It's important to understand what this attack is, and what it is not. It is effective at deanonymizing random hidden services among a large collection of hidden services (like the 40K that exist on the Tor network). It is not effective at deanonymiznig a specific hidden service. The attack works because the attacker can trawl for many HS descriptors in a short amount of time, and at relatively little cost. That's what most of the paper is about. But it relies on the fact that some hidden services randomly chose the attacker's node for their entry guard. That's why in the paper they deanonymized two hidden services controlled by them, which they configured to use their entry guard on purpose, and some bots in a botnet, because there are probably tens of thousands of these bots running as hidden services, so the chances were high that some of them chose the researchers' entry guard. They didn't deanonymize SR or other specific, high value hidden services, nor could LE trivially do that with this attack, because the chances of those few hidden services randomly choosing LE's entry guard are extremely small. In fact, they could be running their own anonymously purchased, private entry guards, thus making the attack impossible.