A Brandon-based software distributor is facing up to five years in prison after a federal jury delivered a guilty verdict for her role in a scheme involving the trafficking of Microsoft certificate of authenticity (COA) labels, as announced by United States Attorney Gregory W. Kehoe. The defendant, Heidi Richards, 52, was convicted of conspiracy to traffic in Microsoft's COA labels, according to a press release from the U.S. Attorney's Office for the Middle District of Florida.
Richards, operating under the business name Trinity Software Distribution, had been paying millions to co-conspirators for standalone Microsoft COA labels, which she obtained at significantly lower costs than the retail prices tied to the software they are meant to accompany, court documents reveal; furthermore, these labels, which are intended to authenticate Microsoft software and prevent counterfeit replication due to their security features, were then stripped of their product key codes that were sold in bulk to customers—a practice that is illegally trying to sell the COA labels on their own, separated from the hardware or the licenses they are supposed to be with.
The penalties for Richards's actions include a maximum five-year sentence, with her hearing scheduled for February 26, 2026. Insight into this case tells us that the Homeland Security Investigations Kansas City Field Office took the lead on the investigation, eventually culminating in this conviction and serving as a stark reminder of federal enforcement against the illicit trade in digital authentication mechanisms.
The prosecution was a concerted effort between Assistant U.S. Attorney Risha Asokan of the Middle District of Florida and Trial Attorney Jared Hosid from the Justice Department’s Computer Crime & Intellectual Property Section (CCIPS), which typically tackles cybercrime with the help of international and domestic law enforcement and the private sector—and with a track record of securing convictions since 2020, CCIPS serves as a warning to those who believe they can subvert the integrity of software ownership and distribution through underhanded means.
