Good day. Security leaders may confront the decision to hire or reject a postprison job candidate as cybercrime grows and more hackers move through the justice system.

In the U.S. and U.K., people convicted of cyber crimes often have to contend with tech limitations after they leave prison. In Belgium and the Netherlands, tech restrictions on released hackers are rare, with judges reasoning that they would harm the individual’s ability to work and rejoin society. WSJ Pro's Catherine Stupp talked to convicted hackers, law enforcement authorities and others for her look at the issue. Read the full story. 

What kind of traits and criteria would you look at if considering a candidate with a hacking past? Let me know. 

More news, including: 

• What big banks spend on cyber
• U.S. blames Iran for Albanian attacks
• NEWSLETTER EXTRA | Navigating a 'nightmare'
• What CISOs are paid

U.S. Officials Blame Iran for Cyberattacks in Albania

Cyber operations against the Albanian government this month and in July were likely carried out by hackers supported by Iran, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said Wednesday in a joint statement. Wiper malware that destroys data and tools that encrypt systems hit websites and services of Albania's government, the U.S. officials said.

• Hackers had lurked in Albanian systems for at least 14 months before setting off malware, the FBI and CISA said. 
• Earlier in September, Albanian Prime Minister Edi Rama cut diplomatic ties with Iran over the incidents, expelling embassy staff. 
• The FBI-CISA advisory provides details about the hackers' techniques and how to counteract them.

'Grand Theft Auto' Maker Says Hackers Contacted Customers

Take-Two Interactive Software Inc., which confirmed it had been hit with a cyberattack last week, said hackers accessed one of the company's help desks and sent malicious links to customers. Earlier in the week, hackers said to be in the Lapsus$ gang leaked footage from a forthcoming version of the "Grand Theft Auto" game. (Reuters) 

• David Gadis, chief executive and general manager of DC Water (pictured), said his utility, which serves Washington, D.C., has the resources to model cybersecurity on national standards but also takes tech help from the city. "Unfunded federal mandates are putting a lot of pressure on utilities," Mr. Gadis said. (NextGov)

How Much Do Big Banks Spend On Cyber Security?

Bank CEOs typically say cyber threats are their biggest concern, so how much do they spend trying to stop them? A lot. Testifying at a House hearing on Wednesday, Bank of America CEO Brian Moynihan said his bank budgets $1 billion a year directly on cybersecurity. JPMorgan’s Jamie Dimon said his bank spent about $700 million, while Citigroup’s Jane Fraser and Wells Fargo’s Charlie Scharf said they both were around $700 million to $800 million.

— David Benoit

Designated Congressional cybersecurity committees are unlikely to happen, lawmakers say, mainly because colleagues are unwilling to give up their individual hold on the critical issue.

A key recommendation from a Congressionally-mandated body to examine U.S. cyber policy, the Cyberspace Solarium Commission, was to create committees in the House and the Senate to consolidate fact-finding hearings and efforts to enact cyber laws.

“In '76, they realized that intelligence was spread all over the Congress and they set up committees on intelligence in the Senate and the House to consolidate that jurisdiction. I don't know how they did it because trying to do that with cyber, we have found, is virtually impossible,” said Mr. King, a co-chair of the commission, speaking at an event hosted Wednesday by the Foundation for the Defense of Democracies think tank.

“Nobody wants to give up their little piece of the jurisdiction,” he said.

The Solarium Commission, which issued 82 proposals in March 2020, has had marked success elsewhere, including establishing a National Cyber Director position in the White House and expanding the powers of the Cybersecurity and Infrastructure Security Agency. Getting proposals through Congress involved getting almost 200 clearances from various committees and subcommittees, Mr. King said.

“You have no idea what a nightmare that is,” he said.

Rep. Mike Gallagher (R., Wisc.), another co-chair, said getting recommendations enacted would have been even more difficult without Rep. Jim Langevin (D., R.I.), who is retiring this year.

“He is the chair of the cyber subcommittee on the Armed Services Committee, and because of both that position, as well as just his indefatigable efforts in this space, we were able to get a lot passed,” Mr. Gallagher said of Mr. Langevin. “I don't think it would have been possible without his help.”

— James Rundle

• Razor’s Edge Management LLC, a venture-capital firm focused on investing in national-security startups, has closed a $340 million fund. Razor’s Edge said it targets startups developing tech including autonomous systems, space tech, cybersecurity, artificial intelligence and aerospace systems. Some of the companies it backs also can apply their technology to commercial markets such as energy, telecommunications and manufacturing. (WSJ Pro Venture Capital)

• Austin, Texas-based CrowdStrike Holdings Inc. said it plans to buy Israel's Reposify Ltd., a startup focused on protecting attack surfaces. CrowdStrike also said it will buy a chunk of Salt Security, which specializes in securing software interfaces. Financial details of the transactions weren't disclosed. (SecurityWeek)

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.