A summary and Kearnan perspective on Jennifer Ewbank’s May 11, 2026 analysis in HSToday
Kearnan Consulting Group, LLC acknowledges and thanks the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) for circulating this article to its members on May 21, 2026 and providing the link to the published source. FB-ISAO is a sector ISAO recognized through the ISAO Standards Organization (see https://www.isao.org/group/fb-isao/). FB-ISAO framed the article as related to its Priority Intelligence Requirements 01 through 04 and summarized the central concern as follows: Iran and Iran-aligned actors are increasingly using a Violence-as-a-Service model in which low-level recruits, criminal intermediaries, or ideologically aligned proxies can be tasked remotely to conduct hostile activity, with recruits who may not know who hired them, may never meet handlers in person, and may be used as disposable actors. For organizations, this model lowers the barrier for violence as foreign-linked actors exploit local individuals, encrypted communications, and small payments to create real-world risk more easily.
On May 11, 2026, former CIA Deputy Director for Digital Innovation Jennifer Ewbank published “Violence-as-a-Service: Iran’s Digital Recruitment Model and the Homeland Threat” in HSToday. The piece argues that politically motivated violence is increasingly organized through transactional online recruitment rather than through the cells Western counterterrorism doctrine was built to detect. Kearnan Consulting Group, LLC summarizes the article below and offers our perspective on what it means for client security planning.
What Ewbank reports
Ewbank opens with the April 18, 2026 attempted arson at Kenton United Synagogue in north London, where a 17-year-old and a 19-year-old were arrested. The Metropolitan Police confirmed that the 17-year-old, a British national from Brent, pleaded guilty to arson on April 21, 2026. She presents the incident as a case study in what threat intelligence circles call “violence-as-a-service” (VaaS), in which buyers commission discrete acts through encrypted messaging and cryptocurrency, often hiring people with no criminal history.
She references Europol’s Operational Task Force GRIMM, established in late April 2025, which has reported that minors are involved in more than 70 percent of the criminal markets it tracks. Drawing on reporting from DarkOwl, she describes a three-layer ecosystem: social media for discovery and grooming, dark-web and Russian-language forums for reputation and pricing, and encrypted messaging (Telegram in particular) for tasking, proof of action, and payment.
On the Iran dimension, Ewbank cites Harakat Ashab al-Yamin al-Islamia, a hollow front group analysts assess as a vehicle for the Islamic Revolutionary Guard Corps that has claimed attacks against Jewish, Israeli, and Western-affiliated targets across Belgium, the Netherlands, France, and the UK since March 2026. She also points to the 2025 sentencing of Rafat Amirov and Polad Omarov in the Southern District of New York to 25 years each for an Iran-directed murder-for-hire plot against journalist Masih Alinejad, and a German court finding that Iranian state agencies were behind a 2022 attempted attack on a Bochum-area synagogue organized through a former Hells Angels figure.
The Kearnan view
Ewbank’s central argument, that US counterterrorism doctrine and resourcing were built for a different model and have not fully adapted, aligns with patterns we observe across client engagements. Three implications stand out.
The recruitment vector is transactional, not ideological. Countering Violent Extremism programs designed around radicalization pathways will miss the teenager paid a few hundred dollars to throw a firebomb. The attack surface is digital while the execution is physical, which means organizations with siloed cyber and physical security functions risk seeing indicators in neither place. And attribution will lag, so faith institutions, NGOs, and Iranian-American community organizations should plan protective postures that do not depend on advance federal warning.
Recommended actions for clients
Review physical security at symbolically significant sites with particular attention to stand-off distance, lighting, and after-hours surveillance. Refresh liaison relationships with FBI Joint Terrorism Task Forces and local fusion centers. Update workforce and volunteer screening criteria to account for transactional recruitment, not only ideological warning signs. Brief staff and congregants on encrypted-platform recruitment patterns and unsolicited financial approaches. Review continuity and insurance posture against low-yield, high-visibility incidents intended to produce fear rather than mass casualties.
Kearnan Consulting Group, LLC is available to assist with threat assessments and protective security planning. Contact your engagement lead for follow-up.
Sources and acknowledgment
Primary source: Jennifer Ewbank, “Violence-as-a-Service: Iran’s Digital Recruitment Model and the Homeland Threat,” HSToday, May 11, 2026. Available at https://www.hstoday.us/featured/violence-as-a-service-irans-digital-recruitment-model-and-the-homeland-threat/.
Acknowledgment: This advisory was prompted by an FB-ISAO member alert dated May 21, 2026, which referenced the article above in connection with FB-ISAO Priority Intelligence Requirements 01 through 04. Kearnan Consulting Group, LLC thanks FB-ISAO for sharing the source with its membership. More on FB-ISAO at https://www.isao.org/group/fb-isao/.
This advisory is provided for informational purposes only and does not constitute legal advice. Factual claims summarized above are attributed to Ms. Ewbank’s HSToday article and the underlying public reporting it cites; Kearnan Consulting Group, LLC has independently corroborated the Kenton United Synagogue arrests, the Europol Task Force GRIMM launch and findings, the Alinejad sentencing, the German court ruling in the Bochum matter, and Ms. Ewbank’s prior CIA role through public reporting and primary-source statements.