Security giant Symantec has confirmed that elements of its source code have been stolen by hackers that accessed servers belonging to the Indian military.

Symantec said the code, which relates to its Norton antivirus product, is from two older enterprise products, one of which is no longer in use. It will not affect consumer customers, Symantec said.

A hacking group calling itself The Lords of Dharmaraja claimed on Pastebin that it had accessed the code and would publish it online. The post has since been deleted but is still available via Google cache.

Symantec’s statement acknowledges the third-party breach. "We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication the code disclosure impacts the functionality or security of Symantec’s solutions. Symantec’s own network was not breached, but rather that of a third party entity," it reads.

The statement added that Symantec believes no customer data is at risk. "Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."

Fellow security companies have come out in support of Symantec, claiming the theft of source code is not a huge disaster, but that damage could be done to Symantec’s reputation.

"If the rumours turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers," wrote Imperva’s Rob Rachwald on the company blog.

"There isn’t much hackers can learn from the code which they hadn’t known before. Why? Most of the anti-virus product is based on attack signatures. By basing defences on signatures, malware authors continuously write malware to evade signature detection," he added.

"Further, malware versions continuously evolve in such a rate where signatures cannot keep up with them in the first place. The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them. A key benefit of having the source code could be in the hands of the competitors," wrote Rachwald.

Graham Cluley of Sophos agreed, saying that the company is paying for a hacking group’s issues with the Indian government: "Even if it was up-to-date source code, it may be of limited use to hackers and be used more as a "trophy scalp" for a hacking group attending to generate publicity for its grievances with the Indian authorities."

"It’s hard not to feel sympathy for Symantec – who appear to have been caught in the crossfire between a hacking gang and the Indian authorities. Although Symantec customers may not be at risk, it’s easy to see how the software company will feel bruised by the publicity that the Lords of Dharmaraja have generated through their hack," he wrote.