I don’t contend it is hard, but that it is a cost.
Any cost is a barrier, and based on what you’ve presented I am not convinced this is an attack worth worrying about. Each time I think more about it, I am less convinced.
For example, looking at the other side of this: the payoff to the attackers.
What is the impact? How does this become known, significant? What impact does it have? To have an impact they would need to have something pretty devastating. Taking down a specific file we’ve agreed (I think) is very costly, so you suggested a random file, maybe a few files per year, even month. Is that significant enough for people not only to set this up but to be drawn into helping it and continuing for say a year or more?
Consider this. Most data is uploaded and never accessed again. Another big hit on the potential impact.
I’m not saying this is not an attack, just that you have not elaborated it enough to convince me that it is. You want to believe it is a valid attack - that’s good - but not a reason to mitigate. We need a more solid case if it is to be worthwhile expending effort because there are many potential attacks and we have limited resources to mitigate them.
IMO, if you are to help, your task is to do the groundwork. That means working out in more detail both how this would work and providing analysis - some maths - that shows the full impact of this, and explains why that is going to harm the image or actual usefulness to a significant degree.
I think if the network was to lost one random file per day (whether just due to a bug or an attack) nobody would notice. So you have to explain why even this would be significant, not just how many files (random or specific) could be taken down. You need to become the attacker - at least in your mindset - in order to do this, and to really understand whether they would choose this attack or something else.
You can’t just say, fanatics will do what it takes, so we must defend against this attack. Even if they would do what it takes, they will choose the most effective attack, and I’m really not convinced this can have a significant impact, even if it is feasible. And for that reason I don’t think attackers would bother with this.
As I say, that is based on what you have argued. If you can present a reasoned case that is more thorough, not just handwaving, then I may well be convinced. But so far I’m not.
I’m not trying to discourage you from pursuing this. If you think it is real I hope you will demonstrate it better.