Checkpoint master key can be established by using the 'makekeypair' command. The public key in source code should then be updated and private key kept in a safe place.
Any node can be turned into checkpoint master by setting the 'checkpointkey' configuration parameter with the private key of the checkpoint master key.
What if an attacker (instead of DDoS'ing the masternode) steals the private key? Could he then become a masternode himself and generate fake checkpoints?