A Florida girl was sentenced to 22 months in jail for working a large years-long scheme to visitors hundreds of stolen Microsoft Certificates of Authenticity (COA) labels.
52-year-old Heidi Richards (also referred to as Heidi Hastings, Heidi Shaffer, and Heidi Williams), who operated an e-commerce enterprise known as Trinity Software program Distribution, was additionally ordered to pay a $50,000 high quality.
COA labels are small stickers that authenticate software program and carry distinctive product key codes used to activate merchandise distributed on bodily media, similar to Microsoft’s Home windows working system and Workplace productiveness suite.
As prosecutors defined, COA labels carry no unbiased business worth and should not legally be bought other than the licensed software program and {hardware} they’re designed to accompany. Nonetheless, the codes on these labels can be utilized to activate Microsoft software program with out a official license, resulting in a bootleg marketplace for standalone COA labels.
“The one licensed technique of downstream distribution for a Home windows OEM COA is affixed to the pc on which the software program was put in or with the whole, sealed OEM package deal together with the COA label and license,” the indictment reads.
“The labels will not be bought on a ‘standalone’ foundation separated from the software program they had been meant to authenticate.”
In all, Richards and her accomplices purchased tens of hundreds of real Home windows 10 and Microsoft Workplace COA labels from a Texas-based firm between July 2018 and January 2023, paying thousands and thousands of {dollars} at costs far under retail worth.
Slightly than promote the labels with the software program they had been meant to accompany (as required by federal regulation), Richards directed staff to extract the product key codes by hand and transcribe them into Excel spreadsheets.
They then bought the extracted Microsoft license keys in bulk to clients worldwide, wiring $5,148,181.50 to the provider between 2018 and 2023.
This case was prosecuted by Assistant U.S. Lawyer Risha Asokan and trial lawyer Jared Hosid of the Laptop Crime and Mental Property Part (CCIPS). During the last 5 years, CCIPS has secured greater than 180 cybercrime convictions and helped victims get well greater than $350 million.
Malware is getting smarter. The Pink Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your safety stack is blinded.
