You have to buy or steal the PoS coins to stake them?
Their is a cost involved.
Not necessarily. Or not a necessarily large one. Someone could buy up a large amount of the currency when it was worth less than pennies, or even the currency creator could be a threat if a significant amount were distributed to them at the start. This is different from bitcoin because the cost to attack the network is always relative to how popular the network
currently is. There is no early stage adopter threat to the network itself. (Although I have argued in the past that Satoshi is a significant threat to bitcoin economically because he can wipe out the market.)
Also your pretense at how easy it would be is over exaggerated.
I believe the only responses about how easy the attack is is in regards to your example about timestamps. Forging the chain itself is easy, having the signatures to do it is is where the difficulty lies - but there are many obscure factors that can make it easier.
It is a 3rd party verification , but it works and people using PoS or PoW would be naive not to use it.
There are also a number of attacks that do not create multiple chains but create chaos in more insidious ways. A 3rd party can't prove to you that a chain is being censored, for example. I agree that the general essence of the "nothing at stake" argument is pretty weak with improbable scenarios required to effect it, but it is better to be aware than to be blissful.