There's at least two other significant possibilities:
1) There's an attack against RSA which doesn't involve factorization
2) There's an attack against AES / Serpent / Twofish
I'd say the second is considerably more likely, firstly because the one NSA quote we have on it is "cryptanalyze, or break, unfathomably complex encryption systems" - which sounds much more like a new attack like differential cryptanalysis which provides a general purpose attack against complex symmetric crypto ("unfathomly complex" sounds much more like AES than RSA).
In addition we have numerous quotes in recent days about how GCHQ is working on breaking the encryption on the Miranda hard-drive; which we now know to be a truecrypt drive.
Another option could be a practical attack on 128bit RC4.
But I don't think the fact they're still using it means it hasn't been broken. Historically countries have sacrificed countless soldiers because saving them would have revealed that the enemy crypto-system had been broken.
They don't. They use Suite A, which is an eclectic mix of proprietary algorithms. Firefly/Enhanced Firefly for key exchange (PKI), Joeski (allegedly a pair of algorithms for encrypting and decrypting other ciphers or firmware with the interesting property that encryption algorithm cannot be deduced from the decryption algorithm and vice versa), and a bunch of others. They have different algorithms depending on the specific information channel. Permanent data storage uses one (or perhaps a few), communications traffic uses others, and communications are further split depending on channel bandwidth and presumably long-term classification needs of the data.
They have to recommend Suite B to the government and military in cases where NSA validated hardware can't be used. Examples would be military communications with allies, garden variety agencies that can't afford or can't be trusted with Suite A modules.
1) There's an attack against RSA which doesn't involve factorization
2) There's an attack against AES / Serpent / Twofish
I'd say the second is considerably more likely, firstly because the one NSA quote we have on it is "cryptanalyze, or break, unfathomably complex encryption systems" - which sounds much more like a new attack like differential cryptanalysis which provides a general purpose attack against complex symmetric crypto ("unfathomly complex" sounds much more like AES than RSA).
In addition we have numerous quotes in recent days about how GCHQ is working on breaking the encryption on the Miranda hard-drive; which we now know to be a truecrypt drive.