Heidi Richards, a 52-year-old resident of Brandon, Florida, has been sentenced to 22 months in federal prison for her role in a conspiracy involving the trafficking of illicit Microsoft certificate of authenticity (COA) labels. In addition to the prison term, Richards was ordered by the court to pay a $50,000 fine. The sentencing was announced by U.S. Attorney Gregory W. Kehoe.
Court documents and evidence presented during the trial showed that Richards operated under the business name Trinity Software Distribution. She purchased thousands of genuine Microsoft COA labels from co-conspirators at prices well below retail value for the associated software. Richards and her employees extracted product key codes from these labels and sold them in bulk to customers. Federal law prohibits selling COA labels separately from the software they are meant to accompany.
COA labels are used to verify Microsoft software authenticity and contain security features designed to prevent counterfeiting. They are not intended for sale apart from their corresponding licenses and hardware, as they do not have independent commercial value. However, there is an illegal secondary market for these labels because their product key codes can activate Microsoft software.
The investigation was conducted by Homeland Security Investigations' Kansas City Field Office. The case was prosecuted by Assistant U.S. Attorney Risha Asokan of the Middle District of Florida and Trial Attorney Jared Hosid from the Justice Department’s Computer Crime & Intellectual Property Section (CCIPS).
According to information provided by CCIPS, since 2020 it has achieved convictions against more than 180 cybercriminals and helped recover over $350 million in funds for victims.
"CCIPS investigates and prosecutes cybercrime in coordination with domestic and international law enforcement agencies, often with assistance from the private sector," according to officials.
