A company can have the best security infrastructure in the world and hackers will still find it easy to break thorough using social engineering, according to reformed hacker Kevin Mitnick.

He said that hackers can gain access to seemingly secure systems by using people to circumvent technology.

"Human resources are the weakest link in any security chain," Mitnick told vnunet.com.

"There are very basic psychological techniques you can use to get round even the most sophisticated security set-up. In some cases you can get people to offer information without being asked."

His book, entitled The Art of Deception, is loosely based on his own experiences and advises security chiefs on how to deal with social engineering attacks.

These vary from a direct request for a password by someone impersonating a member of a company's IT support team, to more cunning double bluffs and the use of guilt or intimidation.

The trick lies in collecting several pieces of innocuous information from a variety of sources until the hacker can make a final call and get the information needed to break the system.

Mitnick advises that staff should be trained to always authenticate the person asking for information, even if it means an extra phone call.

They should be encouraged to stand their ground and believe that security is more important than bowing to the requests of the apparently powerful.

Many of the highest security set-ups are the most vulnerable to this kind of attack.

The increased sense of security makes users blasé and more likely to assume that, if someone has detailed knowledge of the system, they are entitled to access.

Hackers will be disappointed at the lack of technical information in the book, but Mitnick has included two chapters for security managers which detail specific policies that can foil the social engineer.

Mitnick has also set up a specialist consultancy called Defensive Thinking which offers advice on security awareness.