With a hard fork, you change the code the miners are using so that blocks on the opposing fork are considered invalid. In a 51% attack, the malicious actor creates new blocks that look equally valid. The two lineages aren't labelled ETC and NewETC. How does a new entrant (or anyone who wasn't connected for the few hours it took to launch the attack) distinguish between the chains?