Nov 26, 2010 10:44 GMT  ·  By

A hacker has hijacked the Twitter account of Andi Arief, the Indonesian president's disaster management adviser, and used it to send a fake tsunami warning to thousands of people.

Twitter has been the place to go online for real time news and rumors for a long time now and speed of communication is at no time more important than when disasters are about to strike.

When it comes to natural calamities, few nations in the world are more troubled than Indonesia, a country which has over 150 active volcanoes and is frequently struck by earthquakes, floods or tsunamis.

It's, therefore, no wonder that someone like Andi Rief had over 8,000 followers on a Twitter account used to post disaster-related updates.

Unfortunately, such popularity often attracts cybercriminals and yesterday an unidentified hacker managed to obtain access to his account and send rogue messages.

One of the most disturbing ones read "Besok jakarta tsunami," which is Indonesian for "Jakarta tsunami tomorrow."

"Hacking into a Twitter account that is used for disaster relief is bad enough, but for the intruder to also spread malicious warnings makes me think that this must have been the actions of a very sick mind," commented Graham Cluley, a senior technology consultant at Sophos.

The use of Indonesian doesn't necessarily mean that the hacker is a native, as he could have used an online translation engine, but it is a strong possibility.

It took a couple of hours for Rief to regain control of his account, but he eventually posted "Good Afternoon Companions … My Account Is Back to Normal.. Thank You for Your Attention.. Greetings :)"

In a later tweet he announced that he opened a new account and that he is closing the previously compromised one. It's not clear if this was done because he can't trust it anymore or for a different reason.

Also, there's no information as to how the compromise actually occurred. We have previously seen high profile Twitter accounts hacked by brute force, by hijacking the associated email address or by convincing users to give a rogue application access to their profiles.