression or whether the attack operators resume operations.
V. Legal Notice and Evidentiary Status
This article constitutes a public timestamped record of the attacks described herein. It is filed concurrently as supporting evidence in the RICO proceedings and as a formal complaint to the relevant digital platform operators and law enforcement bodies in Germany, the United States, and the European Union.
Any further attempts to suppress, deindex, or interfere with this publication or with berndpulch.org will be treated as an attack on a US-protected whistleblower process and will trigger immediate diplomatic and legal escalations. The data is already beyond the reach of any finalization strategy.
All intelligence assets โ including the 25-year Vacuum Study, the FSB Molnar Files, and the Stasi OibE-Lists โ have been transferred to secure, redundant offshore locations and are being integrated into the SEC/RICO legal filing under US jurisdiction.
This investigation continues. Support independent journalism that refuses to be silenced.
Support on Patreon Contact Bernd Pulch
๐ Bernd Pulch | Uncensored Investigative Intelligence since 1994 