Looked you in the eyes, measured his words, and then turned out to be completely full of shit. A 2013 GPG user is creating AES256-CFB ciphertexts with session keys delivered over 2048 bit RSA and DSA signatures.
These are far from the sturdiest constructions we have in cryptography; a conservative design today wouldn't be using RSA or DSA at all. But they're proven and used all over the place, including on government traffic no reasonable person could believe the USG would accept a mass compromise of.
If you believe that anyone at the UN can decrypt PGP and would have under any circumstances ever shared that with you, I have some dead aliens from Roswell to sell you.
It may be that he was confused. Very early versions of PGP, from when Zimmerman was apparently just learning what cryptography was, used a cipher of his own design that turned out to be broken.
Being 2 hops from a lot of people with active clearances, I'll add that this is a very popular bit of gossip. The last one I heard was Blowfish; "don't use Blowfish!" "Why would I? It's super old?" "Never mind that. My friend just got out of NSA and said they could trivially break Blowfish. Something about the sboxes."
A credible claim you might make right now: with some degree of effort (ie, not in real time), it might be possible to break large-ish RSA keys.
